Skip to Content
0
Former Member
Jan 16, 2008 at 05:01 PM

Multiple LDAP Issue

251 Views

Folks,

We are try to integrate two LDAPs 1) Microsoft ADS LDAP and 2) Microsoft ADAM .

The problem is I am not getting loginid info in identity management for ADAM Ldap . I am able to create the users but I am not able to login to the portal using created users . Wheneever I access the info for created users I get data inconsestence error in Identity management and the login ID field is empty . I am attaching the XML ..

*<?xml version="1.0" encoding="UTF-8"?>*

* *

*<!-- $Id:*

//shared_tc/com.sapall.security/630_SP_COR/src/_deploy/dist/configuration/shared/dataSourceConfiguration_ads_writeable_db.xml

#6 $ from $DateTime: 2004/08/20 09:55:24 $ ($Change: 17140 $) -->

<dataSources>

* <dataSource id="PRIVATE_DATASOURCE" className="com.sap.security.core.persistence.datasource.imp.DataBasePersistence"*

isReadonly="false" isPrimary="true">

* <homeFor>*

* <principal type="account">*

* <nameSpace name="$serviceUser$">*

* <attribute name="SERVICEUSER_ATTRIBUTE">*

* <values>*

* <value>IS_SERVICEUSER</value>*

* </values>*

* </attribute>*

* </nameSpace>*

* </principal>*

* <principal type="user">*

* <nameSpace name="$serviceUser$">*

* <attribute name="SERVICEUSER_ATTRIBUTE">*

* <values>*

* <value>IS_SERVICEUSER</value>*

* </values>*

* </attribute>*

* </nameSpace>*

* </principal>*

* <principal type="team"/>*

* <principal type="ROOT"/>*

* <principal type="OOOO"/>*

* </homeFor>*

* <notHomeFor/>*

* <responsibleFor>*

* <principal type="group"/>*

* <principal type="user"/>*

* <principal type="account"/>*

* <principal type="team"/>*

* <principal type="ROOT"/>*

* <principal type="OOOO"/>*

* </responsibleFor>*

* <notResponsibleFor/>*

* <attributeMapping/>*

* <privateSection/>*

* </dataSource>*

* <dataSource id="ADAM_LDAP" className="com.sap.security.core.persistence.datasource.imp.LDAPPersistence"*

isReadonly="false" isPrimary="true">

* <homeFor>*

* <principal type="account"/>*

* <principal type="user"/>*

* <principal type="group"/>*

* </homeFor>*

* <notHomeFor>*

* <principal type="user">*

* <nameSpace name="$serviceUser$">*

* <attribute name="SERVICEUSER_ATTRIBUTE">*

* <values>*

* <value>IS_SERVICEUSER</value>*

* </values>*

* </attribute>*

* </nameSpace>*

* </principal>*

* <principal type="account">*

* <nameSpace name="$serviceUser$">*

* <attribute name="SERVICEUSER_ATTRIBUTE">*

* <values>*

* <value>IS_SERVICEUSER</value>*

* </values>*

* </attribute>*

* </nameSpace>*

* </principal>*

* </notHomeFor>*

* <responsibleFor>*

* <principal type="account">*

* <nameSpace name="com.sap.security.core.usermanagement">*

* <attribute name="j_user"/>*

* <attribute name="logonalias"/>*

* <attribute name="j_password"/>*

* <attribute name="userid"/>*

* </nameSpace>*

* </principal>*

* <principal type="user">*

* <nameSpace name="com.sap.security.core.usermanagement">*

* <attribute name="firstname" populateInitially="true"/>*

* <attribute name="displayname" populateInitially="true"/>*

* <attribute name="lastname" populateInitially="true"/>*

* <attribute name="fax"/>*

* <attribute name="email"/>*

* <attribute name="title"/>*

* <attribute name="department"/>*

* <attribute name="description"/>*

* <attribute name="mobile"/>*

* <attribute name="telephone"/>*

* <attribute name="streetaddress"/>*

* <attribute name="uniquename" populateInitially="true"/>*

* </nameSpace>*

* <nameSpace name="com.sap.security.core.usermanagement.relation">*

* <attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE"/>*

* </nameSpace>*

* <nameSpace name="$usermapping$">*

* <attribute name="REFERENCE_SYSTEM_USER"/>*

* </nameSpace>*

* </principal>*

* <principal type="group">*

* <nameSpace name="com.sap.security.core.usermanagement">*

* <attribute name="displayname" populateInitially="true"/>*

* <attribute name="description" populateInitially="true"/>*

* <attribute name="uniquename"/>*

* </nameSpace>*

* <nameSpace name="com.sap.security.core.usermanagement.relation">*

* <attribute name="PRINCIPAL_RELATION_MEMBER_ATTRIBUTE"/>*

* <attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE"/>*

* </nameSpace>*

* <nameSpace name="com.sap.security.core.bridge">*

* <attribute name="dn"/>*

* </nameSpace>*

* </principal>*

* </responsibleFor>*

* <attributeMapping>*

<principal type="account">

<nameSpace name="com.sap.security.core.usermanagement">

<attribute name="j_user">

<physicalAttribute name="uid" />

</attribute>

<attribute name="logonalias">

<physicalAttribute name="uid" />

</attribute>

<attribute name="j_password">

<physicalAttribute name="unicodepwd" />

</attribute>

<attribute name="userid">

<physicalAttribute name="null" />

</attribute>

</nameSpace>

</principal>

<principal type="user">

<nameSpace name="com.sap.security.core.usermanagement">

<attribute name="firstname">

<physicalAttribute name="givenname" />

</attribute>

<attribute name="displayname">

<physicalAttribute name="displayname" />

</attribute>

<attribute name="lastname">

<physicalAttribute name="sn" />

</attribute>

<attribute name="fax">

<physicalAttribute name="facsimiletelephonenumber" />

</attribute>

<attribute name="uniquename">

<physicalAttribute name="uid" />

</attribute>

<attribute name="loginid">

<physicalAttribute name="null" />

</attribute>

<attribute name="email">

<physicalAttribute name="mail" />

</attribute>

<attribute name="mobile">

<physicalAttribute name="mobile" />

</attribute>

<attribute name="telephone">

<physicalAttribute name="telephonenumber" />

</attribute>

<attribute name="department">

<physicalAttribute name="ou" />

</attribute>

<attribute name="description">

<physicalAttribute name="description" />

</attribute>

<attribute name="streetaddress">

<physicalAttribute name="postaladdress" />

</attribute>

<attribute name="pobox">

<physicalAttribute name="postofficebox" />

</attribute>

</nameSpace>

<nameSpace name="com.sap.security.core.usermanagement.relation">

<attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE">

<physicalAttribute name="memberof" />

</attribute>

</nameSpace>

<nameSpace name="$usermapping$">

<attribute name="REFERENCE_SYSTEM_USER">

<physicalAttribute name="sapusername" />

</attribute>

</nameSpace>

</principal>

<principal type="group">

<nameSpace name="com.sap.security.core.usermanagement">

<attribute name="displayname">

<physicalAttribute name="displayname" />

</attribute>

<attribute name="description">

<physicalAttribute name="description" />

</attribute>

<attribute name="uniquename" populateInitially="true">

<physicalAttribute name="cn" />

</attribute>

</nameSpace>

<nameSpace name="com.sap.security.core.usermanagement.relation">

<attribute name="PRINCIPAL_RELATION_MEMBER_ATTRIBUTE">

<physicalAttribute name="member" />

</attribute>

<attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE">

<physicalAttribute name="memberof" />

</attribute>

</nameSpace>

<nameSpace name="com.sap.security.core.bridge">

<attribute name="dn">

<physicalAttribute name="null" />

</attribute>

</nameSpace>

</principal>

</attributeMapping>

<privateSection>

* <ume.ldap.access.server_type>MSADS</ume.ldap.access.server_type>*

* <ume.ldap.access.context_factory>com.sun.jndi.ldap.LdapCtxFactory</ume.ldap.access.context_factory>*

* <ume.ldap.access.authentication>simple</ume.ldap.access.authentication>*

* <ume.ldap.access.flat_group_hierachy>true</ume.ldap.access.flat_group_hierachy>*

* <ume.ldap.access.user_as_account>true</ume.ldap.access.user_as_account>*

* <ume.ldap.access.dynamic_groups>false</ume.ldap.access.dynamic_groups>*

* *

<ume.ldap.access.ssl_socket_factory>com.sap.security.core.server.https.SecureConnectionFactory</ume.ldap.access.ssl_socket_fa

ctory>

* <ume.ldap.access.objectclass.user>User</ume.ldap.access.objectclass.user>*

* <ume.ldap.access.objectclass.uacc>User</ume.ldap.access.objectclass.uacc>*

* <ume.ldap.access.objectclass.grup>Group</ume.ldap.access.objectclass.grup>*

* <ume.ldap.access.naming_attribute.user>cn</ume.ldap.access.naming_attribute.user>*

* <ume.ldap.access.naming_attribute.uacc>cn</ume.ldap.access.naming_attribute.uacc>*

* <ume.ldap.access.naming_attribute.grup>cn</ume.ldap.access.naming_attribute.grup>*

* <ume.ldap.access.server_name>XXXXXXX</ume.ldap.access.server_name>*

* <ume.ldap.access.server_port>389</ume.ldap.access.server_port>*

* <ume.ldap.access.ssl>false</ume.ldap.access.ssl>*

* <ume.ldap.access.user>XXXXX</ume.ldap.access.user>*

* <ume.ldap.access.password>$ume.ldap.access.additional_password.2</ume.ldap.access.password>*

* <ume.ldap.access.base_path.user>XXXXXXX</ume.ldap.access.base_path.user>*

* <ume.ldap.access.base_path.grup>XXXXXXX</ume.ldap.access.base_path.grup>*

* </privateSection>*

* </dataSource>*

* <dataSource id="CORP_LDAP" className="com.sap.security.core.persistence.datasource.imp.LDAPPersistence"*

isReadonly="true" isPrimary="true">

* <homeFor/>*

* <responsibleFor>*

* <principal type="account">*

* <nameSpace name="com.sap.security.core.usermanagement">*

* <attribute name="j_user"/>*

* <attribute name="logonalias"/>*

* <attribute name="j_password"/>*

* <attribute name="userid"/>*

* </nameSpace>*

* <nameSpace name="com.sap.security.core.authentication">*

* <attribute name="principal"/>*

* <attribute name="realm"/>*

* <attribute name="domain"/>*

* </nameSpace>*

* </principal>*

* <principal type="user">*

* <nameSpace name="com.sap.security.core.usermanagement">*

* <attribute name="firstname" populateInitially="true"/>*

* <attribute name="displayname" populateInitially="true"/>*

* <attribute name="lastname" populateInitially="true"/>*

* <attribute name="fax"/>*

* <attribute name="email"/>*

* <attribute name="title"/>*

* <attribute name="department"/>*

* <attribute name="description"/>*

* <attribute name="mobile"/>*

* <attribute name="telephone"/>*

* <attribute name="streetaddress"/>*

* <attribute name="uniquename" populateInitially="true"/>*

* </nameSpace>*

* <nameSpace name="com.sap.security.core.usermanagement.relation">*

* <attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE"/>*

* </nameSpace>*

* <nameSpace name="$usermapping$">*

* <attribute name="REFERENCE_SYSTEM_USER"/>*

* </nameSpace>*

* </principal>*

* <principal type="group">*

* <nameSpace name="com.sap.security.core.usermanagement">*

* <attribute name="displayname" populateInitially="true"/>*

* <attribute name="description" populateInitially="true"/>*

* <attribute name="uniquename"/>*

* </nameSpace>*

* <nameSpace name="com.sap.security.core.usermanagement.relation">*

* <attribute name="PRINCIPAL_RELATION_MEMBER_ATTRIBUTE"/>*

* <attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE"/>*

* </nameSpace>*

* <nameSpace name="com.sap.security.core.bridge">*

* <attribute name="dn"/>*

* </nameSpace>*

* </principal>*

* </responsibleFor>*

* <attributeMapping>*

* <principal type="account">*

* <nameSpace name="com.sap.security.core.usermanagement">*

* <attribute name="j_user">*

* <physicalAttribute name="samaccountname"/>*

* </attribute>*

* <attribute name="logonalias">*

* <physicalAttribute name="samaccountname"/>*

* </attribute>*

* <attribute name="j_password">*

* <physicalAttribute name="unicodepwd"/>*

* </attribute>*

* <attribute name="userid">*

* <physicalAttribute name="null"/>*

* </attribute>*

* </nameSpace>*

* <nameSpace name="com.sap.security.core.authentication">*

* <attribute name="principal">*

* <physicalAttribute name="samaccountname"/>*

* </attribute>*

* <attribute name="realm">*

* <physicalAttribute name="null"/>*

* </attribute>*

* <attribute name="domain">*

* <physicalAttribute name="null"/>*

* </attribute>*

* </nameSpace>*

* </principal>*

* <principal type="user">*

* <nameSpace name="com.sap.security.core.usermanagement">*

* <attribute name="firstname">*

* <physicalAttribute name="givenname"/>*

* </attribute>*

* <attribute name="displayname">*

* <physicalAttribute name="displayname"/>*

* </attribute>*

* <attribute name="lastname">*

* <physicalAttribute name="sn"/>*

* </attribute>*

* <attribute name="fax">*

* <physicalAttribute name="facsimiletelephonenumber"/>*

* </attribute>*

* <attribute name="uniquename">*

* <physicalAttribute name="samaccountname"/>*

* </attribute>*

* <attribute name="loginid">*

* <physicalAttribute name="null"/>*

* </attribute>*

* <attribute name="email">*

* <physicalAttribute name="mail"/>*

* </attribute>*

* <attribute name="mobile">*

* <physicalAttribute name="mobile"/>*

* </attribute>*

* <attribute name="telephone">*

* <physicalAttribute name="telephonenumber"/>*

* </attribute>*

* <attribute name="department">*

* <physicalAttribute name="ou"/>*

* </attribute>*

* <attribute name="description">*

* <physicalAttribute name="description"/>*

* </attribute>*

* <attribute name="streetaddress">*

* <physicalAttribute name="postaladdress"/>*

* </attribute>*

* <attribute name="pobox">*

* <physicalAttribute name="postofficebox"/>*

* </attribute>*

* </nameSpace>*

* <nameSpace name="com.sap.security.core.usermanagement.relation">*

* <attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE">*

* <physicalAttribute name="memberof"/>*

* </attribute>*

* </nameSpace>*

* <nameSpace name="$usermapping$">*

* <attribute name="REFERENCE_SYSTEM_USER">*

* <physicalAttribute name="sapusername"/>*

* </attribute>*

* </nameSpace>*

* </principal>*

* <principal type="group">*

* <nameSpace name="com.sap.security.core.usermanagement">*

* <attribute name="displayname">*

* <physicalAttribute name="displayname"/>*

* </attribute>*

* <attribute name="description">*

* <physicalAttribute name="description"/>*

* </attribute>*

* <attribute name="uniquename" populateInitially="true">*

* <physicalAttribute name="cn"/>*

* </attribute>*

* </nameSpace>*

* <nameSpace name="com.sap.security.core.usermanagement.relation">*

* <attribute name="PRINCIPAL_RELATION_MEMBER_ATTRIBUTE">*

* <physicalAttribute name="member"/>*

* </attribute>*

* <attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE">*

* <physicalAttribute name="memberof"/>*

* </attribute>*

* </nameSpace>*

* <nameSpace name="com.sap.security.core.bridge">*

* <attribute name="dn">*

* <physicalAttribute name="null"/>*

* </attribute>*

* </nameSpace>*

* </principal>*

* </attributeMapping>*

* <privateSection>*

* <ume.ldap.access.server_type>MSADS</ume.ldap.access.server_type>*

* <ume.ldap.access.context_factory>com.sun.jndi.ldap.LdapCtxFactory</ume.ldap.access.context_factory>*

* <ume.ldap.access.authentication>simple</ume.ldap.access.authentication>*

* <ume.ldap.access.flat_group_hierachy>true</ume.ldap.access.flat_group_hierachy>*

* <ume.ldap.access.user_as_account>true</ume.ldap.access.user_as_account>*

* <ume.ldap.access.dynamic_groups>false</ume.ldap.access.dynamic_groups>*

* *

<ume.ldap.access.ssl_socket_factory>com.sap.security.core.server.https.SecureConnectionFactory</ume.ldap.access.ssl_socket_fa

ctory>

* <ume.ldap.access.objectclass.user>User</ume.ldap.access.objectclass.user>*

* <ume.ldap.access.objectclass.uacc>User</ume.ldap.access.objectclass.uacc>*

* <ume.ldap.access.objectclass.grup>Group</ume.ldap.access.objectclass.grup>*

* <ume.ldap.access.naming_attribute.user>cn</ume.ldap.access.naming_attribute.user>*

* *

<ume.ldap.access.auxiliary_naming_attribute.user>samaccountname</ume.ldap.access.auxiliary_naming_attribute.user>

* <ume.ldap.access.naming_attribute.uacc>cn</ume.ldap.access.naming_attribute.uacc>*

* *

<ume.ldap.access.auxiliary_naming_attribute.uacc>samaccountname</ume.ldap.access.auxiliary_naming_attribute.uacc>

* <ume.ldap.access.naming_attribute.grup>cn</ume.ldap.access.naming_attribute.grup>*

* <ume.ldap.access.server_name>XXXXX</ume.ldap.access.server_name>*

* <ume.ldap.access.server_port>389</ume.ldap.access.server_port>*

* <ume.ldap.access.ssl>false</ume.ldap.access.ssl>*

* <ume.ldap.access.user>XXX</ume.ldap.access.user>*

* <ume.ldap.access.password>$ume.ldap.access.additional_password.1</ume.ldap.access.password>*

* <ume.ldap.access.base_path.user>XXXXXXX</ume.ldap.access.base_path.user>*

* <ume.ldap.access.base_path.grup>XXXXXXXX</ume.ldap.access.base_path.grup>*

* </privateSection>*

* </dataSource>*

</dataSources>