portal Active directory attributes mapping

Former Member · ‎07-24-2008

Hi All.

I am trying to map additional fields from the Active Directory to fields located within the Portal User Administration area.

I added the new fields within the XML file dataSourceConfiguration_ads_readonly_db.xml, and then uploaded this file using the config tool.I then configured SAP Portal to use the newly uploaded XML file. I then restarted the SAP Server.

Here is how I added new fields Zip and City to the XML file:

<?xml version="1.0" encoding="UTF-8"?>
<!-- $Id: //shared_tc/com.sapall.security/630_SP_COR/src/_deploy/dist/configuration/shared/dataSourceConfiguration_ads_readonly_db.xml#6 $ from $DateTime: 2004/08/20 09:55:24 $ ($Change: 17140 $) -->
<dataSources>
    <dataSource id="PRIVATE_DATASOURCE"
                className="com.sap.security.core.persistence.datasource.imp.DataBasePersistence"
                isReadonly="false"
                isPrimary="true">

        <homeFor>
            <principals>
            	<principal type="group"/>
            	<principal type="user"/>
            	<principal type="account"/>
                <principal type="team"/>
                <principal type="ROOT" />
                <principal type="OOOO" />
            </principals>
        </homeFor>
        <notHomeFor/>

        <responsibleFor>
            <principals>
            	<principal type="group"/>
            	<principal type="user"/>
            	<principal type="account"/>
                <principal type="team"/>
                <principal type="ROOT" />
                <principal type="OOOO" />
            </principals>
        </responsibleFor>

        <privateSection>
        </privateSection>
    </dataSource>

    <dataSource id="CORP_LDAP"
		className="com.sap.security.core.persistence.datasource.imp.LDAPPersistence"
		isReadonly="true"
		isPrimary="true">

		<homeFor/>
		<responsibleFor>
			<principal type="account">
				<nameSpace name="com.sap.security.core.usermanagement">
					<attribute name="j_user"/>
					<attribute name="logonalias"/>
					<attribute name="j_password"/>
					<attribute name="userid"/>
				</nameSpace>
    			<nameSpace name="com.sap.security.core.authentication">
    				<attribute name="principal"/>
    				<attribute name="realm"/>
    				<attribute name="domain"/>
    			</nameSpace>
			</principal>
			<principal type="user">
				<nameSpace name="com.sap.security.core.usermanagement">
					<attribute name="firstname" populateInitially="true"/>
					<attribute name="displayname" populateInitially="true"/>
					<attribute name="lastname" populateInitially="true"/>
					<attribute name="fax"/>
					<attribute name="email"/>
					<attribute name="title"/>
					<attribute name="department"/>
					<attribute name="description"/>
					<attribute name="mobile"/>
					<attribute name="telephone"/>
					<attribute name="streetaddress"/>
					<attribute name="uniquename" populateInitially="true"/>
                                        <attribute name="Zip"/>
                                        <attribute name="City"/>
				</nameSpace>
				<nameSpace name="com.sap.security.core.usermanagement.relation">
					<attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE"/>
				</nameSpace>
				<nameSpace name="$usermapping$">
					<attribute name="REFERENCE_SYSTEM_USER"/>
				</nameSpace>
			</principal>
			<principal type="group">
				<nameSpace name="com.sap.security.core.usermanagement">
					<attribute name="displayname" populateInitially="true"/>
					<attribute name="description" populateInitially="true"/>
					<attribute name="uniquename"/>
				</nameSpace>
				<nameSpace name="com.sap.security.core.usermanagement.relation">
					<attribute name="PRINCIPAL_RELATION_MEMBER_ATTRIBUTE"/>
					<attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE"/>
				</nameSpace>
				<nameSpace name="com.sap.security.core.bridge">
					<attribute name="dn"/>
				</nameSpace>
			</principal>
		</responsibleFor>

		<attributeMapping>
			<principal type="account">
				<nameSpace name="com.sap.security.core.usermanagement">
					<attribute name="j_user">
						<physicalAttribute name="samaccountname"/>
					</attribute>
					<attribute name="logonalias">
						<physicalAttribute name="samaccountname"/>
					</attribute>
					<attribute name="j_password">
						<physicalAttribute name="unicodepwd"/>
					</attribute>
					<attribute name="userid">
						<physicalAttribute name="*null*"/>
					</attribute>
				</nameSpace>
    			<nameSpace name="com.sap.security.core.authentication">
    				<attribute name="principal">
    					<physicalAttribute name="samaccountname"/>
    				</attribute>
    				<attribute name="realm">
    					<physicalAttribute name="*null*"/>
    				</attribute>
    				<attribute name="domain">
    					<physicalAttribute name="*null*"/>
    				</attribute>
    			</nameSpace>				
			</principal>
			<principal type="user">
				<nameSpace name="com.sap.security.core.usermanagement">
					<attribute name="firstname">
						<physicalAttribute name="givenname"/>
					</attribute>
					<attribute name="displayname">
						<physicalAttribute name="displayname"/>
					</attribute>
					<attribute name="lastname">
						<physicalAttribute name="sn"/>
					</attribute>
					<attribute name="fax">
						<physicalAttribute name="facsimiletelephonenumber"/>
					</attribute>
					<attribute name="uniquename">
						<physicalAttribute name="samaccountname"/>
					</attribute>
					<attribute name="loginid">
						<physicalAttribute name="*null*"/>
					</attribute>
					<attribute name="email">
						<physicalAttribute name="mail"/>
					</attribute>
					<attribute name="mobile">
						<physicalAttribute name="mobile"/>
					</attribute>
					<attribute name="telephone">
						<physicalAttribute name="telephonenumber"/>
					</attribute>
					<attribute name="department">
						<physicalAttribute name="ou"/>
					</attribute>
					<attribute name="description">
						<physicalAttribute name="description"/>
					</attribute>
					<attribute name="streetaddress">
						<physicalAttribute name="postalAddress"/>
					</attribute>
					<attribute name="pobox">
						<physicalAttribute name="postofficebox"/>
					</attribute>
					        <attribute name="Zip">
					        <physicalAttribute name="postalCode"/>
					</attribute>
                                        <attribute name="City">
						<physicalAttribute name="l"/>

				</nameSpace>
				<nameSpace name="com.sap.security.core.usermanagement.relation">
					<attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE">
						<physicalAttribute name="memberof"/>
					</attribute>
				</nameSpace>
				<nameSpace name="$usermapping$">
					<attribute name="REFERENCE_SYSTEM_USER">
						<physicalAttribute name="sapusername"/>
					</attribute>
				</nameSpace>
			</principal>
			<principal type="group">
				<nameSpace name="com.sap.security.core.usermanagement">
					<attribute name="displayname">
						<physicalAttribute name="displayname"/>
					</attribute>
					<attribute name="description">
						<physicalAttribute name="description"/>
					</attribute>
					<attribute name="uniquename" populateInitially="true">
						<physicalAttribute name="cn"/>
					</attribute>
				</nameSpace>
				<nameSpace name="com.sap.security.core.usermanagement.relation">
					<attribute name="PRINCIPAL_RELATION_MEMBER_ATTRIBUTE">
						<physicalAttribute name="member"/>
					</attribute>
					<attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE">
						<physicalAttribute name="memberof"/>
					</attribute>
				</nameSpace>
				<nameSpace name="com.sap.security.core.bridge">
    				<attribute name="dn">
						<physicalAttribute name="*null*"/>
					</attribute>
				</nameSpace>
			</principal>
		</attributeMapping>
        <privateSection>
			<ume.ldap.access.server_type>MSADS</ume.ldap.access.server_type>
			<ume.ldap.access.context_factory>com.sun.jndi.ldap.LdapCtxFactory</ume.ldap.access.context_factory>
			<ume.ldap.access.authentication>simple</ume.ldap.access.authentication>
			<ume.ldap.access.flat_group_hierachy>true</ume.ldap.access.flat_group_hierachy>
			<ume.ldap.access.user_as_account>true</ume.ldap.access.user_as_account>
			<ume.ldap.access.dynamic_groups>false</ume.ldap.access.dynamic_groups>
			<ume.ldap.access.ssl_socket_factory>com.sap.security.core.server.https.SecureConnectionFactory</ume.ldap.access.ssl_socket_factory>
			<ume.ldap.access.objectclass.user>User</ume.ldap.access.objectclass.user>
			<ume.ldap.access.objectclass.uacc>User</ume.ldap.access.objectclass.uacc>
			<ume.ldap.access.objectclass.grup>Group</ume.ldap.access.objectclass.grup>
			<ume.ldap.access.naming_attribute.user>cn</ume.ldap.access.naming_attribute.user>
			<ume.ldap.access.auxiliary_naming_attribute.user>samaccountname</ume.ldap.access.auxiliary_naming_attribute.user>
			<ume.ldap.access.naming_attribute.uacc>cn</ume.ldap.access.naming_attribute.uacc>
			<ume.ldap.access.auxiliary_naming_attribute.uacc>samaccountname</ume.ldap.access.auxiliary_naming_attribute.uacc>
			<ume.ldap.access.naming_attribute.grup>cn</ume.ldap.access.naming_attribute.grup>
		</privateSection>
	</dataSource>
</dataSources>

I am not able to see the values for Zip and City inside the User Administration section of the Portal.

Please advise,

Thanks in advance

Hakim · ‎05-04-2022

Hi,
using lower case letters did the trick:

<attribute name="zip"><physicalAttribute name="postalCode"/></attribute>
<attribute name="city"><physicalAttribute name="l"/></attribute>

Former Member · ‎07-24-2008

Hi,

Apart from doing the XML file configuration, you would need to add the custom attributes to the UME.

Kindly read the following link for the same:

http://help.sap.com/saphelp_nw70/helpdata/EN/44/0316d50bbe025ce10000000a1553f7/frameset.htm

Thanks,

GLM

portal Active directory attributes mapping

Accepted Solutions (0)

Answers (2)

Answers (2)

Object store secret mys-object-store-secret not fo...

Mass processing direct activation steps

Re: SAP Build Apps - How to do Data Refresh for Ma...

Re: How to show custom Data in a Fiori App (RAP)

Re: CF Deployment Error: Error getting tenant t0