Skip to Content
0
Former Member
Aug 30, 2008 at 01:41 PM

Configure UME to use multiple ADS data sources

83 Views

hi,

Problem area ::

We are having enterprise portal 700 SP14 with single domain Microsoft ADS as ldap configured currently to portal UME now we have a requirement to configure 2 to 3 domains as UME for the same portal(ALL are microSoft ADS)

i have gathered all the inputs also the DNS entries are made in each domain but now i need to configure

portal UME(datasource file IN configtool) to connect to both this LDAPs followed by SPnego SSO.

However when i edit this file using XML editor & do the settings as per the below links

http://help.sap.com/saphelp_nw2004s/helpdata/en/4e/4d0d40c04af72ee10000000a1550b0/frameset.htm

i get the following error in LDAP when i upload this xml file followed by connection test

LDAP error code 1 DSID-0C090627

please let me know the exct process or the settings made by me in XML file are correct

i have attached a copy of the datasource(multi ads) xml file for reference

***********************************************************************************************************************

<?xml version="1.0" encoding="UTF-8"?>

<!-- $Id: //shared_tc/com.sapall.security/630_SP_COR/src/_deploy/dist/configuration/shared/dataSourceConfiguration_ads_readonly_db.xml#6 $ from $DateTime: 2004/08/20 09:55:24 $ ($Change: 17140 $) -->

<!DOCTYPE dataSources SYSTEM "dataSourceConfiguration.dtd">

<dataSources>

<dataSource id="PRIVATE_DATASOURCE" className="com.sap.security.core.persistence.datasource.imp.DataBasePersistence" isReadonly="false" isPrimary="true">

<homeFor>

<principals>

<principal type="group"/>

<principal type="user"/>

<principal type="account"/>

<principal type="team"/>

<principal type="ROOT"/>

<principal type="OOOO"/>

</principals>

</homeFor>

<notHomeFor/>

<responsibleFor>

<principals>

<principal type="group"/>

<principal type="user"/>

<principal type="account"/>

<principal type="team"/>

<principal type="ROOT"/>

<principal type="OOOO"/>

</principals>

</responsibleFor>

<privateSection/>

</dataSource>

<dataSource id="CORP_LDAP1_MRL" className="com.sap.security.core.persistence.datasource.imp.LDAPPersistence" isReadonly="true" isPrimary="true">

<homeFor/>

<responsibleFor>

<principal type="account">

<nameSpace name="com.sap.security.core.usermanagement">

<attributes>

<attribute name="j_user"/>

<attribute name="logonalias"/>

<attribute name="j_password"/>

<attribute name="userid"/>

</attributes>

</nameSpace>

</principal>

<principal type="user">

<nameSpaces>

<nameSpace name="com.sap.security.core.usermanagement">

<attributes>

<attribute name="firstname" populateInitially="true"/>

<attribute name="displayname" populateInitially="true"/>

<attribute name="lastname" populateInitially="true"/>

<attribute name="fax"/>

<attribute name="email"/>

<attribute name="title"/>

<attribute name="department"/>

<attribute name="description"/>

<attribute name="mobile"/>

<attribute name="telephone"/>

<attribute name="streetaddress"/>

<attribute name="uniquename" populateInitially="true"/>

<attribute name="kpnprefix"/>

<attribute name="krb5principalname"/>

<attribute name="dn"/>

</attributes>

</nameSpace>

<nameSpace name="com.sap.security.core.usermanagement.relation">

<attributes>

<attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE"/>

</attributes>

</nameSpace>

<nameSpace name="$usermapping$">

<attributes>

<attribute name="REFERENCE_SYSTEM_USER"/>

</attributes>

</nameSpace>

</nameSpaces>

</principal>

<principal type="group">

<nameSpaces>

<nameSpace name="com.sap.security.core.usermanagement">

<attributes>

<attribute name="displayname" populateInitially="true"/>

<attribute name="description" populateInitially="true"/>

<attribute name="uniquename"/>

</attributes>

</nameSpace>

<nameSpace name="com.sap.security.core.usermanagement.relation">

<attributes>

<attribute name="PRINCIPAL_RELATION_MEMBER_ATTRIBUTE"/>

<attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE"/>

</attributes>

</nameSpace>

<nameSpace name="com.sap.security.core.bridge">

<attributes>

<attribute name="dn"/>

</attributes>

</nameSpace>

</nameSpaces>

</principal>

</responsibleFor>

<attributeMapping>

<principals>

<principal type="account">

<nameSpaces>

<nameSpace name="com.sap.security.core.usermanagement">

<attributes>

<attribute name="j_user">

<physicalAttribute name="samaccountname"/>

</attribute>

<attribute name="logonalias">

<physicalAttribute name="samaccountname"/>

</attribute>

<attribute name="j_password">

<physicalAttribute name="unicodepwd"/>

</attribute>

<attribute name="userid">

<physicalAttribute name="null"/>

</attribute>

</attributes>

</nameSpace>

</nameSpaces>

</principal>

<principal type="user">

<nameSpaces>

<nameSpace name="com.sap.security.core.usermanagement">

<attributes>

<attribute name="firstname">

<physicalAttribute name="givenname"/>

</attribute>

<attribute name="displayname">

<physicalAttribute name="displayname"/>

</attribute>

<attribute name="lastname">

<physicalAttribute name="sn"/>

</attribute>

<attribute name="fax">

<physicalAttribute name="facsimiletelephonenumber"/>

</attribute>

<attribute name="uniquename">

<physicalAttribute name="samaccountname"/>

</attribute>

<attribute name="loginid">

<physicalAttribute name="null"/>

</attribute>

<attribute name="email">

<physicalAttribute name="mail"/>

</attribute>

<attribute name="mobile">

<physicalAttribute name="mobile"/>

</attribute>

<attribute name="telephone">

<physicalAttribute name="telephonenumber"/>

</attribute>

<attribute name="department">

<physicalAttribute name="ou"/>

</attribute>

<attribute name="description">

<physicalAttribute name="description"/>

</attribute>

<attribute name="streetaddress">

<physicalAttribute name="postaladdress"/>

</attribute>

<attribute name="pobox">

<physicalAttribute name="postofficebox"/>

</attribute>

<attribute name="kpnprefix">

<physicalAttribute name="samaccountname"/>

</attribute>

<attribute name="krb5principalname">

<physicalAttribute name="userprincipalname"/>

</attribute>

<attribute name="dn">

<physicalAttribute name="distinguishedname"/>

</attribute>

</attributes>

</nameSpace>

<nameSpace name="com.sap.security.core.usermanagement.relation">

<attributes>

<attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE">

<physicalAttribute name="memberof"/>

</attribute>

</attributes>

</nameSpace>

<nameSpace name="$usermapping$">

<attributes>

<attribute name="REFERENCE_SYSTEM_USER">

<physicalAttribute name="sapusername"/>

</attribute>

</attributes>

</nameSpace>

</nameSpaces>

</principal>

<principal type="group">

<nameSpaces>

<nameSpace name="com.sap.security.core.usermanagement">

<attributes>

<attribute name="displayname">

<physicalAttribute name="displayname"/>

</attribute>

<attribute name="description">

<physicalAttribute name="description"/>

</attribute>

<attribute name="uniquename" populateInitially="true">

<physicalAttribute name="cn"/>

</attribute>

</attributes>

</nameSpace>

<nameSpace name="com.sap.security.core.usermanagement.relation">

<attributes>

<attribute name="PRINCIPAL_RELATION_MEMBER_ATTRIBUTE">

<physicalAttribute name="member"/>

</attribute>

<attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE">

<physicalAttribute name="memberof"/>

</attribute>

</attributes>

</nameSpace>

<nameSpace name="com.sap.security.core.bridge">

<attributes>

<attribute name="dn">

<physicalAttribute name="null"/>

</attribute>

</attributes>

</nameSpace>

</nameSpaces>

</principal>

</principals>

</attributeMapping>

<privateSection>

<ume.ldap.access.server_type>MSADS</ume.ldap.access.server_type>

<ume.ldap.access.context_factory>com.sun.jndi.ldap.LdapCtxFactory</ume.ldap.access.context_factory>

<ume.ldap.access.authentication>simple</ume.ldap.access.authentication>

<ume.ldap.access.flat_group_hierachy>true</ume.ldap.access.flat_group_hierachy>

<ume.ldap.access.user_as_account>true</ume.ldap.access.user_as_account>

<ume.ldap.access.dynamic_groups>false</ume.ldap.access.dynamic_groups>

<ume.ldap.access.ssl_socket_factory>com.sap.security.core.server.https.SecureConnectionFactory</ume.ldap.access.ssl_socket_factory>

<ume.ldap.access.objectclass.user>User</ume.ldap.access.objectclass.user>

<ume.ldap.access.objectclass.uacc>User</ume.ldap.access.objectclass.uacc>

<ume.ldap.access.objectclass.grup>Group</ume.ldap.access.objectclass.grup>

<ume.ldap.access.naming_attribute.user>cn</ume.ldap.access.naming_attribute.user>

<ume.ldap.access.auxiliary_naming_attribute.user>samaccountname</ume.ldap.access.auxiliary_naming_attribute.user>

<ume.ldap.access.naming_attribute.uacc>cn</ume.ldap.access.naming_attribute.uacc>

<ume.ldap.access.auxiliary_naming_attribute.uacc>samaccountname</ume.ldap.access.auxiliary_naming_attribute.uacc>

<ume.ldap.access.naming_attribute.grup>cn</ume.ldap.access.naming_attribute.grup>

DC-MRL1.MRL.COM

<ume.ldap.access.server_port>389</ume.ldap.access.server_port>

<ume.ldap.access.user>mahindra\j2ee-rjd</ume.ldap.access.user>

<ume.ldap.access.password>$ume.ldap.access.additional_password.1</ume.ldap.access.password>

<ume.ldap.access.base_path.user>DC=MRL,DC=COM</ume.ldap.access.base_path.user>

<ume.ldap.access.base_path.grup>DC=MRL,DC=COM</ume.ldap.access.base_path.grup>

</privateSection>

</dataSource>

<dataSource id="CORP_LDAP2_MAHINDRA" className="com.sap.security.core.persistence.datasource.imp.LDAPPersistence" isReadonly="true" isPrimary="true">

<homeFor/>

<responsibleFor>

<principal type="account">

<nameSpace name="com.sap.security.core.usermanagement">

<attributes>

<attribute name="j_user"/>

<attribute name="logonalias"/>

<attribute name="j_password"/>

<attribute name="userid"/>

</attributes>

</nameSpace>

</principal>

<principal type="user">

<nameSpaces>

<nameSpace name="com.sap.security.core.usermanagement">

<attributes>

<attribute name="firstname" populateInitially="true"/>

<attribute name="displayname" populateInitially="true"/>

<attribute name="lastname" populateInitially="true"/>

<attribute name="fax"/>

<attribute name="email"/>

<attribute name="title"/>

<attribute name="department"/>

<attribute name="description"/>

<attribute name="mobile"/>

<attribute name="telephone"/>

<attribute name="streetaddress"/>

<attribute name="uniquename" populateInitially="true"/>

<attribute name="kpnprefix"/>

<attribute name="krb5principalname"/>

<attribute name="dn"/>

</attributes>

</nameSpace>

<nameSpace name="com.sap.security.core.usermanagement.relation">

<attributes>

<attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE"/>

</attributes>

</nameSpace>

<nameSpace name="$usermapping$">

<attributes>

<attribute name="REFERENCE_SYSTEM_USER"/>

</attributes>

</nameSpace>

</nameSpaces>

</principal>

<principal type="group">

<nameSpaces>

<nameSpace name="com.sap.security.core.usermanagement">

<attributes>

<attribute name="displayname" populateInitially="true"/>

<attribute name="description" populateInitially="true"/>

<attribute name="uniquename"/>

</attributes>

</nameSpace>

<nameSpace name="com.sap.security.core.usermanagement.relation">

<attributes>

<attribute name="PRINCIPAL_RELATION_MEMBER_ATTRIBUTE"/>

<attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE"/>

</attributes>

</nameSpace>

<nameSpace name="com.sap.security.core.bridge">

<attributes>

<attribute name="dn"/>

</attributes>

</nameSpace>

</nameSpaces>

</principal>

</responsibleFor>

<attributeMapping>

<principals>

<principal type="account">

<nameSpaces>

<nameSpace name="com.sap.security.core.usermanagement">

<attributes>

<attribute name="j_user">

<physicalAttribute name="samaccountname"/>

</attribute>

<attribute name="logonalias">

<physicalAttribute name="samaccountname"/>

</attribute>

<attribute name="j_password">

<physicalAttribute name="unicodepwd"/>

</attribute>

<attribute name="userid">

<physicalAttribute name="null"/>

</attribute>

</attributes>

</nameSpace>

</nameSpaces>

</principal>

<principal type="user">

<nameSpaces>

<nameSpace name="com.sap.security.core.usermanagement">

<attributes>

<attribute name="firstname">

<physicalAttribute name="givenname"/>

</attribute>

<attribute name="displayname">

<physicalAttribute name="displayname"/>

</attribute>

<attribute name="lastname">

<physicalAttribute name="sn"/>

</attribute>

<attribute name="fax">

<physicalAttribute name="facsimiletelephonenumber"/>

</attribute>

<attribute name="uniquename">

<physicalAttribute name="samaccountname"/>

</attribute>

<attribute name="loginid">

<physicalAttribute name="null"/>

</attribute>

<attribute name="email">

<physicalAttribute name="mail"/>

</attribute>

<attribute name="mobile">

<physicalAttribute name="mobile"/>

</attribute>

<attribute name="telephone">

<physicalAttribute name="telephonenumber"/>

</attribute>

<attribute name="department">

<physicalAttribute name="ou"/>

</attribute>

<attribute name="description">

<physicalAttribute name="description"/>

</attribute>

<attribute name="streetaddress">

<physicalAttribute name="postaladdress"/>

</attribute>

<attribute name="pobox">

<physicalAttribute name="postofficebox"/>

</attribute>

<attribute name="kpnprefix">

<physicalAttribute name="samaccountname"/>

</attribute>

<attribute name="krb5principalname">

<physicalAttribute name="userprincipalname"/>

</attribute>

<attribute name="dn">

<physicalAttribute name="distinguishedname"/>

</attribute>

</attributes>

</nameSpace>

<nameSpace name="com.sap.security.core.usermanagement.relation">

<attributes>

<attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE">

<physicalAttribute name="memberof"/>

</attribute>

</attributes>

</nameSpace>

<nameSpace name="$usermapping$">

<attributes>

<attribute name="REFERENCE_SYSTEM_USER">

<physicalAttribute name="sapusername"/>

</attribute>

</attributes>

</nameSpace>

</nameSpaces>

</principal>

<principal type="group">

<nameSpaces>

<nameSpace name="com.sap.security.core.usermanagement">

<attributes>

<attribute name="displayname">

<physicalAttribute name="displayname"/>

</attribute>

<attribute name="description">

<physicalAttribute name="description"/>

</attribute>

<attribute name="uniquename" populateInitially="true">

<physicalAttribute name="cn"/>

</attribute>

</attributes>

</nameSpace>

<nameSpace name="com.sap.security.core.usermanagement.relation">

<attributes>

<attribute name="PRINCIPAL_RELATION_MEMBER_ATTRIBUTE">

<physicalAttribute name="member"/>

</attribute>

<attribute name="PRINCIPAL_RELATION_PARENT_ATTRIBUTE">

<physicalAttribute name="memberof"/>

</attribute>

</attributes>

</nameSpace>

<nameSpace name="com.sap.security.core.bridge">

<attributes>

<attribute name="dn">

<physicalAttribute name="null"/>

</attribute>

</attributes>

</nameSpace>

</nameSpaces>

</principal>

</principals>

</attributeMapping>

<privateSection>

<ume.ldap.access.server_type>MSADS</ume.ldap.access.server_type>

<ume.ldap.access.context_factory>com.sun.jndi.ldap.LdapCtxFactory</ume.ldap.access.context_factory>

<ume.ldap.access.authentication>simple</ume.ldap.access.authentication>

<ume.ldap.access.flat_group_hierachy>true</ume.ldap.access.flat_group_hierachy>

<ume.ldap.access.user_as_account>true</ume.ldap.access.user_as_account>

<ume.ldap.access.dynamic_groups>false</ume.ldap.access.dynamic_groups>

<ume.ldap.access.ssl_socket_factory>com.sap.security.core.server.https.SecureConnectionFactory</ume.ldap.access.ssl_socket_factory>

<ume.ldap.access.objectclass.user>User</ume.ldap.access.objectclass.user>

<ume.ldap.access.objectclass.uacc>User</ume.ldap.access.objectclass.uacc>

<ume.ldap.access.objectclass.grup>Group</ume.ldap.access.objectclass.grup>

<ume.ldap.access.naming_attribute.user>cn</ume.ldap.access.naming_attribute.user>

<ume.ldap.access.auxiliary_naming_attribute.user>samaccountname</ume.ldap.access.auxiliary_naming_attribute.user>

<ume.ldap.access.naming_attribute.uacc>cn</ume.ldap.access.naming_attribute.uacc>

<ume.ldap.access.auxiliary_naming_attribute.uacc>samaccountname</ume.ldap.access.auxiliary_naming_attribute.uacc>

<ume.ldap.access.naming_attribute.grup>cn</ume.ldap.access.naming_attribute.grup>

DC-Mahindra.corp.mahindra.com

<ume.ldap.access.server_port>389</ume.ldap.access.server_port>

<ume.ldap.access.user>mahindra\j2ee-rjd</ume.ldap.access.user>

<ume.ldap.access.password>$ume.ldap.access.additional_password.2</ume.ldap.access.password>

<ume.ldap.access.base_path.user>DC=corp,DC=mahindra,DC=com</ume.ldap.access.base_path.user>

<ume.ldap.access.base_path.grup>DC=corp,DC=mahindra,DC=com</ume.ldap.access.base_path.grup>

</privateSection>

</dataSource>

</dataSources>

***********************************************************************************************************************

kindly revert ASAP

Regards