Skip to Content
author's profile photo
Former Member

Additional User Attributes

Hi,

In the document SAP Enterprise Portal 6.0: User Management by Jeff Benson on page 15 a list

of data which can be read and written from the database. The last point in the list says:

"Additional attributes (for example, attributes not covered by the standard object classes of the

LDAP server)".

Does this apply to users who are stored in a (coporate) LDAP directory? If yes how can the user

profile be extended with additional attributes (iView, xml file, DB table)?

Kind regards,

Kai

Add comment
10|10000 characters needed characters exceeded

  • Follow
  • Get RSS Feed

2 Answers

  • Posted on Nov 22, 2003 at 02:10 PM

    Hi,

    interesting question, we have some docu  about this , bur I think no tutorial:

    http://help.sap.com/saphelp_ep60sp2/helpdata/en/38/76bd3b6e74d708e10000000a11402f/frameset.htm

    Regards, oliver

    Excerpt:

    Data Persistence - Storing User Management Data

    This section outlines how SAP User Management Engine (UME) stores user data that needs to persist even if a system is shut down or restarted. The data repositories in which user data is stored are referred to as data sources.

    Multiple Data Sources

    With UME you can leverage existing user data repositories in your system infrastructure by connecting to a wide range of data sources using configurable persistence adapters. You can read data from and write data to multiple data sources in parallel. For example, you can configure UME so that user data is read from an existing corporate directory, while new users are written to a database. A persistence manager is responsible for reading the data from or writing the data to the correct data source. The data source to which the persistence manager writes is transparent to the application.

    Data Partitioning

    UME also supports data partitioning. This means that you can configure UME to use different data sources for different user sets or attribute sets. You can partition data in two ways:

    ·       Attribute-based data partitioning: Different sets of attributes are written to different data sources. For example, global user attributes, such as telephone number, email address, and so on, are written to a corporate directory while SAP-specific data is written to a database.

    ·       User-based data partitioning: Different sets of users are written to different data sources. For example, in a collaboration scenario, where both users internal to your company and users from other companies work together in the same application, the external users need a user account as well. In this case you can configure the persistence manager to store company internal users in the corporate directory, whereas external users are stored in a separate directory.

    Architecture

    The following diagram illustrates the architecture of UME:

    UME user data is stored in one or more data sources. Each type of data source has its own persistence adapter. The persistence manager consults the persistence adapters when creating, reading, writing, and searching user management data. The application programming interface (API) is a layer on top of the persistence manager.

    In the persistence manager, you configure which data is written to or read from which data source, so that the applications using the API do not have to know any details about where user management data is stored.

    Persistence Adapters

    Persistence adapters for the following types of repositories are available:

    Database: See the Product Availability Matrix on SAP Service Marketplace (http://service.sap.com/pam60) for details on which databases are supported.

    ·        Lightweight Directory Access Protocol (LDAP) directory: See the Product Availability Matrix on SAP Service Marketplace (http://service.sap.com/pam60) for details on which directories are supported.

    SAP Systems based on Web Application Server 6.20

    You can configure UME to use one or more of these persistence devices in parallel. Users can also be stored in several different physical LDAP directory servers, or in different branches of the same LDAP directory server.

    Replication Manager

    The replication manager replicates UME data to external systems. User data that is written to the persistence manager is also written to the replication manager. The replication manager generates XML documents and sends them to the external systems which process them and perform the corresponding actions.

    For example, if you are using UME with SAP Enterprise Portal and want an SAP Customer Relationship Management (CRM) system to work with the same user base as the portal, you can configure UME to replicate all user data from the portal to the CRM system.

    Add comment
    10|10000 characters needed characters exceeded

  • author's profile photo
    Former Member
    Posted on Nov 23, 2003 at 04:16 PM

    Basically, you just add your new required attributes to the XML configuration file for your LDAP config.  You must modify two places (physical attribute definition and attribute mapping):

    In your LDAP data source config add the new attribute to the principal type "user".  I use the attribute "itarflag" below:

        ÂÂ

                           <physicalAttribute name="null" />

                        ");

    I'm writing a series of SDN articles on various topics and this is something I plan to cover, but I'm short on time right now...

    Best regards,

    Will

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      The example I gave may be a little more complicated than you actually need.  If the attributes are already in the LDAP schema, then you should be able to access them directly without having to add them to the XML mapping file. Just add the attribute the the persistence store with the actual LDAP attribtute name. You then use the physical attribute name of the LDAP attribute when you call getAttribute().

      IUser user = request.getUser();

      String itar[] = user.getAttribute("com.sap.security.core.usermanagement","itarclearanceind");

      response.write("
      ITAR flag = " + itar[0] + "
      ");

      You can also persist non-LDAP attributes in the DB if you choose to do so.  See my response to John O'Grady's question for code example.

      Best regards,

      Will