Skip to Content
avatar image
Former Member

LDAP as UME data source - EP 7.01 with New Spnego

Hi,

This is my first time setting MS ADS as UME datasource. My EP version is 7.01 with SPs 8 and because of that we are planning to follow directions in note "1488409 - New SPNego Implementation" and the attached file "SPNego Configuration Guide". Since I've reviewed some old and new related documentation with some differences I have a couple of questions regarding the right process to use:

a- Can I use one of the already available datasource configuration files (xml) and edit it directly from the "UME LDAP configuration tool" as detail in http://help.sap.com/saphelp_nw70ehp1/helpdata/en/12/7678123c96814bada2c8632d825443/frameset.htm or there still the need to download and edit dataSourceConfiguration_ads_readonly_db_with_krb5 file from note Note 994791 - SPNego Wizard.

b- In case one of the available sourceconfiguration file is ready to use which is the correct one?

dataSourceConfiguration_ads_deep_readonly_db

dataSourceConfiguration_ads_deep_writeable_db

dataSourceConfiguration_ads_readonly_db

dataSourceConfiguration_ads_writeable_db

Hope you can help me to clarify this doubts and off course any extra recommendation or direction would highly appreciated.

Thanks and regards

Add comment
10|10000 characters needed characters exceeded

  • Follow
  • Get RSS Feed

2 Answers

  • avatar image
    Former Member
    Oct 25, 2011 at 12:11 AM

    Hi Experts,

    Any suggestion?

    What key things should be taking under considerations when selecting the xml datasource configuration file? (Even when they are changeable in case of errors)

    Again, Is the "dataSourceConfiguration_ads_readonly_db_with_krb5.xml" file still needed for Kerberos SSO? Remenber that I'm using the New Spnego from note "Note 1488409 - New SPNego Implementation".

    Thanks and regards

    Add comment
    10|10000 characters needed characters exceeded

  • Oct 25, 2011 at 02:12 AM

    Hi diego77

    Depends on how and if you have to map non standard user attributes, if loginid/samaccountname = principal only, then no custom xml file should be required. Just use the standard datasource and you should be able to map via logon ID or alias.

    If you wanted to map via userprincipalname then a custom xml UME datasource would be required.

    The changes required are documented in the below SAP help doc.

    Configuring the UME when Using ADS Data Sources for Kerberos

    http://help.sap.com/saphelp_nw70ehp1/helpdata/en/43/4c363ac31e30f3e10000000a11466f/content.htm

    Rgrds

    Craig

    Add comment
    10|10000 characters needed characters exceeded