Skip to Content
Sep 20, 2012 at 02:32 PM

Certificate User Mapping Service - Active Directory



I did set up the following environment:

  • Microsoft Active Directory
  • SAP NW Java 7.3 SP7
  • Secure Login Server 1.0 SP3
  • User Authentication with Kerberos (AD Authentication)
  • Configuration of SPNEGO Login Module / Benutzerzuordnung
    • Zuordnungsmodus: Principal@REALM
    • Quelle: virtual user (nice feature, i like it)
  • User-Defined Properties in SLS
    • LdapReadServers, LdapReadBaseDN1, ... in order to read the AD attribute 'mail' of the user.
    • The LdapReadUser1 is in the root domain.
    • The LdapReadUrl1 is the global catalog server.
    • The LdapReadAttribute1 = "mail"

I did not get a result. The Common Name RDN is still the samAccountName of the user.


  • Exist a logfile where I can find information, what goes wrong with the LDAP search?
  • Which search string is used by the SLS (userPrincipalName or samAccountName)?
  • Which attribtue is used to search? If an openLDAP is used, then the attribute 'uid' should be used for the search. If a Microsoft AD is used, then the attribute 'userPrincipalName' should be used. Can this be configured?

Best Regards,

Markus Nüsseler-Polke