cancel
Showing results for 
Search instead for 
Did you mean: 

2004s - Users in LDAP,

Former Member
0 Kudos

I have modified the UME xml file, and am now pulling my users from our (readonly) ldap server(s). The users apppear to be successfully imported - I can login with a UME DB user, and search for users that exist only in LDAP. I can also login with an LDAP user, but they don't have any roles assigned to them.

When I try to assign a role to an LDAP user, I get an error:

"You need to enter a valid value to proceed with the requested action"

And it has marked in the details of the user the "Logon ID" as a required field. It isn't possible for me to edit this field (I assume because it is stored in the readonly LDAP database). Note that the logonalias field is correctly populated with the LDAP username

Does anyone know how I can assign roles to LDAP users? The roles should be held in the portal DB, as the LDAP database is readonly.

Have I missed a setting that tells the roles to be stored in the database, or is there something else that I'm missing?

Thanks in advance for any assistance.

Regards

Richard

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
0 Kudos

In your User Management Config, how do you have your groups set up? You should have the roles assigned to the groups in your LDAP.

Former Member
0 Kudos

Hi David - thanks for your reply.

I can assign roles to LDAP groups, but not to users.

Does this mean that the only way to assign a role to a user is to assign it to a group that the user is in? ie you can't assign roles directly to users. Or am I missing some setting that makes this possible?

Thanks again for your assistance.

Regards

Richard

Former Member
0 Kudos

I come from a Windows background. The "proper" way is for users into local groups, local into global groups, global gets the rights.

It is the same with any LDAP system. It's that way for good house keeping and it keeps users in a uniform way. Yes, you can assign a user directly to a role. But, in a production environment where users are coming and going and transferring in and out, it can get messy.

If your setup is to have your users in LDAP, make groups in you LDAP that correspond to your roles in the portal. Assign the roles to the groups in the UME then the users will have the rights.

Until I made myself do things that way... well I got burned a few times.

Former Member
0 Kudos

Thanks David - I appreciate your assistance and the guidance on how this should be set up properly!

Regards

Richard

Former Member
0 Kudos

Hi Richard,

You should be able to assign also roles to users - the role assignment is based on the user unique ID. You are using LDAP server, that is why the unique ID generation is maintaned with the following properties:

ume.ldap.unique_uacc_attribute

ume.ldap.unique_user_attribute

Those should be the same and should be configured to an existing user attribute from your LDAP server - SAP Note

777640.

Cheers,

Iliyan

Answers (0)