cancel
Showing results for 
Search instead for 
Did you mean: 

Enable SSL to LDAP / MS AD : Portal will not start

Former Member
0 Kudos

Hi all ,

We have successfully enabled portal User Authentication to MS AD/LDAP over port 389 in a EP6 SP2 portal . Portal use

Now we wish to switch to LDAP over SSL .We did the following for a Ad with SSL enabled on port 636 :

1) Import the AD server cert into the keystore using Visual admin tool

2) Log into portal as adminstrator > Go to UM Administration

3) Change DataSource to AD , Flat heirarchy

4) Enter hostname of AD server , user . password , paths etc.., Enable SSL

5) Save config and restart portal

Now the Portal will not start and we get the following error messages in the

console_logs...any ideas ???

Loading services:

Loading service: com.sap.portal.license.runtime license

java.lang.NullPointerException

at com.sap.security.core.util.imp.UMTrace.debug(UMTrace.java:

739)

at com.sap.security.core.util.imp.UMTrace.debug(UMTrace.java:

840)

at com.sap.security.core.util.imp.UMTrace.fatalT(UMTrace.java:

586)

at com.sap.security.core.persistence.datasource.imp.

LDAPConnectionManage

r.initConnectionPools(LDAPConnectionManager.java:556)

at com.sap.security.core.persistence.datasource.imp.

LDAPConnectionManage

r.initialize(LDAPConnectionManager.java:77)

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
0 Kudos

Any ideas guys ?

Regards

Daniel

Former Member
0 Kudos

Hi Daniel,

I've had this problem before. It was because our LDAP server wasn't running when we tried to start the portal. Make sure that your AD/LDAP server is running and that you can ping it from your portal server.

I had opened an OSS message on this but no solution came of it. Basically the portal (our version EP6SP2) will not start if the AD is not up and running.

Hope that helps,

Robin

Former Member
0 Kudos

Hi Robin ,

the LDAP server is up and reachable from the portal host so the problem lies

elsewhere . I can't bring up the portal to back out the changes . Let me know if you have any other ideas ..

Regards

Daniel

Former Member
0 Kudos

Daniel,

If the goal is to bring the server to the previous state

try the following.

1. Copy sapum.properties.bak to sapum.properties in the directory /usr/sap/SID/j2ee/cluster/ume/

2. It should reset the UM authentication back to the last

successful configuration.

Also what Patch level you are at?

NOTE: if the sapum.properties is not in synch with the

properties from UM Configuration "Direct Edit" tab the change may enable SAP*.

Regards

-Venkat Malempati

Former Member
0 Kudos

Here's another option that might work for you:

Check out this note: 789590. From reading between the lines it looks like you can change your um config without the portal being up by creating a file called 'sapum.properties.upgrade'. That note talks about modifying some logging parameters but you should be able to substitute the um parameters to change your config back to using just the portal database.

Here's what sap explained about the process:

"you can update single um.properties by defining a file called sapum.properties.upgrade and storing it in the

directory \ume\. During the next startup, these properties are uploaded and update the older values from the UME properties stored in the PCD.

Values that are not listed in the .upgrade file are not touched. The upload is done before the service is starting, so that the updated values are taken as start parameters. Again in note 789590, you can find an example for an upgrade file (in this case for updating the information on the logging settings)."

Once you get the portal up and running, when you try to change the UM config, make sure you click on the 'Test Connection' button after you've saved the new ldap settings to make sure that everything is ok. The ldap server might be accessable but you might have a problem with the user, password, group or user path. Also if you're using SSL then make sure the 'Use SSL for Ldap access' is checked.

Hope that helps.

Regards,

Robin.