cancel
Showing results for 
Search instead for 
Did you mean: 

HELP!!! EP60 SP12 and LDAP Novell eDirectory

Former Member
0 Kudos

Hi!

We habe an EP60 with SP12 and a Novell eDirectory LDAP, where Users and Groups are stored in read-only mode.

In our Development Portal (EPE) with connected Dev-LDAP everything is fine. Groups und Users can be read form the LDAP. User Group assignments can be read also.

In our Consolidation Portal (EPK) resp. Production Portal (EPP) connected with Cons-LDAP resp. Prod-LDAP we have the problem, that groups can be read but no users from the portal. User-Group asssignments cannot be read either.

For testing purposes we then connected the Dev-LDAP to the Prod-Portal and everything was okay. Everything could be read from the Dev LDAP.

Any ideas? this problem is very urgent, because it is a GoLive Showstopper!!!!!

PLEASE HELP!!!!

Thanx in advance for any hint and/or help!

Mit freundlichen Grüssen / Regards,

Volker Kolberg

btconsult GmbH

vk@btconsult.de

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
0 Kudos

Hello Volker,

looks like the structure of Prod. LDAP is different from your Dev LDAP maybe? Check if groups an users are placed in the same locations.

Download a LDAP browser an try to read the LDAP directories. Can your ldap user (configured for access to ldap server in portal) read all attributes in production LDAP compared with the Prod LDAP?

If you find some differences here you must change the configuration in portal for the prod. Ldap directory (user/group path).

Normaly the structure of all used LDAPs should be same. If this is the case, maybe the used ldap user has not the right to see all entries in the prod LDAP directory (this can be checked with a ldap browser).

Regards

Alex

Former Member
0 Kudos

Hi Alex!

The structure is the same in all LDAPs. I've cross-checked this "hundreds of times". I will now try it with an LDAP browser tool and additionally will have a look at the usermanagement.log in the portal. Access Authority problems should be reported here, or not?

Regards,

Volker

Former Member
0 Kudos

Hi Volker,

I had a problem with assigning LDAP groups (MS-ADS) to portal groups. The reason was that the ldap access user was not able to see the member of group attributes from the users in the LDAP. I do not now the possible restrictions of novell eDirectory users. But with a ldap browser and using the ldap access user credentials you should be able to find out what the portal is able to see.

With this check you can find out if the problem is related to the portal or related to access rights and configuration of eDirectory.

(I believe you selected the correct ume-configuration.xml file, right?)

Regards

Alex

Former Member
0 Kudos

Hi Alex!

The ume config file is correct "...novell directory read only and database..."

Thanx so far!

I will come back to this thread after finishing my LDAP browser tool investigations.

Regards,

Volker

Former Member
0 Kudos

Hi Volker,

just two hints:

Can you select the correct tree from within the UME-LDAP-Cofiguration ( instead of typing it ) ?

You should also check your sapum.properties for differences regarding ldap-configuration-parameters.

regards

Stefan Boros

Answers (1)

Answers (1)

Former Member
0 Kudos

Hi Folks!

Indeed it was a problem in the DataSource XML file. In that (SAP Standard) configuration file (in the AttributeMappping section) PhysicalAttribute "uid" was used to identify a user. This attribute was just filled in the development LDAP, but not in the other ones. I changed the Config XML file from PhysicalAttribute "uid" to "cn" and everything worked fine.

I found this out using an LDAP browser tool.

Regards,

Volker