cancel
Showing results for 
Search instead for 
Did you mean: 

User Management using Active Directory

Former Member
0 Kudos
247

Steps taken to Enable Backending to ADS

Go into the UM Configuration

Set the datasource to Read-Only Microsoft ADS + Database

Set LDAP Server to:

Servername: ourdc.domain.com

Port: 389

User: domain\domain.admin

password:

User Path: ou=users, dc=domain.com

Group Path: ou=groups, dc=domain.com

(Replacing domain.com with our domain name)

I have tested and saved (which notified me that sapum.properties has been saved) and to restart the server.

At this point I am expecting to restart the portal and find my domain users & domain groups under user administration.

I imagine I am missing a step or 5. Can someone give me some direction.

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
0 Kudos

Yes we have IISproxy set up and running.

Former Member
0 Kudos

For the user name you must have the full ldap name.

cn=portaladmin,ou=mis,ou=sapisevil,dc=company,dc=inc

Are you going to be using IISProxy?

Former Member
0 Kudos

I was under the impression I would put an AD Domain name. So are you saying I should be creating a user in AD called 'portaladmin' then put where it asks for user what you've outlined below?

Former Member
0 Kudos

Portaladmin would be the user you create in AD that will give you access to your LDAP. That id must have administrator rights.

I don't know how you have you AD set up.

Let's say you AD is company.inc like sap.com

Under that I have an OU named mycompany.

Under that I have all of the OU for my departments.

Under those OUs I have my users.

So if I added the user portaladmin:

CN=portaladmin,OU=department,OU=mycompany,DC=company,DC=inc

That is the LDAP user name for portaladmin. With the password on port 389 I can log on to active directory and specify the groups and users in AD using the same format.

Groups

OU=groups,DC=company,DC=inc

Users

OU=mycompany=DCcompany,DC=inc

Once this is done the portal can access the AD. Change the Data Source (one tab over from LDAP Server) to Microsoft Active Directory (Flat)

Restart the engine and you should be able to log in on the WAS side of the portal with any AD user that is in that OU.

Now as for getting IISProxy configured and using that to connect to the portal and having AD work, that is another story that I have not solved yet.