Simplest Solution for LDAP

Configuration in Enterprise Portal

7.0 with Maintaining Already
Existing SSO with Other SAP
Applications:

Applies to:
SAP Net Weaver Portal

Summary
This document provides step by step guidance on how to connect LDAP as a Data source for UME in EP7.0
and mainly explains a scenario of SAP EP portal which has SSO with other SAP Application with already
existing user, now we need to configure LDAP Directory as data source of EP without disturbing the already
existing SSO between EP and SAP application say SAP BW.

Author:: Pooja Gehani

Company: Satyam Computers Ltd
Created on: 20 April 2009

Author Bio

Pooja Gehani is working as a SAP Technical consultant with Satyam Computer Services Ltd.
Skill set includes SAP Enterprise Portal.

SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com

© 2009 SAP AG 1
Simplest Solution for LDAP Configuration in Enterprise Portal 7.0 with Maintaining Already Existing SSO with Other SAP Applications:

Table of Contents
Procedure: ..........................................................................................................................................................3
LDAP Configuration: .......................................................................................................................................3
Step 1: Go to System admin—System Configuration---UME Configuration.................................................................3
Step 2: Click on Modify Configuration button: ..............................................................................................................3
Step 3: Select you’re Data Source; it should be read only AD + Database..................................................................3
Step 4: After selecting the data source type click on LDAP sever tab:.........................................................................4
Step 5: Post entering the fields click on test connection button to check whether the information added by us is apt
or not:...........................................................................................................................................................................4
Step 6: After test Connection you can check the message whether the connection is fine or not: ..............................5
Step 7: As the connection test is successful now we need to save the details: for that click on Save all changes ......5
Step 8: The successfully saved changes message is visible : .....................................................................................5
Step 9: Restart the server. ...........................................................................................................................................6
Post LDAP Configuration:...................................................................................................................................6
Allocate Roles to the ID:..................................................................................................................................6
Related Content................................................................................................................................................10
Disclaimer and Liability Notice..........................................................................................................................11

SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com

© 2009 SAP AG 2
Simplest Solution for LDAP Configuration in Enterprise Portal 7.0 with Maintaining Already Existing SSO with Other SAP Applications:

Procedure:
We need to configure LDAP in EP7.0
Then allocate specific role to the new user.
Make sure the new user exists in SAP Application backend (SAP BW) so that SSO doesnt fail.

LDAP Configuration:

Step 1: Go to System admin—System Configuration---UME Configuration

Step 2: Click on Modify Configuration button:

Step 3: Select you’re Data Source; it should be read only AD + Database.

The user management engine (UME) can use an LDAP directory as its data source for user management
data .LDAP directory has a hierarchy flat or deep of users and groups that is supported by the UME.
After selecting Data Source: in our case I used Microsoft ADS Read Only (Deep Hierarchy) +Database:

SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com

© 2009 SAP AG 3
Simplest Solution for LDAP Configuration in Enterprise Portal 7.0 with Maintaining Already Existing SSO with Other SAP Applications:

Step 4: After selecting the data source type click on LDAP sever tab:

There in we need to fill some essential fields:

Server Name: - name of the LDAP Server.
Server Port: - Port for the LDAP Server (default 389).
User: - User id for connecting to the LDAP.
Password: - Password for the user used for connecting to the LDAP.
User Path: - User Path for the users in LDAP directory.
Group Path: - Group Path for the groups in the LDAP directory.
Enter the Unique attribute to which UME unique ID needs to be mapped.
The attribute will be used as login id for the LDAP user. (e.g. samaccountname )

Note: Don’t forget to check this field

Step 5: Post entering the fields click on test connection button to check whether the information added by us
is apt or not:

SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com

© 2009 SAP AG 4
Simplest Solution for LDAP Configuration in Enterprise Portal 7.0 with Maintaining Already Existing SSO with Other SAP Applications:

Step 6: After test Connection you can check the message whether the connection is fine or not:

Step 7: As the connection test is successful now we need to save the details: for that click on Save all
changes

Step 8: The successfully saved changes message is visible :

SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com

© 2009 SAP AG 5
Simplest Solution for LDAP Configuration in Enterprise Portal 7.0 with Maintaining Already Existing SSO with Other SAP Applications:

Step 9: Restart the server.

Post LDAP Configuration:

We need to check whether the user is able to login with the Network ID:

Post login the user will not be able to view anything as the user is new to portal and has no allocated Roles
the id:

Allocate Roles to the ID:

Procedure:
Login to the portal with admin credentials
Go to user admin –identity management—click on the network id of the new user whom u want to allocate
roles and allocate specific roles to the user ID.

SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com

© 2009 SAP AG 6
Simplest Solution for LDAP Configuration in Enterprise Portal 7.0 with Maintaining Already Existing SSO with Other SAP Applications:

Now click on modify and click on Assigned Roles after that select portal Roles under available Roles and the
role id of the role you want to assign to the User id.

After which select the role id and click on Add button:

SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com

© 2009 SAP AG 7
Simplest Solution for LDAP Configuration in Enterprise Portal 7.0 with Maintaining Already Existing SSO with Other SAP Applications:

After which select the role id and click on Add button:

Finally save the settings.

Next login with the network ID of the new user and now we will be able to see the allocated Role under the
login

SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com

© 2009 SAP AG 8
Simplest Solution for LDAP Configuration in Enterprise Portal 7.0 with Maintaining Already Existing SSO with Other SAP Applications:

Now you will observe that the Role is visible but the information is not as portal is asking for secondary Login
but this does not mean SSO is failed this issue is failed because the new user doesn’t exist at the Backend.
Now ask your basis consult to create the same user at the backend (SAP BW in our case).
Now post that login again with your network credentials and yu will be able to view the information (BW
Report in our case).

Hence we configured LDAP to portal and now the user can login to portal with network Credentials and view
the information from other SAP Application (SAP BW in our case) without secondary login relevant to them
on the basis of allocation of roles.

SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com

© 2009 SAP AG 9
Simplest Solution for LDAP Configuration in Enterprise Portal 7.0 with Maintaining Already Existing SSO with Other SAP Applications:

Related Content
http://help.sap.com/saphelp_nw70/helpdata/EN/4e/4d0d40c04af72ee10000000a1550b0/frameset.htm
SAP Note
1. https://service.sap.com/sap/support/notes/736471
2. , https://service.sap.com/sap/support/notes/675633
For more information, visit the Portal and Collaboration homepage.

SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com

© 2009 SAP AG 10
Simplest Solution for LDAP Configuration in Enterprise Portal 7.0 with Maintaining Already Existing SSO with Other SAP Applications:

Disclaimer and Liability Notice

This document may discuss sample coding or other information that does not include SAP official interfaces and therefore is not
supported by SAP. Changes made based on this information are not supported and can be overwritten during an upgrade.
SAP will not be held liable for any damages caused by using or misusing the information, code or methods suggested in this document,
and anyone using these methods does so at his/her own risk.
SAP offers no guarantees and assumes no responsibility or liability of any type with respect to the content of this technical article or
code sample, including any liability resulting from incompatibility between the content within this document and the materials and
services offered by SAP. You agree that you will not hold, or seek to hold, SAP responsible or liable with respect to the content of this
document.

SAP COMMUNITY NETWORK SDN - sdn.sap.com | BPX - bpx.sap.com | BOC - boc.sap.com

© 2009 SAP AG 11