cancel
Showing results for 
Search instead for 
Did you mean: 

Using MS active directory vs. Novell eDirectory for portal AUTHS

Former Member
0 Kudos

I am aware that either active directory or edirectory can be used to authenticate to the SAP portal.

However, for authorizations in the portal, is there an advantage of one over the other? Our portal will not only use authorizations for displaying tabs, but to perform restrictions inside custom applications.

If you had built your portal architecture (authentication and authorization) around one, how easy would it be to convert to the other?

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
0 Kudos

Hey Mary,

The simplest solution I can think of is to leverage an LDAP source for UME and use group memberships for authorization assignments. For example, you could use AD as a UME source, and assign Portal content to groups in AD. Users would never "live" in the Portal, they're strictly AD (LDAP) users that are members of AD groups. Since Portal roles are assigned to roups (in User Administration), only users in those group X would get Portal Role X... users in Group Y would see Role Y... etc.

Obviously this is possible with other applications, not just Portal but het, you posted in a portal forum ;o)

-Kevin

i827647
Product and Topic Expert
Product and Topic Expert
0 Kudos

Hi Mary, I worked with both and didn't see any difference because all the user information that I needed has in UME.

I feel more confortable with MS AD, but it´s just my preference.

Regards,

Edson Thomaz

Former Member
0 Kudos

Thank you. Were you performing very basic auth checking, or anything complex?

i827647
Product and Topic Expert
Product and Topic Expert
0 Kudos

What you consider a complex authentication?? I has performed authentication with AD and SSO with windows and user mapping with different user at SAP ECC. It's that or you saying other thing??

Regards,

Edson Thomaz

Former Member
0 Kudos

Authorization, not authentication. Using the j2ee roles/UME and java code to make an application behave a certain way...i.e., this user is authorized to update a table, this one is not - so don't even display a menu option to update the table. This is where the system can't or won't check backend authorizations.

This is simplistic, and I may not be using correct terminology.

i827647
Product and Topic Expert
Product and Topic Expert
0 Kudos

Mary, you can assign LDAP groups with roles in UME having authorization on menu, but if you like a authorization inside application, like records in table or restrict input values in fields, you need build this solution by your self, the second example has alternatives on SAP EP.

Regards,

Edson Thomaz