cancel
Showing results for 
Search instead for 
Did you mean: 

UME as LDAP read only, what is the password

Former Member
0 Kudos

Hi,

If the portal or java instance is setup as UME = LDAP read only + database pointing to AD and the user is then assgined roles/groups in the Java UME with access to allow logon.

1. What is the password of the users to use?

2. I know the AD password is definitly not synchronised as it is one way encrypted. Does the user needs to be set a new password in portal to login with?

3. Will this password be stored on the Java UME only?

4. what happens if the users AD password changes, will it affect the password stored in the Java UME?

Thank you.

John

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
0 Kudos

Hi

Please try to implement Kerbarose between Your AD and portal .

i think it will suffice for two way authentication .

there will be principle name which is stored in your java ume and that is mapped with your AD entry with kerbarose encryption.

Regards

Dishant .

Steffi_Warnecke
Active Contributor
0 Kudos


Hello John,

since we use that setting, too, lets see, what I can tell you. ^^

1. What is the password of the users to use?

> The password of their AD-account.

2. I know the AD password is definitly not synchronised as it is one way encrypted. Does the user needs to be set a new password in portal to login with?

> No, they can derectly use their AD-account (username and password).

3. Will this password be stored on the Java UME only?

> I'm not sure, but I'd say "no". I don't think it is stored in the UME (since the LDAP is connected and the information about the account and password status come from there).

4. what happens if the users AD password changes, will it affect the password stored in the Java UME?

> If the user changes his/her AD-password, that he/she can logon to the portal with that new password immediately. So I don't think, there is any connection to the portal UME database.

Regards,

Steffi.

Former Member
0 Kudos

Thanks Steffi, are these information documented in any SAP guides? I tried to look through the NW Java install/config/security guide and was unable to find this infiormation stated. I'm planning to do a proof of concept to verify this but it will be good if I have something from SAP to validate.

Steffi_Warnecke
Active Contributor
0 Kudos

I don't know, I just wrote from my experience.

Have you looked at the portal section of the SAP-help yet? There are at least some information about this setting. Maybe if you drill deeper (searching is fun ^^), you'll find more.

Former Member
0 Kudos

I'd done a POC and the user credentials are per AD when using Java UME via LDAP.