on 08-13-2013 8:13 AM
Hi all,
I am using SAP NW CE 7.3 and configured the UME to point to MS Active Directory LDAP (on Windows Server 2012).
When I'm creating a user in the CE user administration (http://hostname:50000/irj), I'm getting the below error:
Naming exception when trying to create principal USER.CORP_LDAP.test31
[EXCEPTION]
javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 0000001F: SvcErr: DSID-031A129B, problem 5003 (WILL_NOT_PERFORM), data 0
]; remaining name 'cn=test31'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3140)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3013)
Please note that I'm able to successfully validate the connection to the LDAP server (under Identity Management) and able to see the LDAP groups and able to create new groups as well. The issue is with creating the users. Please help. I can provide the xml data source config file if need be.
regards.
Hi ,
Please check the below note .
1788653 - javax.naming.OperationNotSupportedException: LDAP: error code 53 (WILL_NOT_PERFORM)
Thanks
Rishi Abrol
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks Andrea & Rishi.
Andrea,
I've been using Microsoft ADS (flat hierarchy) + DB as data source file but later I started using dataSourceConfiguration_adam.xml available from a sap note which is quite similar.
The server config is as follows:
The user has all the rights to create users etc.
Rishi,
The note seems interesting because I'm doubting something regarding security features that causing the problem.
Andrea & Rishi,
1) Do I need to configure SSL so as to be able to create users?
2) If I create a user with password disabled, then I get this error:
LDAP: error code 16 - 00000057: LdapErr: DSID-0C090C48, comment: Error in attribute conversion operation, data 0, v23f0
But the user is created in AD and it is locked there. So I unlock it and then set the password and I'm able to see it under User Administration
So what do you advise? How to resolve this issue?
regards.
Hi Suraj,
Yes you need to configure ssl
As per note 673824
Specific Limitations
Microsoft Active Directory Server
Due to security reasons it is only possible to create users or user accounts or change a password on Microsoft Active Directory server, if you are using an SSL connection between the Enterprise Portal or SAP J2EE Engine and the directory server.
Additionally, the "High Encryption Pack" for Windows 2000 to enable a 128 bit SSL encryption must be installed on the Microsoft Active Directory Server.
I think that the issues with the security policy.
please try to assign password that suits the password policy your Active directory.
Please check if you can set these option.
UME Configuration Options for External Data Sources
You have the following options to configure the security policy of the UME, both with different implications:
http://help.sap.com/saphelp_nw73/helpdata/en/49/c8477b85d85d5de10000000a421937/frameset.htm
Thanks
Rishi Abrol
Hi Suraj
what data source xml did you configured in ume?
Can you upload the config of ldap server as well?
The user you specified in ldap server has enough grants to create in ldap?
Let me know
Regards
a
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
87 | |
23 | |
11 | |
9 | |
8 | |
5 | |
5 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.