Home

Results 1 to 5 of 5

Thread: SAP User Management CUA Roles

Hybrid View

  1. #1
    belaie NNTP User

    SAP User Management CUA Roles


    NetIq Identity Manager 4.0.2 AE / Linux
    SAP Solution Manager 7.1 CUA Master
    SAP ERP EHP6 CUA CHILD

    We are trying to setup the SAP User Management driver with CUA setup and
    having trouble with delivering roles for a logical subsystem.

    When we try to deliver roles from IDM i get the following error:

    ..
    DirXML: [06/26/14 11:03:58.39]: TRACE: UserLocRolesModify: Invalid CUA
    Role specification CLIENTXXX:SAP_ROLE_XXX. Must contain 'AGR_NAME' and
    'SUBSYSTEM' component fields and values.
    DirXML: [06/26/14 11:03:58.39]: TRACE: UserLocActGroupsAssign: SAP
    version: 702
    DirXML: [06/26/14 11:03:58.39]: TRACE: UserLocActGroupsAssign:
    UserLocActGroupAssign return TYPE: S
    DirXML: [06/26/14 11:03:58.39]: TRACE: UserLocActGroupsAssign:
    UserLocActGroupAssign return MESSAGE: Role assignment to user USERNAME
    changed
    DirXML: [06/26/14 11:03:58.39]: TRACE: UserModify: UserLocRolesModify
    finished
    DirXML: [06/26/14 11:03:58.39]: TRACE: BapiDispatch: m_disableRetry
    value: false
    DirXML: [06/26/14 11:03:58.39]: TRACE: Remote Loader:
    SubscriptionShim.execute() returned:
    DirXML: [06/26/14 11:03:58.39]: TRACE: <nds dtdversion="1.0"
    ndsversion="8.5">



    i'm populating the values in the user attribute "DirXML-sapLocRoles" in
    Identity manager as CLIENTXXX:SAP_ROLE_XXX



    the driver works okay without CUA configuration.


    Any help in that setup would be very helpful from you guys...


    Regards,
    M.


    --
    belaie
    ------------------------------------------------------------------------
    belaie's Profile: https://forums.netiq.com/member.php?userid=308
    View this thread: https://forums.netiq.com/showthread.php?t=51188


  2. #2
    belaie NNTP User

    Re: SAP User Management CUA Roles


    ok figuered it out. i had to write a new policy on the driver which
    actually converts the string to structure data type on the subscriber
    output.


    --
    belaie
    ------------------------------------------------------------------------
    belaie's Profile: https://forums.netiq.com/member.php?userid=308
    View this thread: https://forums.netiq.com/showthread.php?t=51188


  3. #3
    Join Date
    Dec 2007
    Location
    Brooklyn, NY
    Posts
    6,213

    Re: SAP User Management CUA Roles

    On 6/27/2014 7:30 AM, belaie wrote:
    >
    > ok figuered it out. i had to write a new policy on the driver which
    > actually converts the string to structure data type on the subscriber
    > output.


    Sample code? What is the structured type?


  4. #4
    belaie NNTP User

    Re: SAP User Management CUA Roles


    Here you go.. actually it worked when i was placing the roles in
    attribute sapRoles in IDM. but i had to deliver the roles to the sap
    child systems, then i had to use the another attribute in IDM which is
    called DirXML-sapLocRoles.
    the data in that attribute should be childsystem:role format, but i
    guess the jco api expects it be structured type so on the Subscriber Otp
    i had to do the following:




    <rule>
    <description>Transform LOCACTIVITYGROUPS from String to
    Structured</description>
    <conditions>
    <or/>
    </conditions>
    <actions>
    <do-reformat-op-attr name="LOCACTIVITYGROUPS">
    <arg-value type="structured">
    <arg-component name="SUBSYSTEM">
    <token-xpath expression="substring-before($current-value, ':')"/>
    </arg-component>
    <arg-component name="AGR_NAME">
    <token-xpath expression="substring-after($current-value, ':')"/>
    </arg-component>
    </arg-value>
    </do-reformat-op-attr>
    </actions>
    </rule>





    geoffc;245961 Wrote:
    > On 6/27/2014 7:30 AM, belaie wrote:
    > >
    > > ok figuered it out. i had to write a new policy on the driver which
    > > actually converts the string to structure data type on the

    > subscriber
    > > output.

    >
    > Sample code? What is the structured type?



    --
    belaie
    ------------------------------------------------------------------------
    belaie's Profile: https://forums.netiq.com/member.php?userid=308
    View this thread: https://forums.netiq.com/showthread.php?t=51188


  5. #5
    Join Date
    Dec 2007
    Location
    Brooklyn, NY
    Posts
    6,213

    Re: SAP User Management CUA Roles

    On 6/30/2014 4:14 AM, belaie wrote:
    >
    > Here you go.. actually it worked when i was placing the roles in
    > attribute sapRoles in IDM. but i had to deliver the roles to the sap
    > child systems, then i had to use the another attribute in IDM which is
    > called DirXML-sapLocRoles.
    > the data in that attribute should be childsystem:role format, but i
    > guess the jco api expects it be structured type so on the Subscriber Otp
    > i had to do the following:


    It seems incredibly unlikely that the JCO API expects it. The shim
    however clearly does. (I.e. Structured attributes are vaguely
    unique to eDirectory, specifically in how IDM represents them).


    >
    >
    >
    >
    > <rule>
    > <description>Transform LOCACTIVITYGROUPS from String to
    > Structured</description>
    > <conditions>
    > <or/>
    > </conditions>
    > <actions>
    > <do-reformat-op-attr name="LOCACTIVITYGROUPS">
    > <arg-value type="structured">
    > <arg-component name="SUBSYSTEM">
    > <token-xpath expression="substring-before($current-value, ':')"/>
    > </arg-component>
    > <arg-component name="AGR_NAME">
    > <token-xpath expression="substring-after($current-value, ':')"/>
    > </arg-component>
    > </arg-value>
    > </do-reformat-op-attr>
    > </actions>
    > </rule>
    >
    >
    >
    >
    >
    > geoffc;245961 Wrote:
    >> On 6/27/2014 7:30 AM, belaie wrote:
    >>>
    >>> ok figuered it out. i had to write a new policy on the driver which
    >>> actually converts the string to structure data type on the

    >> subscriber
    >>> output.

    >>
    >> Sample code? What is the structured type?

    >
    >



Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •