Product Information
LDAP Adapter in SAP HANA Cloud Integration (SAP HCI)
SAP HANA云集成是SAP的战略连接解决方案。如果您正在寻找对基于LDAP的系统的集成支持,那么此博客肯定会吸引您。截至2016年11月,LDAP适配器可用于SAP HANA云集成客户。该适配器可帮助您实现涉及LDAP服务的集成方案(例如,MS Active Directory)。
You have to use SAP HANA Cloud Connector to connect to LDAP services through the LDAP adapter.
The LDAP adapter supportsInsertandModifyoperations. Using the Insert operation, you can create new entries in LDAP service. You can use the Modify operation to edit existing entries in the LDAP service. You can perform these operations on only one record at a time; i.e. you can update or modify only one record in one message processing cycle. If you want to perform operations on multiple entries, you need to use Splitter step to split the message into individual records and then pass them on to the LDAP adapter.
Remember:LDAP适配器的输入不应包含在多个记录上执行操作的输入。
Important Note on Establishing Connectivity to LDAP Service
You always connect to the LDAP service through the SAP HANA Cloud Connector (SCC). You can see more information on the SAP HANA Cloud Connectorhere。您需要安装和配置SCC版本2.9或更高版本,以使用LDAP适配器集成到LDAP服务。
支持ed Input Types for LDAP Adapter
The LDAP adapter allows you to provide input in two formats:
- XML
- Java (JNDI) Attributes.
支持不同输入类型的背后的想法是,您可以灵活地根据所拥有的有效载荷或输入的类型对方案进行建模。
配置LDAP适配器
Here’s an example of the加工settings for the LDAP adapter.
In the地址field, you provide theVirtual Hostthat you have configured in the SAP HANA Cloud Connector. For more information seehere。TheProxy TypeandAuthenticationfields are automatically filled withOn PremiseandSimple值分别。提供Credential Namethat you used while deploying credentials on the HCI tenant.
In theOperationfield, choose eitherModify或者Insert基于您要执行的操作。您可以以XML或Java(JNDI)属性的形式提供操作的输入。
Using Mapping to Process XML Input Messages
如果将XML输入传递给LDAP适配器,则需要考虑以下事实:LDAP适配器以特定格式识别消息。换句话说,您的输入应遵循LDAP适配器可以识别的模式。
您可以在这种情况下使用映射步骤来根据LDAP模式转换输入XML消息。这是您使用映射步骤时的典型场景。
In this example scenario, the input message is fetched from a SuccessFactors system. This message is used as the source in the mapping step and the target is the LDAP schema that the LDAP adapter can understand.
Here’s an example of the LDAP schema that you can use as the target in mapping step:
The next obvious question that you would have here is how to proceed in case the schema does not contain the fields that you want. The solution is quite straightforward. You just add the required field or fields to the above schema and proceed with the mapping.
在使用映射步骤中使用架构之前,在<属性>元素的
For example, let us assume that you want to add the fieldtelephoneNumber。As mentioned above, you add the field to the schema under
现在,我们有一个用于映射的架构,并且还知道如何修改模式以适合您的要求,下一步将是在映射步骤中添加该模式作为目标,并将源映射到目标。以下是典型的映射定义文件的样子:
The专有名称或者DNshould be constructed as shown below using a mapping expression:
Manipulating Fields and Adding Them to the Message after Mapping
考虑一个场景,您想在将消息映射到LDAP模式后,将字段添加到消息中。例如,您想将密码添加到消息中。但是,出于安全原因,您不能用纯文本添加它。您需要编码密码,然后将其添加到消息中。在这种情况下,典型的集成流将涉及映射步骤之后的脚本步骤。脚本将在将其发送到LDAP适配器的消息中,然后将其添加到消息。集成流的外观如下:
Here’s an example of the script that you can use to encode password:
导入com.sap.gateway.ip.core.customdev.util.message;导入java.util.hashmap;导入javax.xml.bind.datatypeconverter;导入javax.naming.directory.attribute;导入Javax.Naming.Directory.Attributes;导入javax.naming.directory.basicattribute;导入javax.naming.directory.basicattributes;def message processData(消息消息){属性属性= new BasicAttributes();字符串quoted password ='“'+“ password”+'“'';byte [] unicodepasswordbytearray = quotedpassword.getBytes(“ utf-16le”); attributes.put(new BasicAttribute("unicodePwd", unicodePasswordByteArray)); message.setHeader("SAP_LDAPAttributes",attributes); return message; }使用Java(JNDI)属性输入
LDAP适配器允许您以Java属性的形式提供输入。在这些情况下,您使用脚本步骤,在该步骤中定义一个脚本,该脚本将在运行时读取属性的值。然后将这些值内置到一条消息中,然后将其发送到LDAP适配器。您可以在运行时定义这些属性的值,然后在LDAP服务上传递并执行操作。
如果您以Java(JNDI)属性的形式传递输入,则集成流程将看起来像:
Here’s an example of the script that you can use in the script step.
importClass(com.sap.gateway.ip.core.customdev.util.Message); importClass(java.util.HashMap); importClass(javax.naming.directory.Attribute); importClass(javax.naming.directory.BasicAttribute); importClass(javax.naming.directory.BasicAttributes); importClass(javax.naming.directory.Attributes); function processData(message) { var body = message.getBody(); var dn= "cn=Markus,ou=users,dc=testcompany,dc=com"; var givenNameAttr = new BasicAttribute("givenName", "Jack"); var displayNameAttr = new BasicAttribute("displayName", "Reacher"); var telephoneNumberAttr = new BasicAttribute("telephoneNumber", "100-100-100"); var attributes = new BasicAttributes(); attributes.put(givenNameAttr); attributes.put(displayNameAttr); attributes.put(telephoneNumberAttr); var titleAttr =new BasicAttribute("title", "Developer"); attributes.put(titleAttr); snAttr =new BasicAttribute("sn", "Brutus"); attributes.put(snAttr); var resultingMap = new HashMap(); resultingMap.put("dn", dn); resultingMap.put("attributes", attributes); message.setBody(resultingMap); return message; }LDAP Adapter Error Logging
In case there is any failure in the operation, the message processing log in SAP HANA Cloud Integration will contain the error that the LDAP service has returned. You can refer to thislinkfor detailed information on error codes.
你好 ,
好的了解人机交互的一个适配器。
但是我能知道该适配器在哪种用例/情况下更有用(我知道可以使用LDAP/Active Directory完成用户集成)。
In terms of the business processes with respect to successfactors/Ariba/HCP can this be used ? if so it will be great if you can either elaborate or provide use case.
Thanks & Regards
拉杰什
你好拉杰什,
要回答您的问题:“就成功范围/Ariba/HCP的业务流程而言,可以使用吗?”=>是的,可以使用。
可以提到可使用HCI LDAP适配器的用例之一,在SuccessFactors系统中的新员工雇用和雇用员工(用户)记录插入。并且在博客中给出了一个相关的示例,该示例解决了该用例。
Hope it answers your question.
Thanks
Deepak
你好,Deepak。
We have been trying this scenario Successfactors <-> AD via LDAP adapter in SCC.
Our problems are that is seems that LDAP adapter mapping in SCC isn't handled correctly. Our LDAP server is using port 636 but in the logs, it always states the port 389.
And in the SCC logs, it is trying to connect to the internal LDAP using ip 0.0.0.6.
任何帮助都将受到赞赏
Regard, Gunnlaugur
你好Gunnlaugur,
Please make sure the mapping in SCC are maintained correctly, one virtual host is mapped to one internal host only. Make sure you use this virtual host in your integration flow.
Also, since you are trying to connect to the secure port, 636, make sure to add the necessary public certificates on the SCC being used and it should be using LDAPS protocol instead of LDAP.
问候,
Sana
你好All,
I am trying to insert a single record in ldap directory using below schema:
< DistinguishedName > . < / DistinguishedName >
你好All,
I am trying to insert a single record in ldap directory using below schema:
< DistinguishedName > . < / DistinguishedName >
Below is the exception I am getting :
Java.lang.IllegalStateException:LDAP适配器因:在LDAP处理过程中发生未分类的异常而失败;nested exception is javax.naming.NamingException: Error while attempting to resolve reference [Root exception is javax.naming.NamingException: Exception occurred while trying to resolve object using ObjectFactory search [Root exception is com.sap.core.connectivity.api.DestinationException:内部问题,引用类型为“ com.sap.core.connectivity.api.http.httpdestination”或“ com.sap.core.connectivity.api.destinationfactory”,但对象是:。请编辑您的web.xml或ejb-jar.xml或您的注释中的类型。],原因:com.sap.core.connectivity.api.api.destination.exception:内部问题,来自类型'com.sap.core.connectivity forder。请编辑您的web.xml或ejb-jar.xml或注释中的类型。
如果有人对此有所了解,请提供帮助。
谢谢,
拉杰库玛
你好Rajkumar,
此问题可能是因为您的有效载荷数据存在差异。当您的DN值不正确或绝对DN并且CN不一致时,通常会发生这种情况。
Hope this resolves your issue.
问候,
Sana
你好,we neeed to load data from the LDAP server.
我们在适配器中看到没有查询方法,这对我们来说是一个巨大的问题,您打算添加此功能吗?
We are even trying to call the server from a Groovy script, too bad that we can't figure how to reach the exposed back-end system through Cloud Connector because we can't get the address of the host, can you help us?
HelloMassimo Nanni
Were you able to create a Groovy script to accomplish this task?
欢呼,斯科特
不,我们尝试了博客文章上的每个示例,但没有成功。
因此,我们在通过HTTP调用的前提上安装了Java服务器。
We wasted an incredible amount of time on this, setting up the server was so fast and we can code much better on a real server than the SCPI interface.
你好,
Even I have the same scenario where I need to update the data from Active Directory back to EC, IS there any possibility on how to do this?
亲爱的Massimo和Sethuraman,
This feature is a part of the roadmap. We will keep you posted once this feature is available. Thank you for your patience.
Best Regards, Gautham
你好在Krishna,
您能建议在LDAP连接器中发布LDAP用户查询操作吗?
Kind Regards
Emre
你好Emre,
感谢您的问题。如前所述,我们将其作为路线图的一部分。我可以将您指向官员roadmap document.Unfortunately, i cannot provide you an exact date on the feature's availability.
谢谢,问候,Gautham
Hello在Krishna
I reviewed the SAP Cloud Platform and SAP Cloud Platform Integration roadmap and I do not see this item listed on there. Can you provide the exact document this is listed in and on what page?
谢谢,
Scott