How to configure SAP JAVA LDAP using port 8443.

How to configure SAP JAVA LDAP using port 8443.
Estimated read time 6 min read

Hello Team,

In this blog, I will describe how to configure JAVA LDAP using port 8443.

Overview of Java LDAP Using Port 8443 in SAP.

In SAP environments, LDAP (Lightweight Directory Access Protocol) is commonly used for user authentication, authorization, and directory services. When SAP Java systems communicate securely with an LDAP directory, SSL/TLS is typically involved. In some SAP landscapes, this secure communication is configured to run over port 8443.

What Is LDAP in SAP Java?

In SAP NetWeaver AS Java, LDAP integration allows SAP to:

Authenticate users against a central directory (Active Directory / LDAP server)
Synchronize users and groups
Enable Single Sign-On (SSO)
Centralize user management instead of maintaining users locally in SAP
SAP Java uses its User Management Engine (UME) to connect to LDAP servers.

 

By default, the NetWeaver Administrator (NWA) page is accessed using the URL:

http://<hostname>:<port>/nwa

My NetWeaver Version is 7.5 and  Java instance number 00, the default NWA HTTP port is 50001.

In my case, the instance number is 00, so I will change the NWA port from 50001 to 8443. After this change, the NWA page will be accessible using port 8443.

Team Requirements

The Network Team will open port 8443.AD Team will create One service account. In our case, we are using the SAPD1AUME service account.The Basis Team will perform the LDAP configuration.A Root CA certificate is required. This is a mandatory prerequisite and must be available before starting the configuration.

Preparation Steps

First, we need to create a user group. Accordingly, we have created the XX_BASIS_JAVA_ADMINS group.Currently, the NetWeaver Administrator (NWA) URL is accessible via port 50001.

Now add Role to this Group XX_BASIS_JAVA_ADMINS

Administrator  , NWA_SUPERADMIN , SAP_SLD_ADMINISTRATOR

Now go to Configuration–> LDAP Server and fill information about LDAP Server with Service User name and password.

Server Name—–>Here you need to provide server hostname.

Server Port——–>636

User——————>SAPD1AUME

Password——->••••••••

User Path——->OU=Users,DC=,DC=com        <—This information you will get from your LDAP team.

Group Path——–> OU=Users,DC=,DC=com   <—This information you will get from your LDAP team.

Now Validate Configuration.

Now take restart of JAVA Server for change effect.

We have here 2 nodes. Server 1 and server 0

We are here restarting node wise with p r 2 and p r 3 command

After JAVA server restarted again go to User Managemt and check your check your ID

Open User Management–> Configuration–>Open Expert Mode

Check this Parameter ume.logon.allow_cert it should be true

Now go to NWA Configuration and Certificate and Keys

Now Select ICM_SSL_52325_8443. You should have root certificate. We need to import here root certificate

Now import root certificate here.

We can see here root certificate added.

Now Click on Authentication and Single Sign-On:

Select ticket and Add

Add below entry.

 

Now save

Now check 8443 port is enabled or not.

Configuration—SSL

 

Its enabled.

Now, when you open any Java-based URL such as NWA or User Management on port 8443, it will automatically log in using the user ID mapped to the corresponding LDAP group. No password is required for login.

As shown below, the NWA port has been changed from 50001 to 8443.

 

 

Conclusion

Java LDAP communication over port 8443 confirms secure LDAPS usage with encrypted authentication, aligning with security compliance requirements.

 

​ Hello Team,In this blog, I will describe how to configure JAVA LDAP using port 8443.Overview of Java LDAP Using Port 8443 in SAP.In SAP environments, LDAP (Lightweight Directory Access Protocol) is commonly used for user authentication, authorization, and directory services. When SAP Java systems communicate securely with an LDAP directory, SSL/TLS is typically involved. In some SAP landscapes, this secure communication is configured to run over port 8443.What Is LDAP in SAP Java?In SAP NetWeaver AS Java, LDAP integration allows SAP to:Authenticate users against a central directory (Active Directory / LDAP server)Synchronize users and groupsEnable Single Sign-On (SSO)Centralize user management instead of maintaining users locally in SAPSAP Java uses its User Management Engine (UME) to connect to LDAP servers. By default, the NetWeaver Administrator (NWA) page is accessed using the URL:http://<hostname>:<port>/nwaMy NetWeaver Version is 7.5 and  Java instance number 00, the default NWA HTTP port is 50001.In my case, the instance number is 00, so I will change the NWA port from 50001 to 8443. After this change, the NWA page will be accessible using port 8443.Team RequirementsThe Network Team will open port 8443.AD Team will create One service account. In our case, we are using the SAPD1AUME service account.The Basis Team will perform the LDAP configuration.A Root CA certificate is required. This is a mandatory prerequisite and must be available before starting the configuration.Preparation StepsFirst, we need to create a user group. Accordingly, we have created the XX_BASIS_JAVA_ADMINS group.Currently, the NetWeaver Administrator (NWA) URL is accessible via port 50001.Now add Role to this Group XX_BASIS_JAVA_ADMINSAdministrator  , NWA_SUPERADMIN , SAP_SLD_ADMINISTRATORNow go to Configuration–> LDAP Server and fill information about LDAP Server with Service User name and password.Server Name—–>Here you need to provide server hostname.Server Port——–>636User——————>SAPD1AUMEPassword——->••••••••User Path——->OU=Users,DC=,DC=com        <—This information you will get from your LDAP team.Group Path——–> OU=Users,DC=,DC=com   <—This information you will get from your LDAP team.Now Validate Configuration.Now take restart of JAVA Server for change effect.We have here 2 nodes. Server 1 and server 0We are here restarting node wise with p r 2 and p r 3 commandAfter JAVA server restarted again go to User Managemt and check your check your IDOpen User Management–> Configuration–>Open Expert ModeCheck this Parameter ume.logon.allow_cert it should be trueNow go to NWA Configuration and Certificate and KeysNow Select ICM_SSL_52325_8443. You should have root certificate. We need to import here root certificateNow import root certificate here.We can see here root certificate added.Now Click on Authentication and Single Sign-On:Select ticket and AddAdd below entry. Now saveNow check 8443 port is enabled or not.Configuration—SSL Its enabled.Now, when you open any Java-based URL such as NWA or User Management on port 8443, it will automatically log in using the user ID mapped to the corresponding LDAP group. No password is required for login.As shown below, the NWA port has been changed from 50001 to 8443.  ConclusionJava LDAP communication over port 8443 confirms secure LDAPS usage with encrypted authentication, aligning with security compliance requirements.   Read More Technology Blog Posts by Members articles 

#SAP

#SAPTechnologyblog

Avatar for

You May Also Like

More From Author