Hello Team,
In this blog, I will describe how to configure JAVA LDAP using port 8443.
Overview of Java LDAP Using Port 8443 in SAP.
In SAP environments, LDAP (Lightweight Directory Access Protocol) is commonly used for user authentication, authorization, and directory services. When SAP Java systems communicate securely with an LDAP directory, SSL/TLS is typically involved. In some SAP landscapes, this secure communication is configured to run over port 8443.
What Is LDAP in SAP Java?
In SAP NetWeaver AS Java, LDAP integration allows SAP to:
Authenticate users against a central directory (Active Directory / LDAP server)
Synchronize users and groups
Enable Single Sign-On (SSO)
Centralize user management instead of maintaining users locally in SAP
SAP Java uses its User Management Engine (UME) to connect to LDAP servers.
By default, the NetWeaver Administrator (NWA) page is accessed using the URL:
http://<hostname>:<port>/nwa
My NetWeaver Version is 7.5 and Java instance number 00, the default NWA HTTP port is 50001.
In my case, the instance number is 00, so I will change the NWA port from 50001 to 8443. After this change, the NWA page will be accessible using port 8443.
Team Requirements
- The Network Team will open port 8443.
- AD Team will create One service account. In our case, we are using the SAPD1AUME service account.
- The Basis Team will perform the LDAP configuration.
- A Root CA certificate is required. This is a mandatory prerequisite and must be available before starting the configuration.
Preparation Steps
- First, we need to create a user group. Accordingly, we have created the XX_BASIS_JAVA_ADMINS group.
- Currently, the NetWeaver Administrator (NWA) URL is accessible via port 50001.
Now add Role to this Group XX_BASIS_JAVA_ADMINS
Administrator , NWA_SUPERADMIN , SAP_SLD_ADMINISTRATOR
Now go to Configuration–> LDAP Server and fill information about LDAP Server with Service User name and password.
Server Name—–>Here you need to provide server hostname.
Server Port——–>636
User——————>SAPD1AUME
Password——->••••••••
User Path——->OU=Users,DC=,DC=com <—This information you will get from your LDAP team.
Group Path——–> OU=Users,DC=,DC=com <—This information you will get from your LDAP team.
Now Validate Configuration.
Now take restart of JAVA Server for change effect.
We have here 2 nodes. Server 1 and server 0
We are here restarting node wise with p r 2 and p r 3 command
After JAVA server restarted again go to User Managemt and check your check your ID
Open User Management–> Configuration–>Open Expert Mode
Check this Parameter ume.logon.allow_cert it should be true
Now go to NWA Configuration and Certificate and Keys
Now Select ICM_SSL_52325_8443. You should have root certificate. We need to import here root certificate
Now import root certificate here.
We can see here root certificate added.
Now Click on Authentication and Single Sign-On:
Select ticket and Add
Add below entry.
Now save
Now check 8443 port is enabled or not.
Configuration—SSL
Its enabled.
Now, when you open any Java-based URL such as NWA or User Management on port 8443, it will automatically log in using the user ID mapped to the corresponding LDAP group. No password is required for login.
As shown below, the NWA port has been changed from 50001 to 8443.
Conclusion
Java LDAP communication over port 8443 confirms secure LDAPS usage with encrypted authentication, aligning with security compliance requirements.
#abap