Starting with JDE EnterpriseOne Tools 9.2, Administrators have the option to enable the Long User ID feature. Enabling Long User ID feature allow all EnterpriseOne systems that require credentials to accept long user IDs. EnterpriseOne configurations with LDAP systems for managing users will accept Long User Id.
- This feature enable users to sign in to EnterpriseOne with a user ID that has a minimum of six characters and a maximum of 254 characters.
- This feature provides flexibility to support longer formats such as an email address format.
- Enabled through User Profile Revisions Long (P0092L) application
Please note that Once enabled, the Long User ID feature can Not be disabled.
For tools release 9.2:
- If you want to use only short user id, then E1USRIDATR and USRSRCHATR attributes should be mapped to the same LDAP attributes.
- If you want to use Long User Id , then E1USRIDATR and USRSRCHATR attributes should be mapped to different LDAP attributes for Long User Id Support:
- The E1USRIDATR points to LDAP attribute holding the short user ID. This LDAP attribute should NOT be more than 10 characters. E1USRIDATR =<Short user id attribute – Max 10>
- The USRSRCHATR points to an LDAP attribute holding the long user ID. This LDAP attribute should be capable of holding up to 254 characters. USRSRCHATR=<Long user id attribute – Max 254>
Basically you need to find a valid attribute in LDAP which would hold the short user id limited to 10 characters for the user and this attribute needs to be mapped to LDAP mapping E1USRIDATR in P95928. If in case you map E1USRIDATR in P95928 to a attribute in LDAP which holds a value greater then 10 characters, you will find that when short user id is created in E1 for this user, the value is truncated to 10 characters and you will not be to run any applications from E1 because E1 will try to find that truncated short user id in LDAP and it will not find it.
- Enterprise server attributes are user defined codes (UDC) that are available in the Attribute Mappings for LDAP table (AM). These Enterprise Server Attribute Name values and the Description field values were retrieved from the UDC table and are the values you want to map to your LDAP sever. The mappings of the LDAP configuration depend on the LDAP values and configuration.
- E1USRIDATR (EnterpriseOne User ID Attribute) specifies the user ID attribute in LDAP that is used for J.D.Edwards EnterpriseOne users. The system uses this attribute when creating users in E1 during J.D.Edwards EnterpriseOne sign-in, for example E1USRIDATR=employeeID.
- USRSRCHATR (User ID Search Attribute) specifies the search criteria for the sign-on user ID. This is the value that maps the sign-on user ID in LDAP to the sign-in user ID in J.D.Edwards EnterpriseOne, for example USRSRCHATR=sAMAccountName.
User Search in LDAP
There is still a dependency of 10 Characters username at setup level when enabling LDAP with Long User Id in Tools Release 9.2. System design is such that any supplied user-id will first be searched in LDAP as Long user id followed by as a short user id, and if the first search fails it doesn’t mean login process will fail . You might see that query being logged in debug logs, but all your E1 operation (login + running applications) will work fine.
- This is how search is performed:
- First, search the given user-id as long-user-id.
- Second , search the given user-id as short-user-id.
- Both the above criteria needs to be satisfied in order for LDAP login to work. With long user-id support turned on, the LDAP must have valid values for both USRSRCHATR and E1USERATR. It is must.
- E1USRIDATR =<short user id attribute> Should not be more than 10 characters (ex: employeeID)
- USRSRCHATR=<long user id attribute> Will support up to 254 characters (ex: sAMAccountName)
Reference document in My Oracle Support:
E1: LDAP: LDAP Configuration with Long User ID in Tools Release 9.2 (Doc ID 2092414.1)