cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Ldap configuration between SAP running on Linux and MS Active directory

former_member227283
Active Contributor

on ‎03-13-2012 6:54 AM

0 Kudos

Dear All,

We are using SAP ecc 6.0 on linux with oracle database. We have corporate Microsoft Active directory in our landscape where all Os users and mail users are present, we need to intergrate Ms ldap with our SAP whcih is running on linux, kindly guide me how to move forward to configure this.

Thanks,

Anil Bhandary

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (4)

Answers (4)

jeffhanan
Explorer
‎11-18-2014 8:39 PM
0 Kudos

Anil and Sharib and anyone on this thread:


Where you able to get the solution to work without purchasing SAP SSO 2.0?


We have same issue with SAP ECC running on RH Linux (Oracle RAC application server configuration and Oracle DB) and we have SAP GUI and NWBC running on Citrix.  We need SSO otherwise our users will not let us run SAP at this site. 

Thanks, Jeff

Show replies
Show replies
tim_alsop
Active Contributor
‎11-18-2014 8:50 PM
0 Kudos

This message was moderated.

tim_alsop
Active Contributor
‎11-18-2014 10:06 PM
0 Kudos

Jeff,

Why can't you implement SSO ? This is actually easy to setup, so I am not sure why you are having difficulty. Can you summarise the issue ?

Thanks

Tim

former_member184628
Participant
‎04-18-2013 4:49 PM
0 Kudos

Hi Anil,

Sorry for not creating new thread for discussion and adding my questions to this thread.

We have similar requirement as yours and dont wanted to go for third party solution. Can you please let us know on how did you work out on this as most of the documents available are windows to windows solution.

Thanks,

Sharib

Show replies
Show replies
Former Member
‎08-15-2012 8:25 AM
0 Kudos

These notes should be helpful.

Note 352295 - Microsoft Windows Single Sign-On options

1205637 - How to map Active Directory accounts in a Windows and UNIX/Linux environment

1537480 - Best Practice: How To setup Active Directory Single Sign On when BOE CMS is on Unix or Linux

This solution works well. I implemented in a complex environment that encompassed 4 AD forests connecting to one central SAP environment. It took some work but the users loved that they didn't have to remember so many passwords. Great value added for the environment.

Good luck.

-Jake

Show replies
Show replies
JPReyes
Active Contributor
‎03-13-2012 10:20 AM
0 Kudos

Hi Anil,

You simply need configure the Directory Service Connection via transaction LDAP, all the info you need is on help.sap.com.

Regards, Juan

Show replies
Show replies
former_member227283
Active Contributor
‎03-19-2012 5:02 AM
0 Kudos

Hey Jaun,

Thanks for the reply, i am bit confused with the client requirment, i will bit explain you the client requirement.

client Has Microsoft Active directory in there landscape where all users are present, they want to sync all user with SAP system. After configuration of SSO, user will login to there desktop which is Microsoft AD domain, after login to desktop when user double on system which is present in GUI, it should not as for username and password where as  user should get the SAP screen directly, as that user was on Domain and domain user was sync with SAP.

Can this is possible, If yes, can you bit explian me, which technology we can use to achive this.

Thanks,

Anil Bhandary

sunny_pahuja2
Active Contributor
‎03-19-2012 5:22 AM
0 Kudos

Hi Anil & Juan,

I have also got similar requirement from one of my client. I have following observation and still not able to find the correct way to this configuration:

1) As per documents, it says single sign-on between ECC ABAP and LDAP is possible with SAP Single Sign-on product. Does that means if client does not have this product then we cannot configure single sing-on between ECC ABAP and LDAP ?

2) Sync of LDAP users with ECC ABAP is possible and same we can do that with LDAP transaction.

Link for Connection: http://help.sap.com/saphelp_nw70/helpdata/en/10/1a063a15c611d4b61f0000e835363f/content.htm

Question: As per some document, you can sync ECC ABAP user to LDAP.  But there is nothing mentioned how can I sync LDAP users to ECC ABAP.

Link- http://help.sap.com/saphelp_ep50sp2/helpdata/en/d7/d99d24ae7411d5993700508b6b8b11/content.htm

Some useful SAP notes-

Note 188371 - Configuring the LDAP Connector

Note 793191 - FAQ: User master synchronization with LDAP directories

Note 386762 - Active Directory LDAP Integration and R3SETUP

Note 138498 - Single Sign-On Solutions

Note 603208 - Passwords during the LDAP user master synchronization

Thanks

Sunny

former_member227283
Active Contributor
‎03-19-2012 5:46 AM
0 Kudos

Hi sunny,

When i read the document of SAP netweaver single sign on, i found it is suffying my clients requirement. But the problme is this is paid software of SAP, where as need to procure license from SAP for this tool. As LDAP is an alternative for my requirement, i still confused will it suffy my clinets requirement as i mentioned earlier.

Thanks,

Anil Bhandary

sunny_pahuja2
Active Contributor
‎03-19-2012 5:52 AM
0 Kudos

Hi,

You are right. But I have also the same confusion. And did not find any document for the same.

Thanks

Sunny

Former Member
‎03-19-2012 5:56 AM
0 Kudos

Hi Sunny / Anil,

We achieve this using the thirdparty software Cybersafe Trustbroker SNC SSO.

Connectivity is ABAP / JAVA <-> kerberos [linux] <-> Cybersafe [linux] <-> LDAP Server

The configuration is also fairly simple.

User logs-in to his PC / laptop and double clicks on System entry in SAPlogon pad and he will be directly taken to the SAPGUI without password.

Br,

Venky

sunny_pahuja2
Active Contributor
‎03-19-2012 5:59 AM
0 Kudos

Hi,

But Is this configuration possible without using any third party tool or any other SAP product ?

If not then my other question is- Is it possible to Sync LDAP users to ECC system as document says about sync of ECC ABAP users to LDAP ?

Thanks

Sunny

sunny_pahuja2
Active Contributor
‎03-19-2012 5:59 AM
0 Kudos

Hi,

But Is this configuration possible without using any third party tool or any other SAP product ?

If not then my other question is- Is it possible to Sync LDAP users to ECC system as document says about sync of ECC ABAP users to LDAP ?

Thanks

Sunny

former_member227283
Active Contributor
‎03-19-2012 6:12 AM
0 Kudos

Hi Venkat,

As sunny said, we are also looking to achive this by using LDAP tech only. Can this possible without any third party tool.

Thanks,

Anil Bhandary

sunny_pahuja2
Active Contributor
‎03-23-2012 5:11 PM
0 Kudos

Hi Anil,

After reading a lot of notes and guides, I found that it is possible to do Single sign-on between ECC ABAP and LDAP without using any third party tool. You can achieve this using SAP kerberos. I got few links, please check below:

http://www.common-d.de/pdf09/sap-180609/SapSsoAbapOnI5_consolut.pdf

http://www-03.ibm.com/support/techdocs/atsmastr.nsf/5cb5ed706d254a8186256c71006d2e0a/b60ca850bdcd307...

http://www.redbooks.ibm.com/redpapers/pdfs/redp4189.pdf

Thanks

Sunny

Former Member
‎08-14-2012 11:05 PM
0 Kudos

Hi Sunny,

thanks for the links, but it looks like IBM has removed

http://www-03.ibm.com/support/techdocs/atsmastr.nsf/5cb5ed706d254a8186256c71006d2e0a/b60ca850bdcd307...

do you have any document for this scenario..... iam trying to configure SSO in AIX 6.1 environment and we have only ABAP systems in ours landscape.

BR,

Shyam

Former Member
‎08-14-2012 11:23 PM
0 Kudos

Also if you could help me with what lib file for kerberos that i need to maintain in snc/gssapi_lib

I tried it with sapcrypto lib (I know wrong option), just wanted to give a shot.

-Shyam

tim_alsop
Active Contributor
‎08-15-2012 8:00 AM
0 Kudos

This message was moderated.

Ask a Question