on 03-13-2012 6:54 AM
Dear All,
We are using SAP ecc 6.0 on linux with oracle database. We have corporate Microsoft Active directory in our landscape where all Os users and mail users are present, we need to intergrate Ms ldap with our SAP whcih is running on linux, kindly guide me how to move forward to configure this.
Thanks,
Anil Bhandary
Anil and Sharib and anyone on this thread:
Where you able to get the solution to work without purchasing SAP SSO 2.0?
We have same issue with SAP ECC running on RH Linux (Oracle RAC application server configuration and Oracle DB) and we have SAP GUI and NWBC running on Citrix. We need SSO otherwise our users will not let us run SAP at this site.
Thanks, Jeff
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Anil,
Sorry for not creating new thread for discussion and adding my questions to this thread.
We have similar requirement as yours and dont wanted to go for third party solution. Can you please let us know on how did you work out on this as most of the documents available are windows to windows solution.
Thanks,
Sharib
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
These notes should be helpful.
Note 352295 - Microsoft Windows Single Sign-On options
1205637 - How to map Active Directory accounts in a Windows and UNIX/Linux environment
1537480 - Best Practice: How To setup Active Directory Single Sign On when BOE CMS is on Unix or Linux
This solution works well. I implemented in a complex environment that encompassed 4 AD forests connecting to one central SAP environment. It took some work but the users loved that they didn't have to remember so many passwords. Great value added for the environment.
Good luck.
-Jake
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Anil,
You simply need configure the Directory Service Connection via transaction LDAP, all the info you need is on help.sap.com.
Regards, Juan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hey Jaun,
Thanks for the reply, i am bit confused with the client requirment, i will bit explain you the client requirement.
client Has Microsoft Active directory in there landscape where all users are present, they want to sync all user with SAP system. After configuration of SSO, user will login to there desktop which is Microsoft AD domain, after login to desktop when user double on system which is present in GUI, it should not as for username and password where as user should get the SAP screen directly, as that user was on Domain and domain user was sync with SAP.
Can this is possible, If yes, can you bit explian me, which technology we can use to achive this.
Thanks,
Anil Bhandary
Hi Anil & Juan,
I have also got similar requirement from one of my client. I have following observation and still not able to find the correct way to this configuration:
1) As per documents, it says single sign-on between ECC ABAP and LDAP is possible with SAP Single Sign-on product. Does that means if client does not have this product then we cannot configure single sing-on between ECC ABAP and LDAP ?
2) Sync of LDAP users with ECC ABAP is possible and same we can do that with LDAP transaction.
Link for Connection: http://help.sap.com/saphelp_nw70/helpdata/en/10/1a063a15c611d4b61f0000e835363f/content.htm
Question: As per some document, you can sync ECC ABAP user to LDAP. But there is nothing mentioned how can I sync LDAP users to ECC ABAP.
Link- http://help.sap.com/saphelp_ep50sp2/helpdata/en/d7/d99d24ae7411d5993700508b6b8b11/content.htm
Some useful SAP notes-
Note 188371 - Configuring the LDAP Connector
Note 793191 - FAQ: User master synchronization with LDAP directories
Note 386762 - Active Directory LDAP Integration and R3SETUP
Note 138498 - Single Sign-On Solutions
Note 603208 - Passwords during the LDAP user master synchronization
Thanks
Sunny
Hi sunny,
When i read the document of SAP netweaver single sign on, i found it is suffying my clients requirement. But the problme is this is paid software of SAP, where as need to procure license from SAP for this tool. As LDAP is an alternative for my requirement, i still confused will it suffy my clinets requirement as i mentioned earlier.
Thanks,
Anil Bhandary
Hi Sunny / Anil,
We achieve this using the thirdparty software Cybersafe Trustbroker SNC SSO.
Connectivity is ABAP / JAVA <-> kerberos [linux] <-> Cybersafe [linux] <-> LDAP Server
The configuration is also fairly simple.
User logs-in to his PC / laptop and double clicks on System entry in SAPlogon pad and he will be directly taken to the SAPGUI without password.
Br,
Venky
Hi Anil,
After reading a lot of notes and guides, I found that it is possible to do Single sign-on between ECC ABAP and LDAP without using any third party tool. You can achieve this using SAP kerberos. I got few links, please check below:
http://www.common-d.de/pdf09/sap-180609/SapSsoAbapOnI5_consolut.pdf
http://www.redbooks.ibm.com/redpapers/pdfs/redp4189.pdf
Thanks
Sunny
Hi Sunny,
thanks for the links, but it looks like IBM has removed
do you have any document for this scenario..... iam trying to configure SSO in AIX 6.1 environment and we have only ABAP systems in ours landscape.
BR,
Shyam
User | Count |
---|---|
93 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.