on 10-01-2014 8:01 PM
Hello
I've been trying to configure LDAP as the User Data source for the Access Request functionality within Access Control.
I used the LDAP Configuration guide provided by SAP in the note. Unfortunately I haven't been able to get a successfull result in the Sync Job and in the Access Request Form.
I have been able to get results in the LDAP tcode when I do Find, but I can't get any in the Business Client.
I'm adding screenshots of all the configuration I've done so you can get the idea of what I've done.
I left the mapping provided by default in the LDAP tcode, didn't do any changes to it.
Here's the connectors config. Two things here. 1- the USER ID is provided by our LDAP team (not sure if I have to change it to match in LDAP tcode) 2- the group field mapping and parameters is maintained for scenarios 3 and 4, I just included the screenshots for 3.
Config:
Lastly here's the sync job result. I get a User Adapter Empty when checking SLG1.
Regards
Maria Alejandra Piedra
SAP Basis/Security
Hello everyone out there,
My issue got resolved doing two things. SAP gave me the following instructions:
Regards
Maria Alejandra Piedra
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Abass
Yes, that's right we have no attributes in that section.
One thing you can do is if your LDAP search works in the LDAP tcode, then you can go to the Access Request screen, type in a user you know it's in LDAP and then go to the User Details tab and hit enter, the details of the user should show up. The note just brings in the details automatically.
Regards
Maria
Thanks Maria,
I tried that and it looks like it is retrieving user data from another source which is the GRACUSER table. It appears to match exactly what is on the Access Request "select" user interface and not what is through the LDAP transaction code. I have a few questions. Are you currently using a CUA to ECC and LDAP as your main connection source for user data? Also, which Path ID are you using? Is it A002 or B012?
Abass
We don't use CUA so I don't have that configured. Have you checked in the User Search Data Source if you have SU01 as the User Data Type? Did you use the LDAP connector in Target Connector?
Also, did you configure the parameter for realtime queries to LDAP in the Configuration screen?
I'm not sure what Path ID you're mentioning, what screen would it be?
Cheers!
Maria
Thanks for your reply Maria. So My Target Connector, Connection Type, Source Connector and Logical Port all are configured to LDAP. The User Search Data Source does have SU01 as the Data User Type. I am using the LDAP Connector in Target Connector. Also, I did configure the parameter for real time queries to LDAP in the Configuration screen. Pretty much my configuration matches yours with the exception of not implementing note 2025895. The Path ID I was referring to is from the Maintain Connector Setting screen. I probably need to send a message to SAP. Thank you again for your help. I definitely appreciate it.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Maria,
check authorization for account on LDAP side - maybe your LDAP user does not have sufficient authorization to read data.
Did you maintain entries for authorization link scenario for LDAP rfc?
Also I would double check the base entry in LDAP configuration'
Thanks,
Filip
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.