Skip to Content
author's profile photo Former Member
Former Member

GRC 10 LDAP query issue at the root node

Hello,

We are unable to do a search based on root node after successful LDAP integration but if we add a particular OU within the base entry then we are able to search the users for that specific OU. Specifying a specific OU is not the right solution as we have different OU for North America, Europe,

Latin America etc. regions. We need to specify the root node so that it will search for all the users in different region. We are getting the below operation failed error when we don't specify OU in the base entry.

Operation failed

Message no. LDAPRC001

Diagnosis

This is an error message that is triggered by the directory server.

It is not possible to analyze the error in the SAP system.

Procedure

Check the log files for the directory server (if they exist), to see if they
contain more information.

Please let us know if you guys have faced this situation and what was the resolution.

Thanks,

Gautam.

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

7 Answers

  • Best Answer
    author's profile photo Former Member
    Former Member
    Posted on Jan 03, 2014 at 01:39 PM

    Hi Gautam,

    I am in the same situation as you , did you find any solution for the issue ? Please share .

    Regards,

    Prasad

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Jun 18, 2013 at 03:48 PM

    Gautam,

    We got that error message at one point. I think we had several things wrong in our configuration; we have an LDAP forest of 3 LDAPs plus another LDAP that is not part of the forest. It took us a bit of trial and error, but we finally have all 4 of them retrieving user details.

    Be sure you have the host name right, the port right, and that all the connector groups are listed under:

    SPRO > GRC >Access Control >Maintain Mappings for Actions and Connector Groups

    Gretchen

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Aug 06, 2013 at 03:22 AM

    Hi Gautam,

    As mentioned in the SAP Note 511141, the error you're facing means:

    LDAPRC 001 (Operation is aborted):

    "This message indicates that the directory could not process the request

    for internal reasons, but cannot send a more detailed error message.

    This error message does not mean that the SAP System sent incorrect

    data."

    In other words, the LDAPRC001 means that the error message was provided

    by the directory side, but not an specific error message that could be

    interpreted by the SAP. In this case you have to look at

    your directory services.

    Then, in order to find more information, you should contact the vendor

    of your directory server as they can better assist.

    Additionally,please review note 934177 which contains some useful information relating to your issue.

    Best Regards,

    Nandita

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Feb 19, 2016 at 02:46 PM

    This message was moderated.


    scn.jpg (70.8 kB)
    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Apr 06, 2016 at 12:47 PM

    Hello !

    Facing the same issue here. Not able provision AD groups to user through GRC 10.1 SP 11 .

    So did it finally worked for you guys?

    Can you please let me know the steps under taken..

    I did used port - 368, but still showing me as -

    LDAP server cannot execute operation

    Message No. LDAPRC053

    Thanks !

    Akshat

    Add a comment
    10|10000 characters needed characters exceeded

    • Former Member

      Hi Akshat,

      Please see my detailed response to Vinod Kumar on 08/10/2015. In a nutshell we were able to use port 3268 to get data populated in ARQ from AD. Since 3268 is a global read port we were not able to do the AD group provisioning. The only scenario were we able to do AD group provisioning was using port 389 but ID and group has to exist in the same OU which is not the case for our AD architecture. The issue for us was tied to referral in AD which has a global impact for us. So instead of doing provisioning to AD from GRC what we end up doing was provisioning AD group from GRC to Portal.

      I hope this helps.

      Thanks,

      Gautam.

  • author's profile photo Former Member
    Former Member
    Posted on Apr 07, 2016 at 08:06 AM

    This message was moderated.

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Apr 21, 2016 at 09:35 AM

    Hi All,

    We are facing the same issue.

    Any possible work around except using UME?

    Regards,

    Patrick

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.