Artem,

I only need to read the users from LDAP. Yes, LDAP is being used aas a user search.

When I am trying to log onto End User Logon portal using AD User id and password, it was absolutely working fine. However, when trying to sync details from the AD, this is causing problem.

Not sure why and what is causing this issue.

Regards

Dear Zoltan,

I am referring to "GRAC_REPOSITORY_OBJECT_SYNC" . In LDAP, I am not getting any issue. Its while syncing objects repository.

Regards

I changed port in LDAP tcode from 389 to 3268. Job did not fail, however no users were synced.

I also tried with port#3269 in LDAP tcode.

I noticed that, from within LDAP tcode configuration, I could search user using 'Find' button for all the above ports.

However, while running repository sync I got different results!

Can anybody help me understand this behavior of the system?

Regards

Hi Faisal,

I think you have some problems in you LDAPMAP tcode. Which fields have you pointed for mapping?

Also give us a screenshot of your GRACUSER with opted your ldap connector.

Regards,

Artem

Artem,

Please find attached screen for mappings. I accepted default proposal.

I noticed that user sync is getting completed successfully, but total count is showing as 0 (zero). This means not user is synced but job is getting completed successfully.

May you share your view on this?

I have seen such behavior for the first time.

Regards

Faisal,

Have you tried to run full synchronization? Because incremental synch selects users for a certain period, so if they were not modified they will not get into you selection.

My settings differ from the standard because we keep userid of SAP in the pager field of AD, so I changed mapping for this field and synchronize USERNAME with pager, but not with sapUsername (as you have). Do you have such field in you AD? As I understand you use this field as a filter (ticked on the first tick-field) for you selection. Try to change it for example on sAMAccountName, but you can get miss match with the lenght between sap filed and AD field.

Regards,

Artem

Artem,

Actually truly speaking, I am not well versed with this screen itself. I have simply accepted the proposal. will you please help me deal with this?

I am not sure what do we do here.

Regards,

I will try since I recently had similar questions and still have an opened message for group assignment at SAP side.

As I understood on LDAP map we select which field will be imported/exported from/to SAP/AD. When we decided which fields will be equal to each other (in my example it's pager AD field to userid in SAP) we make settings for "Maintain Mapping for Actions and Connector Groups" (in SPRO), where we put for LDAP 0004    Provisioning, USERID=PAGER.

So, after synchronization my pager goes to userid in table GRACUSER and I have this view:

During request creation USER_ID field goes to User ID field of the ARQ form.

Regards,

Artem

Artem,

Thanks for your reply.

I think I did not get your question in your earlier post.

I had referred to the "mapping" of LDAP tcode and the same screen I had shared with you.

If you asked me about "mapping" in "Maintain Mapping for Actions and Connector Groups" (in SPRO), I have very simple mapping, find them below:

This does not seem to be the problem to me. Because earlier I had done the same mapping and it worked. In my scenarios, SAP ID=SAMACCOUNTNAME (AD Field) and this is ok.

The problem is, this job is getting completed successfully but no records are fetched. This I dont understand.

There could be one possibility, that BASE entry where I am trying to pull users from might not have users. But when I try to pull the users from LDAP tcode, this is pulling and it gives me the error:

"Maximum number of find results exceeded"

Above message signifies that LDAP tcode is finding users in the base entry. But while syncing, why it is not pulling users from this base entry, I am not sure.

We maintain base entry in LDAP itself and the same is used by the job while syncing.

Please share your view.

Regards,

Faisal

Hi Faisal,

I've also faced with the error "Maximum number of find results exceeded"

Try to limit query for ldap (LDAP tcode)

To resolve the issue I limited Page size. Try to it and give me your feedback please.

Regards,

Artem

Artem,

PFA...

Still I am getting the same error. Do you think should I increase it more?

Regards,

Faisal,

As I can see you have activated maximum trace level for LDAP, so you can see what's inside the log in accordance with the note 1823253. Besides the recommendation to limit page size to 200, it also contains other checks. Please share your results after following the note recommendations.

Bear in mind that setting trace file for LDAP to maximum may overflow you file system and the file also will not be available for reading, I faced with this issue during my customization of LDAP.

Regards,

Artem

Artem,

I have reduced it to 200 now. I will follow the note and share the results.

Regards

Artem,

I made some changes in base entry of LDAP configuration. While searching the users from within LDAP code, I changed the filter to:

(&(objectclass=user)(cn=ra*))

This gave me result of users starting with 'RA'. This seems to be working fine now.

Also, after making changes in the base entry of LDAP tcode, I can search the users while raising the access request.

However, while syncing users, still I did not get any success.

I would close this thread as I can search users from LDAP and while raising request.

However, I have some other points to be discussed and will open another thread.

Thanks for your help.

Regards,

Hi Faisal,

It's a pleasure to see that something started to work. I will try to watch for your others threads because it's very interesting for me to know all possible issues with LDAP.

Hope you'll get working functionality!

Regards,

Artem