Skip to Content
author's profile photo Former Member
0
Former Member
Aug 24, 2006 at 09:38 PM

SAP - LDAP synchronization doubt

161 Views

I have setup SAP - LDAP synchronization on WebAS 6.20 with Active Directory on W2k3. The mappings are default what SAP suggested me along with its standard schema extensions. When I run the RSLDAPSYNC_USERS, I m faced with 2 problems here,

1) I have selected When users exists both in AD and DB it should compare the timestamp and update the values accordingly. If user doesn't exist in Active Directory then Create it .

For this I created a user JLIN ( Jason Lin )in both active directory (created manually from AD - MMC ) and SAP using SU01.

On sync it throws error :

-

Type

Message text

-

Connection created to server MSAD

Number of Objects in Directory 0

Number of Objects in Database 1

Objects that Exist Both in the Directory and in the Database: 0

Successfully Bidirectionally Updated: 0

Updated Successfully in Database: 0

Successfully Updated in Directory: 0

Cannot Update: 0

No Synchronization Necessary: 0

Objects that Only Exist in the Directory: 0

Ignored: 0

Objects that Only Exist in the Database: 1

<b>| |Entry already exists |

LDAP_CREATE failed

Error while writing object JLIN to the directory </b>

Successfully Created in Directory: 0

Cannot Create in Directory: 1

Total Time Required: 00:00:00

Connection to server MSAD terminated

-

This means that it is not able to recognize the user JLin in Active Directory as the same user as JLin in SAP. Any idea what could I be doing wrong ? When the user is created in by SAP into AD ( i.e. if jlin did not exists ) the sync etc happens perfectly well . Any pointers on this ?

2 ) On the other hand, we have 2 sets of users to be synchronized, one in active directory and the other in SAP. Since these systems are governed by different sets of userid policies the userid for a user in Active directory may not be same as that of SAP. So we need to map these userids for synchronization. is there a way to specify in SAP / Active directory which Active Directory / SAP user they map to ?

What we want to achieve is When a user is deleted / disabled from active directory he should be deleted / disable in SAP too.

Message was edited by: Harsh Busa