- SAP Community
- Groups
- Interest Groups
- Application Development
- Discussions
- SAP - LDAP synchronization doubt
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
SAP - LDAP synchronization doubt
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-24-2006 10:38 PM
I have setup SAP - LDAP synchronization on WebAS 6.20 with Active Directory on W2k3. The mappings are default what SAP suggested me along with its standard schema extensions. When I run the RSLDAPSYNC_USERS, I m faced with 2 problems here,
1) I have selected When users exists both in AD and DB it should compare the timestamp and update the values accordingly. If user doesn't exist in Active Directory then Create it .
For this I created a user JLIN ( Jason Lin )in both active directory (created manually from AD - MMC ) and SAP using SU01.
On sync it throws error :
-
Type | Message text |
-
Connection created to server MSAD | |
Number of Objects in Directory 0 | |
Number of Objects in Database 1 | |
Objects that Exist Both in the Directory and in the Database: 0 | |
Successfully Bidirectionally Updated: 0 | |
Updated Successfully in Database: 0 | |
Successfully Updated in Directory: 0 | |
Cannot Update: 0 | |
No Synchronization Necessary: 0 | |
Objects that Only Exist in the Directory: 0 | |
Ignored: 0 | |
Objects that Only Exist in the Database: 1 |
<b>| |Entry already exists |
LDAP_CREATE failed | |
Error while writing object JLIN to the directory </b> | |
Successfully Created in Directory: 0 | |
Cannot Create in Directory: 1 | |
Total Time Required: 00:00:00 | |
Connection to server MSAD terminated |
-
This means that it is not able to recognize the user JLin in Active Directory as the same user as JLin in SAP. Any idea what could I be doing wrong ? When the user is created in by SAP into AD ( i.e. if jlin did not exists ) the sync etc happens perfectly well . Any pointers on this ?
2 ) On the other hand, we have 2 sets of users to be synchronized, one in active directory and the other in SAP. Since these systems are governed by different sets of userid policies the userid for a user in Active directory may not be same as that of SAP. So we need to map these userids for synchronization. is there a way to specify in SAP / Active directory which Active Directory / SAP user they map to ?
What we want to achieve is When a user is deleted / disabled from active directory he should be deleted / disable in SAP too.
Message was edited by: Harsh Busa
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-24-2006 11:56 PM
Figured out that SAP uses sapUsername attribute in Active directory user object
Harsh
- SAP Managed Tags:
- Security
