Skip to Content

LDAP configuration to SAP GRC AC

May 31, 2017 at 09:20 PM


avatar image
Former Member


Please refer to screenshotscapture1.jpgcapture2.jpg

Please help with attribute user path meaning and also the value provided.

What is OU,DC & DC. Why we have to provide these values?

Are these values same every where? Please help.

Best Regards


capture1.jpg (27.1 kB)
capture2.jpg (13.7 kB)
10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

1 Answer

Beyers Henning Feb 14 at 09:38 AM

Hi Vamsi

The computer that you are using has to be on the desired domain.

You can user the following CMD commands to get the LDAP Server details.

Just update the domain name highlighted in red to the companies fully qualified domain name.

In windows click on start run CMD.

Then enter nslookup -type=all

The result is a list of LDAP server.

Understanding the Base Entry

Base entry is a filter for your organization unit groups or OU Groups.

In Active Directory OU groups are created to assign users to.

Note that you’re a user’s OU group can be assigned to another OU group.

Which will create a Parent / Child node relationship.

The users OU Group will be the Child Node where the group it is assigned to will be the Parent Group.

Note that this is important because righting the Base Entry you will require to know the OU path containing the Parent OU and its Child OU groups.

Below is an example of a Base Entry value.

Base entry value = OU=Users, OU=Support, OU=IT, DC=DOMAINNAME, DC=NET

The first OU is the Object Type e.g. Users

Base entry value =OU=Users, OU=Marketing, OU=Corporate, DC=DOMAINNAME, DC=NET

The rest of the OU = Organization folder structure encapsulated folder first OU Node Marketing, second OU Node Corporate.

Base entry value =OU=Users, OU=Marketing, OU=Corporate, DC=DOMAINNAME, DC=NET

DC=DOMAINNAME, DC=NET FQDN (FQDN dots are separated by “, DC=” )

Note that the Base entry works in reverse with the most nested Node which is the last child Node will be entered first, then in sequential order to the parent node then lastly the FQDN Node.

Hope this helps.

10 |10000 characters needed characters left characters exceeded