Skip to Content
avatar image
Former Member

LDAP configuration to SAP GRC AC

Team,

Please refer to screenshotscapture1.jpgcapture2.jpg

Please help with attribute user path meaning and also the value provided.

What is OU,DC & DC. Why we have to provide these values?

Are these values same every where? Please help.

Best Regards

Vamsi

capture1.jpg (27.1 kB)
capture2.jpg (13.7 kB)
Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • Feb 14 at 09:38 AM

    Hi Vamsi

    The computer that you are using has to be on the desired domain.

    You can user the following CMD commands to get the LDAP Server details.

    Just update the domain name highlighted in red to the companies fully qualified domain name.

    In windows click on start run CMD.

    Then enter nslookup -type=all _ldap._tcp.dc._msdcs.domainname.net

    The result is a list of LDAP server.

    Understanding the Base Entry

    Base entry is a filter for your organization unit groups or OU Groups.

    In Active Directory OU groups are created to assign users to.

    Note that you’re a user’s OU group can be assigned to another OU group.

    Which will create a Parent / Child node relationship.

    The users OU Group will be the Child Node where the group it is assigned to will be the Parent Group.

    Note that this is important because righting the Base Entry you will require to know the OU path containing the Parent OU and its Child OU groups.

    Below is an example of a Base Entry value.

    Base entry value = OU=Users, OU=Support, OU=IT, DC=DOMAINNAME, DC=NET

    The first OU is the Object Type e.g. Users

    Base entry value =OU=Users, OU=Marketing, OU=Corporate, DC=DOMAINNAME, DC=NET

    The rest of the OU = Organization folder structure encapsulated folder first OU Node Marketing, second OU Node Corporate.

    Base entry value =OU=Users, OU=Marketing, OU=Corporate, DC=DOMAINNAME, DC=NET

    DC=DOMAINNAME, DC=NET FQDN (FQDN dots are separated by “, DC=” )

    Note that the Base entry works in reverse with the most nested Node which is the last child Node will be entered first, then in sequential order to the parent node then lastly the FQDN Node.

    Hope this helps.

    Add comment
    10|10000 characters needed characters exceeded