on 03-26-2007 10:13 AM
Dear Gurus,
Let me clarify the scenario:
At our end, we are planning for SSO, we are integrating Microsoft ADS with SAP 4.7 IDES
Following are the system details:
SAP: IDES 4.7, on Windows 2000 Advance Server, Oracle 8.1.7.,Kernel-620
MS-Active Directory: Windows 2003 Enterprise Edition, with Service Pack-1
With the above mentioned landscape we have integrated
LDAP-Connector on MS-Active Directory, on MS-Active Directory OS
side we have tested the command (ldap_rfc a LDAP_ADS g
ides.ho.com x sapgw00) then we are testing it through an
RFC in SAP 4.7(IDES), with result success.
Everything is fine Im able to Log ON thru the User but when I try to search objects in LDAP(ie. ADS) thru "FIND", but getting Error message "operation Failed".
Referred note 511141 for the error.
Can't find anything more.
Required help...
Regards,
SHAH
Hi Inamdar,
have you applied the latest LDAP connector to your 6.20 Web Application server ?
You can find it e.g. for Windows 32 Bit on our service marketplace under the path:
Support Packages and Patches" SAP NetWeaver" Technology components releases prior to SAP NetWeaver" SAP WEB AS" SAP WEB AS 6.20" SAP WEB AS ABAP
Do you have applied the LDAP schema extension necessary for the ABAP user mapping ?
Hope this information helps you any further.
Regards,
Juergen
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Dear Juergen,
Thanks for your kind and prompt reply.
As I have registered the LDAP connector on Ms-ADS side and not on WAS side.
On MS-ADS through the command line I have executed the following command
"ldap_rfc a LDAP_ADS g ides.ho.com x sapgw00" and it has executed successfully, which I have tested through RFC connection from App Server(IDES) which is executing successfully.
I just have query regarding LDAP Schema, as I have reffered to Note: 704895, kindly confirm that whether applying the same will work out.
I also referrd the note 448360:
Logging on to the SAP system (BC-SEC)
The Application Server ABAP does not support the direct use of the directory to authenticate a user.
Kindly guide for the same.
Best Regards,
Shaibaz
Hello Inamdar,
the scheme extension mentioned in note 704895 has been successfully used during the certification.
To the mentioned sentence in note 448360. The meaning here is that an SAP user will be authenticated by the SAP WAS itself. The LDAP directory is only used as a different persistence store for the user attributes. If you have no external LDAP directoy then all user attributes will be stored within the SAP database.
Hope this clarifies the sematic in this note a bit better.
Please reward points if this answer is helpful for you.
Regards,
Juergen
Dear Juergen,
Thanx for kind and prompt reply.
I clearly understood thru Ur refernce regarding the SAP Note 448360.
Still got Query regarding 704895, that it has been successfully used during the certification...??
As per the note it states "Suitable schema enhancements and mapping proposals are provided in the Support Package assigned to this note"
As my patch level for the same is 14 (SAP_BASIS).
So should I go ahead for applying SP the same as per the note.
Regards,
Shaibaz
Hello Inamdar,
so you are using the 6.20 base i would recommend to use at least "Basis Support Package 38 for 6.20".
But at this was released in March 2004 (three years ago) i would recommend to apply the latest available "Basis Support Package 61 for 6.20".
So if you want to use the correct schema for the LDAP directory you need to apply the above mentioned Support package.
Best regards,
Juergen
Dear Juergen,
As of we have applied the SP-level till 40.
Through LDAP tcode we are able to Logon to the Directory server, and we
are also able to search, through FIND,
the system displays all entries below the specified base entry.
After that we are trying to Synchronize it, using report RSLDAPSYNC_USER through SE38, but its showing following errors:
Connection created to Server LDAP_ADS (successfully with Green)
Operation Failed (Error with Red)
Error message: LDAPRC001
LDAP_SEARCH failed (Error with Red)
Error message: LDAPACCESS101
The System could not create directory objects pool (Error with Red)
Error message: LDAPSYNC005
Connection to LDAP_ADS server terminated
As for first Error: Error message: LDAPRC001, we referred Note 511141,
Response: "This error msg does not mean that the SAP System sent incorrect data".
For Error message: LDAPACCESS101 and Error message: LDAPSYNC005, we refferred 696021 and 695026
Response: to apply the correction change, as our SP level is above the requirement, we have
level-40.
Unable to get further, any solution/suggestion.
Bye for now.
Regards,
Shaibaz
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.