cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Ms-Active Directory integration with SAP 4.7 SR2 through LDAP Connector

Former Member

on ‎03-26-2007 10:13 AM

0 Kudos

Dear Gurus,

Let me clarify the scenario:

At our end, we are planning for SSO, we are integrating Microsoft ADS with SAP 4.7 IDES

Following are the system details:

SAP: IDES 4.7, on Windows 2000 Advance Server, Oracle 8.1.7.,Kernel-620

MS-Active Directory: Windows 2003 Enterprise Edition, with Service Pack-1

With the above mentioned landscape we have integrated

LDAP-Connector on MS-Active Directory, on MS-Active Directory OS

side we have tested the command (ldap_rfc –a LDAP_ADS –g

ides.ho.com –x sapgw00) then we are testing it through an

RFC in SAP 4.7(IDES), with result success.

Everything is fine Im able to Log ON thru the User but when I try to search objects in LDAP(ie. ADS) thru "FIND", but getting Error message "operation Failed".

Referred note 511141 for the error.

Can't find anything more.

Required help...

Regards,

SHAH

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

former_member290897
Participant
‎03-26-2007 10:30 AM
0 Kudos

Hi Inamdar,

have you applied the latest LDAP connector to your 6.20 Web Application server ?

You can find it e.g. for Windows 32 Bit on our service marketplace under the path:

http://service.sap.com/ ->

Support Packages and Patches" SAP NetWeaver" Technology components releases prior to SAP NetWeaver" SAP WEB AS" SAP WEB AS 6.20" SAP WEB AS ABAP

Do you have applied the LDAP schema extension necessary for the ABAP user mapping ?

Hope this information helps you any further.

Regards,

Juergen

Show replies
Show replies
Former Member
‎03-26-2007 11:50 AM
0 Kudos

Dear Juergen,

Thanks for your kind and prompt reply.

As I have registered the LDAP connector on Ms-ADS side and not on WAS side.

On MS-ADS through the command line I have executed the following command

"ldap_rfc –a LDAP_ADS –g ides.ho.com –x sapgw00" and it has executed successfully, which I have tested through RFC connection from App Server(IDES) which is executing successfully.

I just have query regarding LDAP Schema, as I have reffered to Note: 704895, kindly confirm that whether applying the same will work out.

I also referrd the note 448360:

Logging on to the SAP system (BC-SEC)

The Application Server ABAP does not support the direct use of the directory to authenticate a user.

Kindly guide for the same.

Best Regards,

Shaibaz

former_member290897
Participant
‎03-26-2007 2:55 PM
0 Kudos

Hello Inamdar,

the scheme extension mentioned in note 704895 has been successfully used during the certification.

To the mentioned sentence in note 448360. The meaning here is that an SAP user will be authenticated by the SAP WAS itself. The LDAP directory is only used as a different persistence store for the user attributes. If you have no external LDAP directoy then all user attributes will be stored within the SAP database.

Hope this clarifies the sematic in this note a bit better.

Please reward points if this answer is helpful for you.

Regards,

Juergen

Former Member
‎03-26-2007 3:09 PM
0 Kudos

Dear Juergen,

Thanx for kind and prompt reply.

I clearly understood thru Ur refernce regarding the SAP Note 448360.

Still got Query regarding 704895, that it has been successfully used during the certification...??

As per the note it states "Suitable schema enhancements and mapping proposals are provided in the Support Package assigned to this note"

As my patch level for the same is 14 (SAP_BASIS).

So should I go ahead for applying SP the same as per the note.

Regards,

Shaibaz

former_member290897
Participant
‎03-26-2007 4:05 PM
0 Kudos

Hello Inamdar,

so you are using the 6.20 base i would recommend to use at least "Basis Support Package 38 for 6.20".

But at this was released in March 2004 (three years ago) i would recommend to apply the latest available "Basis Support Package 61 for 6.20".

So if you want to use the correct schema for the LDAP directory you need to apply the above mentioned Support package.

Best regards,

Juergen

Former Member
‎04-16-2007 5:49 AM
0 Kudos

Dear Juergen,

As of we have applied the SP-level till 40.

Through LDAP tcode we are able to Logon to the Directory server, and we

are also able to search, through FIND,

the system displays all entries below the specified base entry.

After that we are trying to Synchronize it, using report RSLDAPSYNC_USER through SE38, but its showing following errors:

Connection created to Server LDAP_ADS (successfully with Green)

Operation Failed (Error with Red)

Error message: LDAPRC001

LDAP_SEARCH failed (Error with Red)

Error message: LDAPACCESS101

The System could not create directory objects pool (Error with Red)

Error message: LDAPSYNC005

Connection to LDAP_ADS server terminated

As for first Error: Error message: LDAPRC001, we referred Note 511141,

Response: "This error msg does not mean that the SAP System sent incorrect data".

For Error message: LDAPACCESS101 and Error message: LDAPSYNC005, we refferred 696021 and 695026

Response: to apply the correction change, as our SP level is above the requirement, we have

level-40.

Unable to get further, any solution/suggestion.

Bye for now.

Regards,

Shaibaz

Ask a Question