Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Password synchronization using LDAP connector from AD server to SAP.

Go to solution
Former Member

‎01-29-2008 12:51 PM

0 Kudos

Hi All

I have managed to connect the AD server & SAP Ecc 6.0 using the LDAP connector.But there is no Function module which synchronizes Users passowrd from AD server into SAP.

Do you know any best practices to do this.

Thank you

Naveen.

1 ACCEPTED SOLUTION

Go to solution
Former Member

‎01-29-2008 12:59 PM

0 Kudos

Hello Naveen,

To my knowledge, the best practice is not to synchronize passwords at all (except perhaps sending initial ones).

Besides, how are you getting the password out of the AD...?

You will have great, great difficultly in synchronizing the AD hash with the SAP hash.... of that I am quite certain.

Cheers,

Julius

5 REPLIES 5

Go to solution
Former Member

‎01-29-2008 12:59 PM

0 Kudos

Hello Naveen,

To my knowledge, the best practice is not to synchronize passwords at all (except perhaps sending initial ones).

Besides, how are you getting the password out of the AD...?

You will have great, great difficultly in synchronizing the AD hash with the SAP hash.... of that I am quite certain.

Cheers,

Julius

Go to solution
tim_alsop
Active Contributor

‎01-29-2008 1:04 PM

0 Kudos

Naveen,

The info provided by Julius is correct. You cannot sync password with AD since AD passwords are used to generate keys, which are used during Kerberos authentication with the domain. So, AD does not allow access to passwords.

The LDAP sync is designed only for non password info for an account, e.g. company name, address, telephone number.

Thanks,

Tim

Go to solution
Former Member

‎01-29-2008 1:18 PM

0 Kudos

thankx all for confirming the doubt i had.

Go to solution
Former Member
In response to Former Member

‎01-29-2008 1:19 PM

0 Kudos

Glad to have disappointed you

Cheers,

Julius

Go to solution
WolfgangJanzen
Product and Topic Expert
Product and Topic Expert

‎01-29-2008 2:40 PM

0 Kudos

See [SAP Note 376856|https://service.sap.com/sap/support/notes/376856].

But I assume that you actually intend to achieve SSO - most likely based on using SPNEGO.

Unfortenately, you did not reveal whether you are referring to NWAS ABAP or NWAS Java when mentioning that you intend to connect to an "SAP system". Well, NWAS Java does support SPNEGO - while NWAS ABAP does not.

Searching this SDN forum for the keywords "SPNEGO", "Kerberos", "ADS" you'll find many hits ...

Cheers, Wolfgang