Skip to Content
author's profile photo Former Member
Former Member

Password synchronization using LDAP connector from AD server to SAP.

Hi All

I have managed to connect the AD server & SAP Ecc 6.0 using the LDAP connector.But there is no Function module which synchronizes Users passowrd from AD server into SAP.

Do you know any best practices to do this.

Thank you

Naveen.

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

4 Answers

  • Best Answer
    author's profile photo Former Member
    Former Member
    Posted on Jan 29, 2008 at 12:59 PM

    Hello Naveen,

    To my knowledge, the best practice is not to synchronize passwords at all (except perhaps sending initial ones).

    Besides, how are you getting the password out of the AD...?

    You will have great, great difficultly in synchronizing the AD hash with the SAP hash.... of that I am quite certain.

    Cheers,

    Julius

    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on Jan 29, 2008 at 01:04 PM

    Naveen,

    The info provided by Julius is correct. You cannot sync password with AD since AD passwords are used to generate keys, which are used during Kerberos authentication with the domain. So, AD does not allow access to passwords.

    The LDAP sync is designed only for non password info for an account, e.g. company name, address, telephone number.

    Thanks,

    Tim

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Jan 29, 2008 at 01:18 PM

    thankx all for confirming the doubt i had.

    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on Jan 29, 2008 at 02:40 PM

    See [SAP Note 376856|https://service.sap.com/sap/support/notes/376856].

    But I assume that you actually intend to achieve SSO - most likely based on using SPNEGO.

    Unfortenately, you did not reveal whether you are referring to NWAS ABAP or NWAS Java when mentioning that you intend to connect to an "SAP system". Well, NWAS Java does support SPNEGO - while NWAS ABAP does not.

    Searching this SDN forum for the keywords "SPNEGO", "Kerberos", "ADS" you'll find many hits ...

    Cheers, Wolfgang

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.