cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

LDAP/Active Directory synchronization

Former Member

on ‎05-22-2009 4:59 AM

0 Kudos

Hello,

I'm trying to synchronize my company's Active Directory with our SAP HCM database (using SAP as the master). I've found considerable documentation on how to do this automatically, e.g. SAP Library - Directory Services (BC-SEC-DIR), however I'm encountering 2 problems:

1) We want to synchronize a number of custom fields. These fields are obviously not available through the standard sync structures (see ). Is it possible to still use the standard synchronization functionality (e.g. by adding my custom fields to the available sync structures) or do I need to write custom code?

2) Not all the information that I want to synchronize with the Active Directory can be mapped to fields that already exist in "users" in the Active Directory. I can add the necessary fields by subclassing the "user" objectclass using LDAP however when I then try to view the user through the AD it refuses to show all the standard properties.

- Is there a way to force the AD to show the standard properties for these users?

- Is there a way to add fields to "users" in the AD without changing the objectclass being used?

Thank you in advance for your help,

David

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
‎05-22-2009 5:27 AM
0 Kudos

Quick update from me:

Please ignore question 2 as I've just found out how to solve the problem. Instead of subclassing the "user" objectclass I've added by custom fields into an auxiliary class which I've then added to the "user" class. Doing this means that my custom fields can be added but the AD still considers the entry to be of class "user" and therefore displays the standard properties.

Cheers,

David

Show replies
Show replies
Former Member
‎05-22-2009 11:37 AM
0 Kudos

When calling the LDAP_UPDATE function I constantly get the following error message back from the Active Directory:

"LDAP server cannot execute operation"

What really confuses me is the fact that I can create entries on this same Active Directory (using LDAP_CREATE).

Anyone know why LDAP_UPDATE would fail when LDAP_CREATE works? And what I can do to make updates work as well?!

Thanks again,

David

PS For anyone following this thread in the future here's a link to another thread with some good information in the same area:

Edited by: David Michell on May 26, 2009 3:51 AM

Issue fixed. The problem appears to have been due to having set the "Read Anonymously" flag in the configuration of the LDAP server. Once I cleared this flag the LDAP_UPDATE function worked. I don't have a logical explanation for this behaviour though.

Edited by: David Michell on May 26, 2009 8:38 AM

Former Member
‎06-03-2009 12:41 PM
0 Kudos

Hi all,

I now have a further problem. When the user clears a field I want to clear the corresponding entry in the Active Directory. According to the documentation for LDAP_UPDATE: "In accordance with the LDAP standard, replacement with an empty value set is equivalent to deletion" however when I do this I get the error message "Invalid Syntax".

Has anyone come across this sort of problem before? Any suggestions on how to fix it?

Ask a Question