cancel
Showing results for 
Search instead for 
Did you mean: 

CUP v5.3: Using LDAP Authentication for Password Self Service

Former Member
0 Kudos

Hello everyone,

Will you please help with the following?

I am setting up LDAP Authentication (MS Active Directory) for Password Self Service in CUP v5.3 for the first time. I have set the Authentication to LDAP and created the LDAP Connector. The Connection test was successful. I have created the LDAP mapping for MS Active Directory, per the SAP documentation. Yet, when I try to test Password Self Service using the Network ID and Password, I get an error "User Credentials Not Valid".

I have never set this Configuration up before, so I don't know if I am missing something. For the User Data Source, I have tried every combination of SAP and LDAP (i.e. set both to SAP, set both to LDAP, and both combinations with the two together). I get the same error message regardless of how I change the User Data Source.

Any ideas?

I've got the AC v5.3 Config guide and I believe that I have done everything outlined for the LDAP piece. Have you seen any other more detailed documentation on this topic?

Thank you!

Johonna

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
0 Kudos

leave the "group" field in the ldap connector blank.....

Former Member
0 Kudos

Hello Jack,

Thank you for your response. Yes, the group field is blank. I will keep investigating.

Thank you!

Johonna

Former Member
0 Kudos

Johonna,

Can you paste the error logs here?

Alpesh

Former Member
0 Kudos

we had similar problems like you.

once we left Group Path AND User Path empty all LDAP attributes were accumulated accurate

nesimi

Former Member
0 Kudos

Hello Nesimi,

THANK YOU SO MUCH! : )

The documentation says to include the User Path for Active Directory, but it only worked for us when I deleted it (left it blank).

Hello Alpesh or Harleen,

Will you please look at adding this to the documentation for other users?

"Configuring LDAP Connector in Compliant User Provisioning of GRC Access Control on SAP Community Network at http://sdn.sap.com";

I can't say if this will be the case for ALL Active Directory customers, but it would be helpful to include this at least as a note under the Active Directory instructions. They can try it with the User Path and if it doesn't work, then they can try removing it.

Thank you!

Johonna

Former Member
0 Kudos

Thanks a lot Nesimi.

I was struggling with the same issue and this has solved my issue.

Answers (1)

Answers (1)

koehntopp
Product and Topic Expert
Product and Topic Expert
0 Kudos

Johonna,

please try switching the log level to DEBUG and look for something in the log files - it's usually something around LDAP field mapping, or the user path.

Kind regards,

Frank.

Former Member
0 Kudos

Hi Johonna,

As Frank mentioned, it has to do wtih LDAP connection. Check user path and group path in LDAP connecter settings.

Regards,

Alpesh

Former Member
0 Kudos

Hello Alpesh,

Thank you for your help. I have had the client's IT team check the LDAP settings 3 times ... they say it looks perfect. I am not sure what the problem is at this point. I am still investigating.

Thank you!

Johonna