Skip to Content
author's profile photo Former Member
Former Member

SAP GRC CUP 5.3 -- LDAP Group Provisioning Fails -- Bad Group Name

All,

We are having issues provisioning LDAP groups from CUP 5.3 (both SP10.2 and SP12) using a SAP EP LDAP connector. We have attempted many different combinations regarding the group names, from whole tree definitions (ex. CN=GROUP,OU=Unit,OU=Division,DC=domain,DC=com), to partial definitions (ex. CN=GROUP), and even no tree structure at all. We have tried this with both INTERNAL and EXTERNAL attributes, using group paths, and attempting to provision groups pulled directly from the LDAP using the import functionality. As a side note, the groups pull fine from AD and contain all of the attributes, including description, name, etc, but even this method returns the error. The message we get in the CUP logs when trying to provision refers to an LDAP error 34: Bad Name.

We know that it is not a name issue, at least with the group itself, but it might possibly be with the way that CUP is passing it. Also, we know that it is not a security issue since we have attempted this with full Enterprise Admin access.

Lastly, we know that the two are communicating fine -- we tested it on a user that did not exist in AD and CUP returned an error stating the user did not exist.

Has anyone encountered this before? Any help would be appreciated!

Thanks,

Tyler

Edited by: Tyler Lewis on Sep 2, 2010 12:09 AM

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

1 Answer

  • author's profile photo Former Member
    Former Member
    Posted on Sep 07, 2010 at 10:30 AM

    Hi Tyler,

    Please cross check your LDAP mapping.Check that in the additional fields you have maintain the entry for group name, group member, group member, group obj class.

    Also check that in SAP EP LDAP connector Parameter Name " LDAP_GROUPS" have the values as "YES".

    Kind Regards,

    -Sri

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.