Skip to Content
Former Member
Sep 01, 2010 at 10:06 PM

SAP GRC CUP 5.3 -- LDAP Group Provisioning Fails -- Bad Group Name



We are having issues provisioning LDAP groups from CUP 5.3 (both SP10.2 and SP12) using a SAP EP LDAP connector. We have attempted many different combinations regarding the group names, from whole tree definitions (ex. CN=GROUP,OU=Unit,OU=Division,DC=domain,DC=com), to partial definitions (ex. CN=GROUP), and even no tree structure at all. We have tried this with both INTERNAL and EXTERNAL attributes, using group paths, and attempting to provision groups pulled directly from the LDAP using the import functionality. As a side note, the groups pull fine from AD and contain all of the attributes, including description, name, etc, but even this method returns the error. The message we get in the CUP logs when trying to provision refers to an LDAP error 34: Bad Name.

We know that it is not a name issue, at least with the group itself, but it might possibly be with the way that CUP is passing it. Also, we know that it is not a security issue since we have attempted this with full Enterprise Admin access.

Lastly, we know that the two are communicating fine -- we tested it on a user that did not exist in AD and CUP returned an error stating the user did not exist.

Has anyone encountered this before? Any help would be appreciated!



Edited by: Tyler Lewis on Sep 2, 2010 12:09 AM