EP60 and LDAP integration with Micosroft AD- Issues
Hello,
We have configured EP6 SP11 and Microsoft AD for the user authentication as below.
MsAD:
AD_Compass_Domain
OU= Accounts
OU=CORPORATE
OU=IT
User1 (User master record)
User2 (User master record)
OU=FI
User3 (User master record)
OU=SAP_Portal
OU=Corp_LDAP
OU= Groups
SAP_Portal (Group Object and users are member of this group object as a link from all different OUs -user1,user2,user3)
OU= Users
EP6 LDAP config:
Data Sources: Microsoft ADS (Flat Hierarchy) + Database
(We also tried Deep hierarchy didn't work)
LDAP Server:
User Path : OU=SAP_Portal,DC=NA,DC=CompassDev,DC=Corp
Group Path :
OU=Groups,OU=Corp_LDAP,OU=SAP_Portal,DC=NA,DC=CompassDev,DC=Corp
-
The issues:
1- SAP Portal could not see the group object when I browse the LDAP from portal.
2- SAP Portal is not allowing users (User1, User2, User3 etc which are member of the group object) to log in to the portal unless I put users directly under OU level like OU=Groups or if I point the path to the
OU=Accounts level which we do not want to do that because we have 50,000 users defined under OU=Accounts and we want just some of them like 3000 users. Portal gives the message
user authentication failed
Note: I checked the UME and I dont see the users listed in the group objects. Group object "SAP_Portal" is Universal Group object. (We also tried the global type)
3- When we put user directly under OU level, then users can log in but they are not able to change their password. We also can not change the user passwords through the Portal admin tools(UME or Visual Admin). I
have heard that without SSL, MsAD would not allow portal users to change their password.
a. (Portal internal user, sap_portal_ldap@na.compassDev.corp, has
only read access on MsAD)
Note: We use 3268 as an AD port and 389 is also active I tried both of them but no chance.
Thanks for your help in advance.