Skip to Content
Former Member
May 27, 2005 at 05:17 PM

EP60 and LDAP integration with Micosroft AD- Issues



We have configured EP6 SP11 and Microsoft AD for the user authentication as below.



OU= Accounts



User1 (User master record)

User2 (User master record)


User3 (User master record)



OU= Groups

SAP_Portal (Group Object and users are member of this group object as a link from all different OUs -user1,user2,user3)

OU= Users

EP6 LDAP config:

Data Sources: Microsoft ADS (Flat Hierarchy) + Database

(We also tried Deep hierarchy didn't work)

LDAP Server:

User Path : OU=SAP_Portal,DC=NA,DC=CompassDev,DC=Corp

Group Path :



The issues:

1- SAP Portal could not see the group object when I browse the LDAP from portal.

2- SAP Portal is not allowing users (User1, User2, User3 etc which are member of the group object) to log in to the portal unless I put users directly under OU level like OU=Groups or if I point the path to the

OU=Accounts level which we do not want to do that because we have 50,000 users defined under OU=Accounts and we want just some of them like 3000 users. Portal gives the message

“user authentication failed”

Note: I checked the UME and I don’t see the users listed in the group objects. Group object "SAP_Portal" is Universal Group object. (We also tried the global type)

3- When we put user directly under OU level, then users can log in but they are not able to change their password. We also can not change the user passwords through the Portal admin tools(UME or Visual Admin). I

have heard that without SSL, MsAD would not allow portal users to change their password.

a. (Portal internal user, sap_portal_ldap@na.compassDev.corp, has

only read access on MsAD)

Note: We use 3268 as an AD port and 389 is also active I tried both of them but no chance.

Thanks for your help in advance.