cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

GRC 10 LDAP query issue at the root node

Go to solution
GBP
Explorer

on ‎06-18-2013 4:14 PM

0 Kudos

Hello,

We are unable to do a search based on root node after successful LDAP integration but if we add a particular OU within the base entry then we are able to search the users for that specific OU. Specifying a specific OU is not the right solution as we have different OU for North America, Europe,

Latin America etc. regions. We need to specify the root node so that it will search for all the users in different region. We are getting the below operation failed error when we don't specify OU in the base entry.

Operation failed

Message no. LDAPRC001

Diagnosis

This is an error message that is triggered by the directory server.

It is not possible to analyze the error in the SAP system.

 

Procedure

Check the log files for the directory server (if they exist), to see if they
contain more information.

Please let us know if you guys have faced this situation and what was the resolution.

Thanks,

Gautam.

Show replies
Show replies
Answer
View Entire Topic
Former Member
‎01-03-2014 1:39 PM
0 Kudos

Hi Gautam,

I am in the same situation as you , did you find any solution for the issue ? Please share .

Regards,

Prasad

Show replies
Show replies
GBP
Explorer
‎01-06-2014 3:33 PM
0 Kudos

Hi Vallamsetty,

So far we haven't find the solution but most likely we should know something by end of this month and once I have an update, I'll let you know for the same.

Thanks,

Gautam.

Former Member
‎01-07-2014 10:31 AM
0 Kudos

Hi Gautam,

I get it working for me by changing the port to 3268 . What port are you using ?

Regards,

Prasad

GBP
Explorer
‎01-07-2014 3:36 PM
0 Kudos

Hi Prasad,

We are using port 389 and changed it to 3268 and it is searching users at the root node.

Thanks for the reply.

Thanks,

Gautam

GBP
Explorer
‎03-25-2014 5:04 PM
0 Kudos

Hi Prasad,

Are you able to provision Active Directory groups through GRC 10?

To do user serach from the root node we need 3268 port number but to assign the AD groups, we have to use 389 port number as 3268 doesn't do provisioning or de-provisioning. Again within 389 port, we are able to provision/de-provision AD groups provided AD users and AD groups exist in the same OU. If user exist in a different OU and AD group is in a different OU, this scenario doesn't work for us and we get the below error

Please let me know if you were able to provision/de-provision AD groups where users and groups exist at different OU.

Thanks,

Gautam.

Former Member
‎03-26-2014 9:07 AM
0 Kudos

Hi Gautam,

I don't have the requirement to provision AD groups .

Regards,

Prasad

Former Member
‎04-21-2015 2:55 PM
0 Kudos

Hi, Gautam!

Could you please share some documents, links with decription of provisioning AD groups through GRC 10?

I'm trying to find, but nothing so far..

Best regards,

Elvira Huzina

GBP
Explorer
‎04-21-2015 6:55 PM
0 Kudos

Hi Elvira,

We are still not able to provision the AD groups through GRC 10. We had calls with SAP and our AD team but it looks like the issue is something tied to Windows AD configuration where we have referrals and as per SAP, GRC 10 doesn't support referral. SAP did show us a demo with their internal GRC 10 system where they were able to provision AD group/s. We are tyring to provision AD groups through our portal/UME but still trying to figure that out.

Thanks,

Gautam.

Former Member
‎04-22-2015 7:27 AM
0 Kudos

Thank you, Gautam !!

Could you please point who showed this demo from SAP?

You will assist a lot, I would contact this person and ask information.

We need to evaluate GRC AC for landscape.

Is there some documents about this integration?

Best regards,

Elvira Huzina

Former Member
‎04-22-2015 9:19 AM
0 Kudos

and

Do you mean assignment users to the security groups of AD by means of GRC AC? Or to the distribution groups of AD?

Best regards,

Elvira Huzina

GBP
Explorer
‎04-22-2015 8:34 PM
0 Kudos

I don't remember the person who gave us the demo from SAP as it was done last year but it was schedule by our SAP liaison. All companies who have implemented SAP should have an SAP contact person. There are lot of documentation online on LDAP integration with GRC 10. There is one SAP standard note/document (1584110) on the set-up as well.

vinod_kumar70
Explorer
‎08-10-2015 4:27 PM
0 Kudos

Gautam,

Did you fix the AD provisioning issue , if so can you share the details?

Thanks

Vinod

GBP
Explorer
‎08-10-2015 6:26 PM
0 Kudos

Hi Vinod,

We are unable to do the AD group provisioning/de-provisioning but what we found is if ID and AD group exist in the same OU then we are able to do it at OU level. The best practice is to do it at root level without having any dependency on ID/Group existing in the same OU. So after doing further research and talking to different team members including SAP and Microsoft, it looks like we have referrals in Windows AD and it is stopping us. So in a nutshell everything depends on how your AD is configured and in our case it is not possible to change any config. in AD. We haven't done anything yet but we are looking to do provisioning through UME.

I hope this helps.

Thanks,

Gautam.

vinod_kumar70
Explorer
‎08-10-2015 7:43 PM
0 Kudos

Thanks  Gautam, We had to use 2 different ports for provisioning/de-provisioning (368)  and  Sync/reads(3268), however we could not use both the functions since we could use only one connector and one port. Where you able to overcome this issue?

Vinod

Former Member
‎06-29-2016 10:02 AM
0 Kudos

thx! it works for me using 3268 port (first, i had filled no port number)

Ask a Question