Solved: Configure SAP LDAP mapping for MS-ASD

Former Member · ‎11-26-2008

Hello,

I 'm configuring an LDAP connector from my MS-AD to my SAP-4.7 ABAP system so the user account from the MS environment gets synchronized with my SAP system.

I have configured the connection and created some mapping already but I have still some questions about the settings:

1. With the report I'm able to synchronize an MS_AD account with my SAP environment. For the first test I only add one account name so all other existing accounts are not changed. When the MS-AD account not exists on SAP the account is created like the mapping. I have also the option in this report to delete the user account from the SAP system when the account doesn't exist any more in the MD-AD. How could I prevent that some special user accounts on the SAP system are note deleted even when they are not available in the MS-AD?

2. With the mapping function MAP_SPLIT_CHAR a variable by a certain character into two ore more SAP fields like telephone number and telephone extension. Is it possible to split the content of a variable by a fixed amount of characters?

For example the user location is written like ABC.XZZ

ABC is the building number and X is the floor number and ZZ is the chamber.

3. With the mapping function MAP_conc_CHAR I'm able to combine to MS-AD fields into one SAP filed. Is it possible to combine a constant value with a field from MS-AD?

4. I'm able to insert multiple parameters or user roles by using the function MAP_CONSTANT. I add one attribute and the constant values as parameters. For a couple of parameters I have to insert a MS-AD field. How could I combine inserting constant parameters with some MS-AD fileds

Example

The Parameters CAC and BUK are fixed to the company code. But the parameter PER must be set to the employee number. This value I get from the MS-AD .

5. For the Employee mapping to SAP-HR I have also to configure the Stucture and fields. Does any one have an overview of structure names and field names from the employee structure? It couldn't be asked with the F4 option which could be user with the user mapping.

Manny thanks in advanced for the answers.

Kind regards,

Richard Meijn

WolfgangJanzen · ‎11-27-2008

Are you aware of the product "SAP NetWeaver Identity Management" ...?

WolfgangJanzen · ‎11-27-2008

Are you aware of the product "SAP NetWeaver Identity Management" ...?

Former Member · ‎11-27-2008

No I'm not aware of that! Could you explain more to me.

Kind regards,

Richard Meijn

Former Member · ‎11-27-2008

There is a whole forum dedicated to it here at SDN. Please see the forums overview for it and search for "IDM" as well.

Cheers,

Julius

RainerKunert · ‎11-28-2008

Hi,

1.

create a user group for the special users and another user group for "real" users. Restrict the synchronization report to the second user group.

2.

You can write your own mapping functions. You will need a developer key in your system and some ABAP knowledge. Create your functions with SE80 or SE37. It is easy to create a function

3.

The same: create your own mapping function.

4.

It might be possible to fill the different parameters from different AD values depending on the parameter name. Use the ABAP statement "CASE". But there is no such function. You have to write it by yourself.

But think about what you really want to do. Do you want to invent an Identity Management? There are already a lot of tools. The SAP answer "SAP Netweaver Identity Management" was already mentioned.

Regards

Rainer