Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Questions about LDAP authentication

former_member586384
Explorer

‎02-25-2009 5:23 PM

0 Kudos

Dear all,

Could you please assist regarding these questions related to LDAP authentication to our ABAP based systems?

Our questions are:

1) We do not wish to alter the LDAP server in any fashion. We wish to

use the LDAP server as we do with our Enterprise Portal systems,

authenicating only. If we simply want to use the LDAP server for

authentication purposes, do we need to have a user on the LDAP server

with essentially superuser priviliges??

2) A firewall exists between our SAP servers and the LDAP server. Are

there any non-standard ports that SAP needs to use in order to

communicate with the LDAP server??

3) All of the examples that I have seen documented use port 389

(unsecure LDAP) to communicate with the LDAP server. Is there a way to

use LDAPs (secure) to facilitate authentication??

Any assistance will be very welcome,

Many thanks in advance,

2 REPLIES 2

Former Member

‎02-25-2009 7:29 PM

0 Kudos

1) We do not wish to alter the LDAP server in any fashion. We wish to

use the LDAP server as we do with our Enterprise Portal systems,

authenicating only. If we simply want to use the LDAP server for

authentication purposes, do we need to have a user on the LDAP server

with essentially superuser priviliges??

*NO, just read-only access to the CN & DN should work. Also check the mapping indicators for "Export"

if you dont want to write to LDAP*

2) A firewall exists between our SAP servers and the LDAP server. Are

there any non-standard ports that SAP needs to use in order to

communicate with the LDAP server??

Dont know for sure, but i dont think SAP would use any other ports

3) All of the examples that I have seen documented use port 389

(unsecure LDAP) to communicate with the LDAP server. Is there a way to

use LDAPs (secure) to facilitate authentication??

port 636 is the default port for secure LDAP or LDAP over TLS/SSL

RainerKunert
Active Participant

‎02-26-2009 12:34 PM

0 Kudos

If you want to use LDAP for authentication only, then you have to install some single sign on (SSO) technique. Typically the Kerberos protocol is used for authentication against Active Directory, so no LDAP is used.

You can use the LDAP protocol to synchronize data between LDAP and SAP (f.e. last name, first name, telephone number, ...).

If your LDAP is Active Directory and your SAP systems are installed on Windows operating system you can use the GSSAPI DLL from SAP for SSO. If your system is a Unix/Linux server you can also use Kerberos but it is a little bit tricky and not supported by SAP.

There are also a lot of third party products for SSO.

Regards

Rainer