02-25-2009 5:23 PM
Dear all,
Could you please assist regarding these questions related to LDAP authentication to our ABAP based systems?
Our questions are:
1) We do not wish to alter the LDAP server in any fashion. We wish to
use the LDAP server as we do with our Enterprise Portal systems,
authenicating only. If we simply want to use the LDAP server for
authentication purposes, do we need to have a user on the LDAP server
with essentially superuser priviliges??
2) A firewall exists between our SAP servers and the LDAP server. Are
there any non-standard ports that SAP needs to use in order to
communicate with the LDAP server??
3) All of the examples that I have seen documented use port 389
(unsecure LDAP) to communicate with the LDAP server. Is there a way to
use LDAPs (secure) to facilitate authentication??
Any assistance will be very welcome,
Many thanks in advance,
02-25-2009 7:29 PM
1) We do not wish to alter the LDAP server in any fashion. We wish to
use the LDAP server as we do with our Enterprise Portal systems,
authenicating only. If we simply want to use the LDAP server for
authentication purposes, do we need to have a user on the LDAP server
with essentially superuser priviliges??
*NO, just read-only access to the CN & DN should work. Also check the mapping indicators for "Export"
if you dont want to write to LDAP*
2) A firewall exists between our SAP servers and the LDAP server. Are
there any non-standard ports that SAP needs to use in order to
communicate with the LDAP server??
Dont know for sure, but i dont think SAP would use any other ports
3) All of the examples that I have seen documented use port 389
(unsecure LDAP) to communicate with the LDAP server. Is there a way to
use LDAPs (secure) to facilitate authentication??
port 636 is the default port for secure LDAP or LDAP over TLS/SSL
02-26-2009 12:34 PM
If you want to use LDAP for authentication only, then you have to install some single sign on (SSO) technique. Typically the Kerberos protocol is used for authentication against Active Directory, so no LDAP is used.
You can use the LDAP protocol to synchronize data between LDAP and SAP (f.e. last name, first name, telephone number, ...).
If your LDAP is Active Directory and your SAP systems are installed on Windows operating system you can use the GSSAPI DLL from SAP for SSO. If your system is a Unix/Linux server you can also use Kerberos but it is a little bit tricky and not supported by SAP.
There are also a lot of third party products for SSO.
Regards
Rainer