How to only synchronize one specific LDAP user gro...

Former Member · ‎06-08-2009

Hi,

Hopefully this is the correct forum to post this in. I want to have continuous one-way synchronization of users from my LDAP server to my SAP central system. I've started configure in SAP using transaction SM59 and LDAP. Can I somewhere set that only one specific LDAP user group shall be transferred to SAP (they do not need to be assigned to any specific group, profile, role in SAP) - or should this be done on the LDAP server side (or is it at all possible)?

Correct me if I'm wrong, but the User Group field in the report RSLDAPSYNC_USER only concerns SAP user groups right? This would therefore not be sufficient since I want to select the users to synchronize based on user groups in the directory.

Thanks, Oscar

Former Member · ‎06-10-2009

Using OU

Former Member · ‎11-08-2010

Hi Oscar, do you mean you added the required users in another OU at Active Directory level?

In the RSLDAPSYNC_USER report i can't map a uer group together with the sapUsername/sAMAccountName attributes...

Can you explain the steps you took to get it working?

Thanks a lot!

alejandro_navajas3 · ‎06-15-2011

Hi Oscar,

This is exactly my scenario too. I would like to retrieve from the LDAP Server not all users below an specific OU. Did you find a way to figure it out?

Thanks in advance

Ale

paul_abrahamson_sap · ‎06-16-2011

We've used a repository constant to specify the LDAP filter for reading users / groups from the LDAP target.

E.g. LDAP_FILTER_USERS (&(objectCategory=person)(objectClass=user))

Then we also have a constant for the LDAP_STARTING_POINT

For our AD Group Initial Load we filter according to these settings:

LDAP_FILTER_GROUPS = (objectclass=group)

LDAP_STARTING_POINT_GROUPS = ou=IDMManagedGroups,ou=Groups,dc=cfstest,dc=le,dc=ac,dc=uk

The above example only reads AD groups starting at the specified OU

Then in a Job From LDAP Pass the LDAP URL looks like this:

LDAP://%$rep.LDAP_HOST%:%$rep.LDAP_PORT%/%$rep.LDAP_STARTING_POINT_GROUPS%?*?SUB?%$rep.LDAP_FILTER_GROUPS%

I hope this helps

Paul

Former Member · ‎05-21-2013

Hello Paul,

could you explain how do you put the LDAP_FILTER in report RSLDAPSYNC_USER?

I haven't found nothing similar to LDAP_FILTER_USERS or LDAP_FILTER_GROUPS or LDAP_STARTING_POINT_GROUPS.

Thanks

Matteo Stocco

former_member2987 · ‎05-22-2013

Matteo,

Paul is referring to some SAP NetWeaver IDM specific settings. If you are not using IDM this is not the correct forum for your question.

Matt

Former Member · ‎05-22-2013

The forum is correct, but Paul's answer gave an IDM specific answer to the usage.

--> start a new thread and explain your problem...

Cheers,

Julius

former_member2987 · ‎05-23-2013

Sorry, my mistake.

Former Member · ‎05-23-2013

I've alreay open a thread for my problem.

These are the links:

http://scn.sap.com/thread/3352695

http://scn.sap.com/thread/3356118

How to only synchronize one specific LDAP user group with SAP?