cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

AD connection and repository population

Go to solution
Former Member

on ‎07-16-2009 7:41 PM

0 Kudos

Ok, so I am a newbie to the SAP IDM space, but am well versed in LDAP and other IDM solutions. I need some help for the scenario we are working on Password change replication from AD to SAP systems.

AD has the 

users and will be the source for passwords
SAP systems are existing
We do not use SAP

HCM, thus the user source is AD.

So, we started by setting up the SAP IDM on windows, with an Oracle DB.

We have a dispatcher, and it says its running

I setup a repository for AD

I tried setting up a couple of jobs to populate the repository, but dont get anything.

I assume I am missing something - i havent configured something.

Any help would be appreciated.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎07-21-2009 8:24 PM
0 Kudos

Hi Jeremy,

Yes, you will need to run an Initial Load job for ADS. Ironically, when you run a new job wizard, this job template isn't found in the Active Directory folder...it's in the SAP Netweaver folder at:

C:\Program Files (x86)\SAP\IdM\Identity Center\Templates\Identity Center\Jobs\SAP NetWeaver\LDAP (ADS) - Initial Load

Of course this path will depend on where you installed your IDM Identity Center.

There are a whole series of ADS tasks under here, but the Initial Load is crucial for importing the 'priveleges' from AD so that they can be included in your roles and you can then send users back out to the AD.

Best,

Troy

Show replies
Show replies

Answers (3)

Answers (3)

Former Member
‎07-22-2009 9:21 PM
0 Kudos

Thank you! With that I have been able to run the intial load for AD.

Show replies
Show replies
Former Member
‎07-20-2009 5:30 PM
0 Kudos

Yes, I have read those. So far we have configured the repository for AD, and one for SAP ABAP,and installed the Password Hook on the Domain Controller as well. Do you know if there should be an initial load of the AD objects, similar to what we had to do for the SAP system?

Overall, we are just trying to synchronize user password changes from AD to SAP. Not really concerned about anything else.

Any help is appreciated.

Show replies
Show replies
Former Member
‎07-20-2009 5:53 PM
0 Kudos

Sorry, I have no experience with the Password Hook and the related Jobs/Tasks.

But I think that if you "only" want to react on AD-Password changes and synchronize them with SAP there may be no need for an AD-Initial Load.

Regards

Former Member
‎07-17-2009 9:49 AM
0 Kudos

Hi Jeremy

Start with the tutorials first.

Somewhere in your IdM Installation folder or your setup folder there's a Tutorial folder.

There's one tutorial for LDAP-Tasks which could help you.

Also there exist some installation-related PDFs that help you during initial configuration.

On the other hand you should install the "SAP Provisioning Framework" which contains Tasks for commonly used SAP-related systems (ABAP, Portal, LDAP, ADS and so on).

If you search service.sap.com there exist also 2 important PDFs about how to use the SAP Provisioning Framework and the expected system landscape ("Identity Management for SAP System Landscapes: Architectural Overview" & "Identity Management for SAP System Landscapes: Configuration Guide").

Hope I could help.

Regards

Michael

Show replies
Show replies
Ask a Question