Yes, We are synchronising the AD with cua system. I want same configuration in my shild systems. Logically this configuration should be passed onto child as well. But I cannot find the LDAP configuration in child system.

How to push this configuration from cua to child system.

Regards,

Brahmeshwar

This may be a stupid question but why do you want the LDAP configuration in the child system?

If you sync correctly with the CUA master then CUA will look after the child systems if you have configured it to do so.

No, Its not a stupid, at least for me.

I am unable to sync the data from cua.

It would be grateful if you can let me know how to sync the data. It is not happening automatically in my server

Regards,

Brahmeshwar

Straight answer: LDAP Configuration not required for child systems in CUA.

If the user master changes are not reflected to child systems, you need to verify logs in SCUL.

Regards,

Gowrinadh

OK, so maybe the problem is with CUA.

A few questions..

1. Is the AD & CUA master now synched OK? (are there any errors in LDAPLOG)

2. Was CUA working properly before you hooked it up with AD?

3. If you make a change in CUA manually, is it pushed down to the child systems?

4. In SCUL are there any blocked idocs or errors?

Hi,

The changes in cua are reflecting properly in BI. There is no issue with that.

I have these issues with LDAP in my cua :

1. When I connect to LDAP from t-code LDAP, it shows green but when i exit the t-code and come again to LDAP it is showing red again. Is it normal?

2.When I try to run LDAP_READ from se37, I get error -"No LDAP connection is active. CONN_OUTDATE"

3.We have AD groups in LDAP, incase if I am able to connect to LDAP and read the AD groups from LDAP, where does the data gets stored in cua. I need to know this so that I can check if the data is pushed to my child system.

I need this info as I donot have prior exposure to LDAP and issues with it.

Regards,

Brahmeshwar

Hi

1. That doesn't sound right to me. It's been a while since I looked at it but I don't recall it being in red status upon exit

2. Is there anything in LDAPLOG? That message is the timeout

3. Pass, one of the other posters may be able to help with this

Hi,

1. Have you activated the LDAP Connector?

2. are you able to search the values in LDAP transaction when you have connected.

It is normal that the connection opens when the sycnrhonization program runs i.e. RSLDAPSYNC_USER from se/sa38. Once you run the program here you can see the result immediately. Please paste the log here. There is also notes available, one of them is 511141 which has description about return codes.

Regards,

Gowrinadh

Hello Gowrinadh,

Now I could sync my cua with LDAP using report RSLDAPSYNC_USER, when I the report I could see that the connection is being made at the start of execution and being terminated at the end.

I could sync now, but where does this sync data goes in my cua client, Are there any particular tables where this data gets stored.

I checked ST05 sql trace, but too many tables are displayed.

Regards,

Brahmeshwar

Hi,

This report syncs only user master data. none of the other information is not retrieved from active directory. What does your mapping indicators consits of?

Have you checked the user master records of any users whose data like e-mail address, function or department has been changed?

Regards,

Gowrinadh

Hi Gowrinadh,

We are trying to sync the AD groups, not user groups.

I do not know where these are getting stored. LDAPLOG shows no error at all.

Could you suggest.

Also when I run LDAP_READ FM, I get a CONN_OUTDATE exception

Regards,

Brahmeshwar

Edited by: Poloju on Oct 21, 2009 4:07 PM

As per my knowledge we can't create active directory groups in SAP rather it is possible to create sap roles as groups in active directory.

There are some 3rd party tools avilable for the second part, check in ecohub at the top.

Regards,

Gowrinadh

Edited by: Gowrinadh Challagundla on Oct 21, 2009 1:58 PM

Hi,

I just want to see the AD group info in my SAP system. Just a read, I do not want to create anything.

CLosing the ticket. We are trying to create a FM which can access AD server to read the data