- SAP Community
- Products and Technology
- Additional Q&A
- LDAP authentication with GRC 5.3 Password Self Ser...
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
LDAP authentication with GRC 5.3 Password Self Service: User Id issue
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 04-06-2010 7:41 PM
Hello everyone,
I have setup LDAP Authentication (MS Active Directory) for Password Self Service in CUP v5.3 for the first time using the "Challenge Response Method". I have set the Authentication to LDAP and created the LDAP Connector. The Connection test was successful. I was able to log into Password Self Service using my LDAP user id and password and register myself for password self service. However, when I log back in and try to reset my password, I am getting an error because CUP is trying to look for my LDAP user id in SAP. My LDAP user ids are not the same as the SAP user ids.
For example I am logging into self service using my LDAP id alex.joseph but my user id in SAP is ajoseph. How does CUP know to map alex.joseph to ajoseph in SAP?
In the CUP Configuration --> Field Mapping --> LDAP mapping, I have mapped AC Field SAP_User_Id to LDAP field sAMAccountName. The SAP OSS ticket is talking of mapping AC Field LBL_SAP_USER_ID but I donu2019t see this as an available field for mapping in the drop down, I only see SAP_USER_Id.
Any help is appreciated!
Thank you!
Alex
Accepted Solutions (1)
Accepted Solutions (1)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Alex,
You are almost there but you need to maintain one more field in your active directory. This field will point to your SAP user id. I have done this multiple times at my previous clients.
Fore Eg. this is what you will have in your LDAP:
sAMAccountName = alex.joseph
SAPID = ajoseph
And in CUP LDAP mapping map the AC Field 'SAP User ID' to LDAP field 'SAPID' as above.
As per my understaing, this is the only way to make it work.
Regards,
Alpesh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi Alpesh,
We are implementing CUP password self-services and have similar scenario where the user id's in LDAP and SAP are different.
I understand we need to create a attribute in ADS. But, I would like to clarify, whether we can use an existing unused attribute in ADS. For e.g, in our LDAP, streetAddress attribute is unused. Can i specify my SAP ID in this field and map the field in CUP as 'SAP User ID' to LDAP attribute 'streetAddress. Could you please suggest if this mapping will work. If not could you please let us know the procedure to create the attribute SAPID, and map it in CUP.
Thanks for your help.
Regards,
Junaid
koehntopp
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hello Frank,
Many thanks for your response.
For password self-service, we intend to create a LDAP (Microsoft Active Directory) connector and use this as the authentication system for PSS.
The idea here is, the end user just needs to remember his/her's Active Directory password inorder to reset the SAP password.
In this case, will it benefit me if i create the mapping UME.
Thanks,
Junaid
koehntopp
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
If you have the SAP user ID in LDAP you might as well use it to log users into GRC with their Windows password - otherwise you have a special password to use RAR, and the Windows password for CUP and password reset.
If you do the mapping in UME you can use the Windows password for all Netweaver AS Java applications.
Answers (0)
- SAP S/4HANA Cloud Public Edition: Security Configuration APIs in Enterprise Resource Planning Blogs by SAP
- Activation of IAS in Technology Q&A
- How to configure odata Service to be readonly for technical user in Technology Q&A
- Quick Start guide for PLM system integration 3.0 Implementation in Product Lifecycle Management Blogs by SAP
- Top Picks: Innovations Highlights from SAP Business Technology Platform (Q1/2024) in Technology Blogs by SAP
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.