on 06-08-2010 4:35 PM
Dear Gurus,
i configured a ldap-scenario and tested it by reading different attributes from the directory and updating the user information.
It worked well!
Now i want to write the proxyaddresses-attribute into the directory. i configured an exporting mapping from the e-mail address of the sap-user to the mentioned dir.-attr.. In this mapping i call a function module. For simple testing i call an ldap-module to read the actual values of the directory-attribute and write them back to the directory:
Read table attributes with Key var = 'USERNAME' fld = 'BAPIBNAME' assigning <hybral>.
READ TABLE <hybral>-vals index 1 ASSIGNING <vals>.
CONCATENATE '(&(objectclass=user)(samaccountname=' <vals>-val '))' into filter.
CALL FUNCTION 'LDAP_READ'
EXPORTING
* BASE = ''
base_string = 'ou=test-ou,dc=test-domain1,dc=test-domain2'
scope = 2
filter = filter
* FILTER_STRING =
* TIMEOUT =
attributes = it_attr
IMPORTING
ldaprc = ldaprc
entries = ldapetab
EXCEPTIONS
no_authoriz = 1
conn_outdate = 2
ldap_failure = 3
not_alive = 4
other_error = 5
OTHERS = 6
.
READ TABLE ldapetab INDEX 1 ASSIGNING <ldape>.
READ TABLE <ldape>-attributes WITH KEY name = 'PROXYADDRESSES' INTO ls_attribute_ldap.
ls_attribute_ldap-typ = 'C'.
INSERT ls_attribute_ldap INTO TABLE attributes_ldap.
at the end of the module i export the values into attributes_ldap. When i debug the folowing steps, the values are cummincated throughout the ldap-function-modules that are used by rsldapsync_user. The ldap_modify module exports a returncode 53.
Now i want to know if it is possible to update the proxyaddresses-attribute in this manner. Are there any mistakes in my thinking or in the posted function-module. Does anyone of you have some experience updating multiple line entries in Active Directory via SAP-LDAP?
Thanks in advance
Okay i got the reason i could not write to the directory: Wrong port.
Now i changed the port from 3268 to 389, and i face a new problem.
On port 3268 the baseDN "dc=dom1,dc=dom2" worked very well. I could read the whole directory. With port 389 the read/write modules only work with a baseDN like "ou=myou,dc=dom1,dc=dom2". The situation in the directory is, that user-objects are distributed over OUs of the first OU-level (after dc=dom1). Does this make it impossible to configure only one scenario for the report rsldapsync_user? Are there any other solutions besides a AD-Redesign or multiple LDAP-Servers in transaction LDAP?
Thanks in Advance
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Now i wrote a function module which reads an attribute and tries to write it back to the active directory.
*"----------------------------------------------------------------------
*"*"Lokale Schnittstelle:
*" IMPORTING
*" REFERENCE(IP_UNAME) TYPE XUBNAME
*" EXPORTING
*" VALUE(EP_MAIL) TYPE STRINGVAL
*"----------------------------------------------------------------------
DATA: wa_attr TYPE ldapas,
it_attr TYPE ldapastab,
ldapetab TYPE ldapetab,
ldaprc TYPE ldapdefs-ldrc,
filter TYPE ldap_filt.
FIELD-SYMBOLS:
<ldape> TYPE ldape.
wa_attr-typ = 'C'.
wa_attr-name = 'SAMACCOUNTNAME'.
APPEND wa_attr TO it_attr.
wa_attr-name = 'PROXYADDRESSES'.
APPEND wa_attr TO it_attr.
CONCATENATE '(&(objectclass=user)(samaccountname=' ip_uname '))' INTO filter.
CALL FUNCTION 'LDAP_SYSTEMBIND'
EXPORTING
serverid = 'WSWACTIVEDIR'
writeread = 'W'
* WAIT_TIME = 0
IMPORTING
ldaprc = ldaprc
* BASEDN =
* BASEDN_STRING =
* CHANGING
* HOLDSESS = 0
* EXCEPTIONS
* NO_AUTHORIZ = 1
* CONFIG_ERROR = 2
* NOMORE_CONNS = 3
* LDAP_FAILURE = 4
* NOT_ALIVE = 5
* OTHER_ERROR = 6
* OTHERS = 7
.
IF sy-subrc <> 0.
* MESSAGE ID SY-MSGID TYPE SY-MSGTY NUMBER SY-MSGNO
* WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4.
ENDIF.
CALL FUNCTION 'LDAP_READ'
EXPORTING
* BASE = ''
base_string = 'ou=wsw-benutzer,dc=stadtwerke,dc=loc'
scope = 2
filter = filter
* FILTER_STRING =
* TIMEOUT =
attributes = it_attr
IMPORTING
ldaprc = ldaprc
entries = ldapetab
EXCEPTIONS
no_authoriz = 1
conn_outdate = 2
ldap_failure = 3
not_alive = 4
other_error = 5
OTHERS = 6
.
IF sy-subrc <> 0.
* MESSAGE ID SY-MSGID TYPE SY-MSGTY NUMBER SY-MSGNO
* WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4.
ENDIF.
READ TABLE ldapetab INDEX 1 ASSIGNING <ldape>.
CALL FUNCTION 'LDAP_UPDATE'
EXPORTING
entry = <ldape>
IMPORTING
ldaprc = ldaprc
* EXCEPTIONS
* NO_AUTHORIZ = 1
* CONN_OUTDATE = 2
* PARAM_ERROR = 3
* LDAP_FAILURE = 4
* HEXVAL_ERROR = 5
* NOT_ALIVE = 6
* OTHER_ERROR = 7
* OTHERS = 8
.
IF sy-subrc <> 0.
* MESSAGE ID SY-MSGID TYPE SY-MSGTY NUMBER SY-MSGNO
* WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4.
ENDIF.
After LDAP_READ the ldaprc = 0.
After LDAP_READ ldaprc is 53.
So i can exclude a wrong mapping in transaction ldap.
Edited by: Jan Martin Müller on Jun 9, 2010 3:17 PM
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I found the time to try a simple mapping via rsldapsync_user. i mapped ADDRESS-FIRSTNAME to GIVENNAME and activated both export checkboxes. If i start the sync-report i get the same error code as mentioned above. So i think the reason is in my mapping or some ad-settings.
Can somebody help me please.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
101 | |
13 | |
13 | |
11 | |
11 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.