Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

LDAP synchronization problem with SNC field

Former Member

‎07-05-2010 8:12 AM

0 Kudos

Hi,

I have configured LDAP and SNC for ABAP stack using Kerberos. During the mapping of SNC filed with Active directory attribute I am facing a problem. The SNC cannonical name should be like p:Username<at>DOMAIN.COM but I can only map this to either p: (as constant) or Username<at>DOMAIN.COM but I can not map these two to the SNC filed same time. Is there any functional module available so that I can map the filed to constant value and the AD attribute same time? or I must modify all users info manually in SNC field?

Please provide some solution to my problem.

Thanks,

Ajay.

7 REPLIES 7

Former Member

‎07-05-2010 8:26 AM

0 Kudos

hi,

The above problem got resolved now I can get both in the SNC filed but the DOMAIN.COM should be in capital letters. The AD attribute is in small letters. Is there any way that I get DOMAIN.COM in capital letters or Can I configure SNC to recognize small letters also? Please advise.

Thanks,

Ajay.

Former Member
In response to Former Member

‎07-06-2010 5:52 PM

0 Kudos

Ajay,

This looks like a Basis question.

Let me tell you the only way you could change your domain name to required casing is do it at the operating system level.

and restart your machine to take effect.

Not sure about you configuring SNC that way, I would suggest follow the best practices recommended by SAP

there is very good instruction on help.sap.com on this it walks you through each and every step.

tim_alsop
Active Contributor
In response to Former Member

‎07-06-2010 10:04 PM

0 Kudos

Ajay,

An Active Directory domain name is in lower case, and when shown in upper case it is known as a Kerberos realm. e.g. if domain is company.com then the Kerberos realm is COMPANY.COM

For mapping, the SNC name in SAP USRACL table needs to be p:<Kerberos principal name of user>

The Kerberos principal name will be something like user @ COMPANY.COM

If you want to map the USRACL entry with a user attribute in AD, you need to use an attribute which contains the users Kerberos principal name, e.g. user @ COMPANY.COM and not one containing the users domain name, since the domain name is lower case.

Thanks,

Tim

Former Member
In response to Former Member

‎07-07-2010 9:23 AM

0 Kudos

Hi Tim,

I have verified our Active directory attributes but I could not find an attribute with Kerberos realm principal name like user @ COMPANY.COM on the Active directory but it contains userPrincipalname like user @ company.com.

Is there any functional module to combine 3 attributes to one SAP field?

Thanks,

Ajay

tim_alsop
Active Contributor
In response to Former Member

‎07-07-2010 9:49 AM

0 Kudos

What does userPrincipalName contain ?

Former Member
In response to Former Member

‎07-07-2010 12:05 PM

0 Kudos

The userPrincipalName contains like user @ company.com. Which is in small letters.

Thanks,

Ajay

Former Member

‎10-11-2011 6:37 PM

0 Kudos

Hello Ajay_Basis,

im working on the same issue. How did you solved the problem?

Thanks in advance