Hi,

As per our understanding, the directory services serves as a IT Address Book (for Users specially) to store some particular identities which are common in all applications like User Address data, Personal data (telephone number, Fax etc.), System specific information (SID, Printer settings etc.). If we integrate a directory service with SAP NetWeaver Application sever by using LDAP protocol we need it would help us to manager such a distributed storage of user identities in various software components from different vendors.

To be able to do such in SAP, the NetWeaver Application server is delivered with a LDAP Connector. SAP LDAP Connectors (represented by the program "LDAP_RFC" which runs as a registered server program) enables direct access to directories within ABAP applications via LDAP protocol. There is a pre-requisite exist for configuring LDAP connector: "The LDAP connector is available on most supported application server platforms; however it does need access to specific LDAP libraries which may or may not be installed in the on the given platform.

There are two possible options how to set up a LDAP connector:

1. LDAP connector can run as part of the SAP Application server. The executable ldap_rfc need to be put in the directory usr\sap\<SID>\SYS\exe\run (for WINDOWS) OR /usr/sap/<SID>/SYS/exe/run (for UNIX).

2. LDAP connector as part of the dedicated Active directory box.

So as a check we need to look for the placing of the executable based on the environment available here. Next paragraph describes different steps of the LDAP connector (check SAP Note# 188371)

LDAP is the tcode used to configure the LDAP connector:

1. LDAP Connector configuration

2. LDAP Server configuration

3. LDAP User (as of release 4.6C)

Configuring LDAP Connector:

1. RFC Destination: LDAP connector must be defined as a RFC destination of TCP/IP type (type T) that runs as a registered program (activation type = registration). Important: Define a local gateway in the gateway option (gateway host = <local host>); gateway service = sapgw<instance number>; Program ID should be the name of the RFC destination which is suggested by SAP as LDAP_<servername>.

2. Application server: name of the application sever where the LDAP Connector should be started if the CCMS monitoring setup is used.

3. Target status for CCMS monitoring (optional - means applicable when the type - 1 picture above is the case and CCMS is set up)

4. Trace level.

Activate the LDAP connector, The activation can be checked in the trace by using tcode ST11. File name would be (dev_<RFC NAME>.trc as shown below for our case.

Configuring LDAP Server

1. LDAP Server name: Logical name of the server (Note: activate Default one if want to user system default server name)

2. Host Name: host name of the LDAP server

3. Port number: 389 usually

4. Protocol version: usually LDAPv3 (version 3)

5. Base DN: Distinguished name of the root node of the directory tree

6. User ID (SAP version > 4.6C): logical name of the for log-on to

Configuring the LDAP User (>4.6C) - Needed to log-on to directory from SAP

1. User ID: Logical name of the system user

2. Distinguished Name: real name of the system user in the directory

3. Only Read Auth: activate if user is not intended to write to the directory from SAP

4. Auth. mechanism: log-on protocol (simple bind, i.e. user name / password combination)

5. Credential Storloc: Secure storage of the password

6. Credentials: Set or Delete the passwords

If you find any error while setting up the MS AD and SAP (good to perform it with a CUA), then you can check the following SAP Notes:

1434504: A program correction recently published by SAP in 2010 for the report RSLDAPSYNC_USER in CUA

485060: Multiple Program correction for CUA - AD sync issues

Regards,

Dipanjan