Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Filtering only enabled accounts in LDAP and synchronizing with SAP ABAP

Go to solution
Former Member

‎10-27-2010 3:14 PM

0 Kudos

Hello,

Is there any possible to synchronize only active users from Microsoft active directory with SAP ABAP. I have a synchronizaiton program which works just fine. However, the program doesn't distibguish between the active and inactive accounts. I have used the exisitng synchronization program RSLDAPSYNC_USER.

I would just like to create the active accounts in SAP and lock the disabled ones or those doesn't exist. Assignment of roles will be taken care with the different procedure.

Using (&(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=2)) this string I can filter only active users in the ldap transaciton. I would like to use the same for synchronizaiton program.

Some information about AD structure:

We have 40 sites. Each site has some OUs. Out of which one of the OU is Disabled users. Tried to synchronize with user id pattern, however users have moved around with same user id in different sites with same user id.

Regards,

Gowrinadh

1 ACCEPTED SOLUTION

Go to solution
mvoros
Active Contributor

‎10-27-2010 11:59 PM

0 Kudos

Hi,

unfortunately, there is no use exit which can be used to filter out entries in RSLDAPSYNC_USER. But if you want to do this on SAP side then you can use enhancement framework to amend logic of this report. I don't know too much about AD but isn't possible to create a filter and use it for connection for SAP?

Cheers

5 REPLIES 5

Go to solution
sdipanjan
Active Contributor

‎10-27-2010 3:40 PM

0 Kudos

Hi,

Basically the AD sync job does the job for both Active and Invalid users. So any user id removed or deactivated by validity date will be updated in SAP as well. If you see that the Lock status is not getting reflected in SAP from MS AD then check the configuration parameters in [UME LDAP Configuration Tool|http://help.sap.com/saphelp_nw04/helpdata/EN/eb/00954081efb90ee10000000a155106/frameset.htm].

Regards,

Dipanjan

Go to solution
Former Member
In response to sdipanjan

‎10-27-2010 4:34 PM

0 Kudos

Hi,

I am just synchornizing with CUA in SAP ABAP only. No UME configuration required.

Regards,

Gowrinadh

Go to solution
sdipanjan
Active Contributor
In response to sdipanjan

‎10-27-2010 8:13 PM

0 Kudos

Hi,

Ohh ... I see... then You can look into this.

[Configuring the CUA u2013 LDAP Connection|http://help.sap.com/saphelp_em70/helpdata/en/42/dbb9263f382cede10000000a1553f7/frameset.htm]

Regards,

Dipanjan

Go to solution
Former Member
In response to sdipanjan

‎10-28-2010 8:38 AM

0 Kudos

Dipanjan,

I appreicate your knowledge on Sap help portal..

Martin,

Yes enhancements or the new programming could help. when I try to search in the ldap transaction, I can use the filter string to find accounts. I am surprised on why we can't reuse the same in normal synchronization with out going for customization.

Hence posted to see if any one has faced this problem before.

Regards,

Gowrinadh

Go to solution
mvoros
Active Contributor

‎10-27-2010 11:59 PM

0 Kudos

Hi,

unfortunately, there is no use exit which can be used to filter out entries in RSLDAPSYNC_USER. But if you want to do this on SAP side then you can use enhancement framework to amend logic of this report. I don't know too much about AD but isn't possible to create a filter and use it for connection for SAP?

Cheers