Hi and thanks for answering.

Actually our AD is not outside standard, it was designed and installed by certified MS consultants. In fact your wikipedia link talk about "Forests, trees, and domains", that is the normal structure for Active directory (usually a root domain and several child domains composing one unique hierarchical structure).

Main problem is that, as told, standald AD is able, thru its global catalog synchronization rules, to replicate users information form one domain to any other in the forrest...all but not the passwords that remain only at child domain level.

To tell you all, password centralization (and real LDAP functionalities) into the microsoft world is performed by something different from a standard AD: for this purpose, I believe, you have to setup an ADAM system (Active Directory Application Mode), but this is another story.

Regarding your second comment, actually we would like to use LDAP and not the internal MDM security for one reason that I did not specify: the connection to MDM will not be performed only thru the MDM Data Manager, but also in a remote way from our ECC systems thru the usage of the MDM ABAP API (see the MDM_TECH addon...). And consider that the "MDM ECC users" will be thousands and thousands, so it's not worth it to create them one by one inside MDM as you can understand.

Thanks again,

Rinox

Hello Rinox

1) You can ask your ms guys about AD configuration AD "de facto" global technoligy not only MS.

2) for connect from another system to mdm you should determine it's IP adress in mds.ini file. External systems may be more than one.

MDM not support SSO technology it mean this you will connect to mdm as user which already present in mdm

out mdm instance working under LDAP

We are using connection to mdm from rich clients and from ABAP and JAVA API we are working with mdm through WEB services

without problem.

For ABAP and Java connections we create special users in MDM and in ECC and that users present in AD

ECC is working under AD too.

But we spend more time for alignment ECC and mdm users.

You can open SAP OSS Note.

When we had problem with mdm perfomance under Tivoli AD we did that and guys from SAP provided patch to us.

just remind you:

"The MDM software adds no records to the LDAP directory, nor does

it otherwise manage or make any design changes to its structure. It

only performs u201Clookupsu201D from the LDAP directory to read its contents.

u2022 Single sign-on is not supported. Instead, MDM client software

prompts the user for name and password. It was done this way for

simplicity, interoperability with UNIX systems, and flexibility with

various client programs or network configurations such as VPNs.

u2022 MDM supports either LDAP users or MDM users, but not both

simultaneously.

u2022 MDM does not support connections to multiple LDAP directories."

Regards

Kanstantsin Chernichenka

thanks Kanstantsin.

So the answer to my question is inside your last sentence: "MDM does not support connections to multiple LDAP directories". May I know where did you find this sentence? I have the others from the MDM Console Reference Guide, but I cannot find the one I need.

Thanks,

R.

OK...I was reading a previous version of the Guide, now I found it.

Well...it seems that there's no hope for me to solve the problem, I'll try to find an alternative solution.

Thanks all for the support