Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

Active Directory schema extensions

Former Member
0 Kudos

Hi

We are in a process of implementing SAP LDAP sync to manage users from MS Active Directory. SAP requires schema extension generated by RSLDAPSCHEMAEXT program to be applied to Active Directory so that report RSLDAPSYNC_USER can be identify SAP users in MS AD.

The MS AD team says that any non miscrosoft schema extensions are not supported as OIDs of the schema might conflict with other applications / patches.

Are the MS AD schema extensions generated by SAP program RSLDAPSCHEMAEXT supported / certified by Microsoft.

Harsh

3 REPLIES 3

juergen_kremp
Explorer
0 Kudos

Hello Harsh,

as described in SAP Note 793191, the directory schema extension is not a "must", but only a convenience option for customers that want to use the predefined mappings.

You can easily create mappings that map the fields you want to directory attributes you already have in the directory. This is also described in the note.

Kind regards,

Juergen Kremp

Andre_Fischer
Product and Topic Expert
Product and Topic Expert
0 Kudos

Hi Harsh,

I would like to point you also to <a href="http://service.sap.com/~form/handler?_APP=01100107900000000342&_EVENT=REDIR&_NNUM=888848&_NLANG=E">SAP Note 888848 - Notes on schema enhancement with RSLDAPSCHEMAEXT</a>.

It especially states that:

..."The text document generated by RSLDAPSCHEMAEXT was supplied and validate as part of a certification process by the directory vendor."...

that means in this case by Microsoft.

If you decide not to use the schema extension that has been supplied by Microsoft you can use attributes that are already existing in your Active Directory as Juergen already pointed out.

As an example Microsoft Exchange Server creates several additional attributes such as extensionattribute1, ... , extensionattribute15 as part of the installation process. These attributes might be an option for you if you do not want to use the schema extension suggested by RSLDAPSCHEMAEXT.

Please have in mind that the filter attribute that you will use to determine the SAP username should be indexed since this will reduce the synchronization time.

Best Regards,

André

ceterum censeo RAP esse utendam

Former Member
0 Kudos

I see reference to SAP Note 793191 but I cannot seem to find that note. Can someone show me where that note is so I can read it?

-Thanks