Archived discussions are read-only. Learn more about SAP Q&A

LDAP Synch up - how to avoid same ids being given to new users in SAPR3 ?


I have always faced this problem.

We have this STANDARD SAP LDAP Sychn up background job being run periodically.

This job checks for the NEW users created in Windows AD - and assigns normal general roles which are applicable for all employees.

We have the policy to assign roles based on position - which is indirect role assignment.

So every employee has a unique position created - hire to retire.

However there is a confusion on the user IDs which come from Windows AD.

E.g. : Harry Potter HARRYP - user id on windows AD / and in SAP R/3 user id.

User HarryP - leaves the co. Say had left the co in Jan 31 2012.

As per LDAP Synch up the user id is gone from Windows AD - and in SAP R/3 - for the user in SU01, shows the proper valid thro date as 31/1/2012.

Today 16th april 2012  - another employee HARRY PETER - USER ID HARRYP (is available on Windows AD) so is given to this employee.

New position generated for this employee - but same id HARRYP is being assigned as per the LDAP Sychn up job.

So when you check SU01 for this new user HARRY PETER - HARRYP - it picks up the old id, with valid thro date - and shows 31/1/2012.

But all other details are reflected as per new employee details HARRY PETER.

Under these circumstances, i have to manually edit - and remove the valid thro date.

So that the NEW user can login to the internal company portal etc.

I would like to know as to whether we could avoid this scenario.

It looks like SU01 and PA20 are looking at different things in the background in SAP.

I checked whether any possiblity to avoid this on AD level itself, i was not finding anything.

Or whether anything could be there - as a logic written, so that the system does not assign the windows AD blindly to any NEW USER being created in SAP.

Can anyone advise on this.

Many thanks


Not what you were looking for? View more on this topic or Ask a question