Syncronization with AD multiple domain

MaurizioAG · ‎06-18-2012

Hi,

we try to implement syncronization od user data between SAP ABAP system and AD (win2008 R2).

In AD there are a domain X that include all the users and a domain Y that include all the group: this two domains are placed in different server. We cannot change this configuration. We have a group called "SAPuser" that include all the user that have to be syncronized.

SERVER1 --> domain X (user)

SERVER2 --> domain Y (group)

In transaction LDAP when I create the LDAP connector I set, in particular, this parameter:

- Hostname: SERVER1

- Base Entry: Distinguished name of group "SAPuser"

With this parameter the job RSLDAPSYNC_USER terminate in error becouse the group "SAPuser" is not in SERVER1, where I'm connecting.
Infact, if I modify the Base Entry and I leave it empty, the job run succesfully but my objective is to carry out the syncronization only with the user member of the group "SAPuser"!

Can anybody help me?

Thank you
Regards,
Walter

former_member2987 · ‎06-18-2012

Walter, are you trying to do this through IDM or via ABAP?

If you're going through IDM, you'll need to set up two copies of the Read Changed users from AD job, one pointing to a defined IDM repository for SERVER1, and one for SERVER2. These should probably point to different tables, but you can use the same table if you use the "Add Entries to table in the second pass of the job (connecting to SERVER2, assuming SERVER1 was processed in the first pass)

You can then do a to Identity Store pass where you update IDM with the AD user information and access the PF task that updates the ABAP system.

Matt

Syncronization with AD multiple domain

Accepted Solutions (0)

Answers (1)

Answers (1)

Re: Trigger Basic Idoc from scratch

Re: ABAP2XLSX in an old Abap version

Re: CIG transaction tracker handling

Re: CIG transaction tracker handling

Re: The data action couldn't run because of a prob...