on 06-18-2012 5:17 PM
Hi,
we try to implement syncronization od user data between SAP ABAP system and AD (win2008 R2).
In AD there are a domain X that include all the users and a domain Y that include all the group: this two domains are placed in different server. We cannot change this configuration. We have a group called "SAPuser" that include all the user that have to be syncronized.
SERVER1 --> domain X (user)
SERVER2 --> domain Y (group)
In transaction LDAP when I create the LDAP connector I set, in particular, this parameter:
- Hostname: SERVER1
- Base Entry: Distinguished name of group "SAPuser"
With this parameter the job RSLDAPSYNC_USER terminate in error becouse the group "SAPuser" is not in SERVER1, where I'm connecting.
Infact, if I modify the Base Entry and I leave it empty, the job run succesfully but my objective is to carry out the syncronization only with the user member of the group "SAPuser"!
Can anybody help me?
Thank you
Regards,
Walter
Walter, are you trying to do this through IDM or via ABAP?
If you're going through IDM, you'll need to set up two copies of the Read Changed users from AD job, one pointing to a defined IDM repository for SERVER1, and one for SERVER2. These should probably point to different tables, but you can use the same table if you use the "Add Entries to table in the second pass of the job (connecting to SERVER2, assuming SERVER1 was processed in the first pass)
You can then do a to Identity Store pass where you update IDM with the AD user information and access the PF task that updates the ABAP system.
Matt
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
92 | |
11 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.