on 07-20-2012 12:32 AM
I follow the entire guide but I am not able to see users when I am creating an acces request.
could you help me? please
Thank you.
Hi,
I hope your issue has been resolved if not ask below parameters from your LDAP team. best way call them in a meeting and once you add all below information and still not working ask for wire trace. that's how I resolved my issue.
LDAP Connector action 0003
LASTNAME
FIRSTNAME
USERID
ROLE_NAME
MANAGERID
LDAP Connector action 0004
USERID
MANAGERID
ROLENAME
FIRSTNAME
LASTNAME
LDAP Connector action 0003
User:OC
Roles:OC
GROUPMEMBER
LDAP_END_USER_AUTH_SUFFIX (MOST IMPORTANT)
LDAP Connector action 0004
GROUPMEMBER
Roles:OC
User:OC
GROUP PATH OU=GROUPS, OU=FAP, O=??
USER PATH OU=PEOPLE, OU=FAP, O=??
Let me know how it goes.
Khurram
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Khurram,
I have a query regarding the user and group paths. Are they necessary? As they are limited to 30 characters our full path doesn't fit. I left them blank and it seems that our base entry is sufficient to fetch the user data from our LDAP during request creation. But our sync with LDAP fails. First the role sync and then the user sync.
Hi folks,
Just wanted to report in that my sync job now is running.
I found out that the job was canceled due to max records exceeded. After some researching I set the Page Size parameter to 500. And it seems to work!
PS. Don't forget to switch off the trace before you trigger the sync job
Kind Regards,
Vit
Do not use USER_PATH if its length is greater than 30, for realtime search.
regards.
Leon
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Guys
I could sync roles and users, Thank you for all your recommendations.
I had to debug the program in order to see why sync was failing and I found that base entry was missing so I add this value at the LDAP Server configuration and I could sync succesfully.
the next question is what for GROUP_PATH and USER_PATH?
Thanks everybody!
Regards,
Leon.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
Group paths n user paths are maintained in LDAP. good news.. not our job to maintain as GRC consultant.
User Path
branch of directory where information about users is stored
ou=CorporateUsers,c=us,o=mycompany
Group Path
branch of your directory where information about the groups of portal users is stored
ou=CorporateGroups,c=us,o=mycompany
The guide works up to the point of getting the basic connection established. The users will need ot be sync'd in via the Object Repository job.
Having said that, I had flaky response time issues once configured at one implementation and it required the Networks and Basis team members help to fix the issue.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I will apply note 1736230, I hope this could fix it
Thank you.
Leon
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Leon,
I Think that is one of the problem. You have to do something with the LDAP administrator to allow the user used in the connection to browse users.
We made the following to correct this over the ldap user:
ldifde-r servicePrincipalName = HTTP / <server grc>-f out.ldf
The result should show an entry for the user created previously.
Hope its helps
regards,
Hi Leon,
After testing the solution if you still face issue then kindly ref the below SAP Note
#1598336: User Search does not return any result
#1663546: UAM: LDAP user sync failure
#1698372: UAM: LDAP Group Parameter Setup is Case Sensitive
#1728322: UAM: Issues with LDAP connector regarding datasearch
#1736230: UAM: LDAP User Synch job synching non user records from LDAP
Regards,
Shaily
Leon,
Can you please tell me how I can log on to LDAP from "LDAP" transaction?
I tried to click on "Log On" button under operations pane. Then I input the user name/password shared by AD Admin team. But it says "Connection Error Occurred" as error and no further details of the error are provided.
Please suggest.
Regards,
Faisal
You should verify that user has permission to access AD
Early Claudio shared this:
We made the following to correct this over the ldap user:
ldifde-r servicePrincipalName = HTTP / <server grc>-f out.ldf
The result should show an entry for the user created previously.
Hope its helps
regards,
1. Create a connector type T
2. at TXN LDAP:
a) Define system users (Domain\user)
b) Define LDAP Server, using User ID of previous step
c) Then at LDAP Connectors config and active the connector
d) at the main window select: Server and connector
e) and click Log on button
f) Active check Use System User
g) and click execute button
status would be green.
- try to use IP address instead of hostname
- especify the user with the format -> domain\user
Hope its helps
regards,
Hi Leon,
Have you got the result after running the sync job for the LDAP connector? Or you are facing error in running the sync job.
Regards,
Shaily
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Leon,
The guide provided in SAP Note:- will help in setting up the LDAP as the data source.
As per the initial description of the issue that user details are not getting fetched, I would recommend
you to please follow SAP Notes: 1663546, 1698372,1684059 and 1702714.
All parameters and corrections till now are briefly explained.
Regards,
Akhil Chopra
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.