on 10-04-2012 3:41 PM
GRC AC 10.0, AD as LDAP, configured LDAP as outlined in the pdf...in tcode LDAP, able to connect and search for users. However, when running sync job against the LDAP connector, I get "User adapter is empty". Also, when creating an access request, unable to search LDAP, which is configured as the search data source, actually configured as search, detail, authentication, and verification...does not work for any of them.
Hi Jack,
Please check the below.
1. LDAP connector name should be identical as LDAP Server name. Please check if this is same?
2. What string is used while searching users in LDAP. Execute LDAP tcode and find the users with default string. for example ...(&(objectclass=*)(samaccountname = a*)). If you have some different string to serach users, then we need to find out from LDAP team if they can set your searchable string as default.
3. Check whether Base Entry is maintained in LDAP tcodes for your LDAP server. If not, maintain that as well.
4. Refer to SAP Note "1755767 - Repository object sync from LDAP fails".
Following these steps will ensure that you have all the configuration as per recommendations.
Thanks & Regards
Neeraj
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Jack,
Please review the sap notes-
1663546
1684059
1702714
1698372
1562760
1584110
1698372
1698372
Kindly check that your LDAP server is configured properly.
Additionally, review the threads-
http://scn.sap.com/thread/2061733
Hope this helps.
Best Regards,
Nandita
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I'm on SP09, so the notes are applied....I can do a "find" in the LDAP transaction just fine, when I do a search in GRC10 (access request), I only get "some" of the possible hits (when doing it from tcode LDAP, I get all possible hits). And the mapping looks OK, I picked SU01 as user type in Data Source Mapping....Picked real-time LDAP access.
Hi Jack,
Make sure your logical port in SPRO is same as your LDAP server in LDAP transaction. If you still
face issue, then change the server name same as logical port.
thanks
Prem
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Did both..full function in tcode LDAP....GRC10 not working...RFC trace for user sync below
==============start======================
[Thu Oct 04 11:18:09 2012] Thread 3076 (LDAPRFC_LOAD, 2009)
LDAPRFC_LOAD (RFC handle 1) starting
[Thu Oct 04 11:18:09 2012] Thread 3076 (TraceRfcSendData, 1892)
Sending data
LOAD (I): 6
[Thu Oct 04 11:18:09 2012] Thread 5076 (LDAPRFC_BIND, 770)
LDAPRFC_BIND (RFC handle 3) starting.
[Thu Oct 04 11:18:09 2012] Thread 5076 (TraceRfcGetData, 1865)
Received data
LDAPHOST (C): ITGC2BVFCORP1.VFC.COM
LDAPPORT (I): 389
AUTHMECH (I): 0
HOLDSESS (I): 0
VERSION (I): 2
LDAPRC_RETURN (I): 1
UNAME (C): STILESJ
USER_STRING (S): CN=STILESJ,OU=Services,OU=North America,OU=XP People,DC=VFCORP,DC=VFC,DC=COM
PASSWORD_STRING (S): ********
Table CRED_IN ( 0 lines)
[Thu Oct 04 11:18:09 2012] Thread 5076 (ABAPbind, 386)
Slot 2 (STILESJ): >>> ldap_initU(host="ITGC2BVFCORP1.VFC.COM", port=389)
[Thu Oct 04 11:18:09 2012] Thread 5076 (ABAPbind, 394)
Slot 2 (STILESJ): <<< ldap_initU() == <NOT NULL> := connected
[Thu Oct 04 11:18:09 2012] Thread 5076 (ABAPbind, 514)
Slot 2 (STILESJ): >>> ldap_simple_bind_sU(dn="CN=STILESJ,OU=Services,OU=North America,OU=XP People,DC=VFCORP,DC=VFC,DC=COM", password: not initial)
[Thu Oct 04 11:18:09 2012] Thread 3076 (LDAPRFC_LOAD, 2033)
LDAPRFC_LOAD (RFC handle 1) done
[Thu Oct 04 11:18:09 2012] Thread 5076 (ABAPbind, 525)
Slot 2 (STILESJ): <<< ldap_simple_bind_sU() == 0 := success
[Thu Oct 04 11:18:09 2012] Thread 5076 (TraceRfcSendData, 1892)
Sending data
HOLDSESS (I): 0
KEY (I): 522233410
LDAPRC (I): 0
LDAP_CONNECTOR_VERSION (I): 208
Table CRED_IN ( 0 lines)
[Thu Oct 04 11:18:10 2012] Thread 4172 (LDAPRFC_SEARCH, 1164)
LDAPRFC_SEARCH (RFC handle 2) starting
[Thu Oct 04 11:18:10 2012] Thread 4172 (TraceRfcGetData, 1865)
Received data
KEY (I): 522233410
BASE (C):
SCOPE (I): 2
MODE (I): 24
FILTER (C):
TO_SEC (I): 0
TO_USEC (I): 0
================end=====================
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.