cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

GRC10 LDAP as search data source

Go to solution
Former Member

on ‎10-04-2012 3:41 PM

0 Kudos

GRC  AC 10.0, AD as LDAP, configured LDAP as outlined in the pdf...in tcode LDAP, able to connect and search for users.  However, when running sync job against the LDAP connector, I get "User adapter is empty".  Also, when creating an access request, unable to search LDAP, which is configured as the search data source, actually configured as search, detail, authentication, and verification...does not work for any of them.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

neerajmanocha
Product and Topic Expert
Product and Topic Expert
‎10-23-2012 6:57 AM
0 Kudos

Hi Jack,

Please check the below.

1. LDAP connector name should be identical as LDAP Server name. Please check if this is same?

2. What string is used while searching users in LDAP. Execute LDAP tcode and find the users with default string. for example ...(&(objectclass=*)(samaccountname = a*)). If you have some different string to serach users, then we need to find out from LDAP team if they can set your searchable string as default.

3. Check whether Base Entry is maintained in LDAP tcodes for your LDAP server. If not, maintain that as well.

4. Refer to SAP Note "1755767 - Repository object sync from LDAP fails".

Following these steps will ensure that you have all the configuration as per recommendations.

Thanks & Regards

Neeraj

Show replies
Show replies

Answers (2)

Answers (2)

Former Member
‎10-05-2012 8:49 AM
0 Kudos

Hi Jack,

Please review the sap notes-

1663546

1684059

1702714

1698372

1562760

1584110

1698372

1698372

Kindly check that your LDAP server is configured properly.

Additionally, review the threads-

http://scn.sap.com/thread/2061733

Hope this helps.

Best Regards,

Nandita

Show replies
Show replies
Former Member
‎10-08-2012 9:49 PM
0 Kudos

I'm on SP09, so the notes are applied....I can do a "find" in the LDAP transaction just fine, when I do a search in GRC10 (access request), I only get "some" of the possible hits (when doing it from tcode LDAP, I get all possible hits).  And the mapping looks OK, I picked SU01 as user type in Data Source Mapping....Picked real-time LDAP access.

Former Member
‎10-10-2012 6:03 PM
0 Kudos

Opened a message with SAP...I think the field that defines the LDAP connector attribute is not long enough.  Set to char(30) and I need char(35) at a minimum.  Unless someone knows how to get around this?  Any Ideas?

former_member541582
Participant
‎10-22-2012 4:58 PM
0 Kudos

Hi mate,

I've been exactly in your spot a while ago. I'm now trying my best to remember what I did to fix it...

Think it was following (LDAP connector properties):

Max.Retention Period:1440

Code page: 0

Page Size: 500    

restart the connector...

Cheers,

Vit

premb
Product and Topic Expert
Product and Topic Expert
‎10-04-2012 4:34 PM
0 Kudos

Hi Jack,

Make sure your logical port in SPRO is same as your LDAP server in LDAP transaction. If you still

face issue, then change the server name same as logical port.

thanks

Prem

Show replies
Show replies
Former Member
‎10-04-2012 4:54 PM
0 Kudos

Did both..full function in tcode LDAP....GRC10 not working...RFC trace for user sync below

==============start======================

[Thu Oct 04 11:18:09 2012] Thread 3076 (LDAPRFC_LOAD, 2009)

LDAPRFC_LOAD (RFC handle 1) starting

[Thu Oct 04 11:18:09 2012] Thread 3076 (TraceRfcSendData, 1892)

Sending data

  LOAD            (I): 6

[Thu Oct 04 11:18:09 2012] Thread 5076 (LDAPRFC_BIND, 770)

LDAPRFC_BIND (RFC handle 3) starting.

[Thu Oct 04 11:18:09 2012] Thread 5076 (TraceRfcGetData, 1865)

Received data

  LDAPHOST        (C): ITGC2BVFCORP1.VFC.COM

  LDAPPORT        (I): 389

  AUTHMECH        (I): 0

  HOLDSESS        (I): 0

  VERSION         (I): 2

  LDAPRC_RETURN   (I): 1

  UNAME           (C): STILESJ

  USER_STRING     (S): CN=STILESJ,OU=Services,OU=North America,OU=XP People,DC=VFCORP,DC=VFC,DC=COM

  PASSWORD_STRING (S): ********

  Table CRED_IN         (   0 lines)

[Thu Oct 04 11:18:09 2012] Thread 5076 (ABAPbind, 386)

Slot 2 (STILESJ): >>> ldap_initU(host="ITGC2BVFCORP1.VFC.COM", port=389)

[Thu Oct 04 11:18:09 2012] Thread 5076 (ABAPbind, 394)

Slot 2 (STILESJ): <<< ldap_initU() == <NOT NULL> := connected

[Thu Oct 04 11:18:09 2012] Thread 5076 (ABAPbind, 514)

Slot 2 (STILESJ): >>> ldap_simple_bind_sU(dn="CN=STILESJ,OU=Services,OU=North America,OU=XP People,DC=VFCORP,DC=VFC,DC=COM", password: not initial)

[Thu Oct 04 11:18:09 2012] Thread 3076 (LDAPRFC_LOAD, 2033)

LDAPRFC_LOAD (RFC handle 1) done

[Thu Oct 04 11:18:09 2012] Thread 5076 (ABAPbind, 525)

Slot 2 (STILESJ): <<< ldap_simple_bind_sU() == 0 := success

[Thu Oct 04 11:18:09 2012] Thread 5076 (TraceRfcSendData, 1892)

Sending data

  HOLDSESS        (I): 0

  KEY             (I): 522233410

  LDAPRC          (I): 0

  LDAP_CONNECTOR_VERSION (I): 208

  Table CRED_IN         (   0 lines)

[Thu Oct 04 11:18:10 2012] Thread 4172 (LDAPRFC_SEARCH, 1164)

LDAPRFC_SEARCH (RFC handle 2) starting

[Thu Oct 04 11:18:10 2012] Thread 4172 (TraceRfcGetData, 1865)

Received data

  KEY             (I): 522233410

  BASE            (C):

  SCOPE           (I): 2

  MODE            (I): 24

  FILTER          (C):

  TO_SEC          (I): 0

  TO_USEC         (I): 0

================end=====================

Ask a Question