cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

LDAP search

Go to solution
Former Member

on ‎04-16-2013 10:30 PM

0 Kudos

Hi All

I have below questions :

1.Is there any way we can restrict or pull users from a particular LDAP Groups only into GRC AC 10.0 system front-end.If yes how to write the base entry for the same.

2.In my LDAP search I am getting users from LDAP search in GRC but both firstname and surname are same as firstname(Screenshot attached below)

3.Can I extend or delimit the number of entries for search or finding.As I get error message in transaction LDAP when I try to find users from directory saying "Maximum number of find results exceeded.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Colleen
Advisor
Advisor
‎04-18-2013 12:06 AM
0 Kudos

Hi Pradeep

Question 1

Not sure if SAP LDAP can lookup users who belong to a specific LDAP group

If your IT can do this, another option is to build an LDAP (read only) is populated by a script (e.g. refresh every night). The script is used to only select the AD users who belong to the specific group. You can then connect the SAP LDAP to this LDAP instead. It means work outside of SAP and you would need to make this LDAP highly-available.

Question 2

  • Check you transactions LDAPMAP and LDAP to make sure you have identified the correct AD fields for firstname and surname (I assume givenName and sn)
  • Check IMG "Maintain Mapping for Actions and Connector Groups" for LDAP connector group and 0004 action (provisioning) to ensure that you have AC Field to LDAP field mapped correctly. Under "Assign group field mapping" check that AC Field Names for LASTNAME and FIRSTNAME are mapped to SN and GIVENNAME respectively
  • Check Configuration Parameter 2052 is relevant for you

Question 3

Would this be the Page Size set in transaction LDAP > LDAP Connectors: Use "

This allows you to avoid restrictions with regard to the maximum number of hits that exist in some directory servers."

Also - when you search in question 3 what criteria are you entering? It may be need to restrict in your search.

If you are still having issues, I would recommend you post some screen shots of your configuration for LDAP and Conenctor AC Field mappings.

Show replies
Show replies
Former Member
‎05-15-2013 11:26 AM
0 Kudos

Hi Colleen

I have resolved this issue.It was base entry issue.

Regards

Pradeep

Former Member
‎09-18-2013 7:22 PM
0 Kudos

Hello Pradeep,

I have a similar issue that you had. Could you please let me know how you resolved this?

Thanks,

Pawan

former_member193066
Active Contributor
‎09-19-2013 8:17 AM
0 Kudos

get the proper base entry from your netwrk team.

maintain that in LDAP 

Regards,

Prasant

Former Member
‎09-19-2013 2:18 PM
0 Kudos

Hi Pawan

It was an base entry issue.You need nto contact your Active directory team or network team to get your LDAP path from where the users needs to be pulled and that path need to be defined as a base entry in the t-code LDAP in GRC system.

Regards

Pradeep

Answers (0)

Ask a Question