Hello Matteo,

we faced the same problem. I don't understand what was in the mind of the developer, as he created the report.

We resolved the problem as following:

Create a Customizingtable in SE11 which has only one Field (Filter)

Edit the Function LDAP_MAP_FILTEREXT which is used by the RSLDAPSYNC_USER Report to create the LDAP Filter. (Yes, also the report has to create a filter to send a question to the LDAP, but in standard you cannot say how the filter is created...)

SE37 -> LDAP_MAP_FILTEREXT

go to the end of the Function and add an ENHANCEMENT (because it is on the end of the function it is not an modification!)

Save and activate.

The logic is like this, if you maintain an filter entry in this table, the report will use this filter to collect the LDAP objects which will be passed to the SAP system. If the table is empty, it will use the SAP Standard Filter

example: (&(OBJECTCLASS=PERSON)(ISSAPUSER=YES))

btw. In our case SAP in standard creates a filter like this (&(OBJECTCLASS=PERSON)(UID=*))

All the other selection fields in the report, like username, usergroup or usertype are used on the ldap object returned by the call with this filter.

e.g. Filter: (&(OBJECTCLASS=PERSON)(ISSAPUSER=YES))

In LDAP you have:

CN=SAPUSER1 (Attribute ISSAPUSER=YES)

CN=SAPUSER2 (Attribute ISSAPUSER=YES)

CN=USER3 (Attribute ISSAPUSER=NO)

CN=ADMIN1 (Attribute ISSAPUSER=YES)

In the RSLDAPSYNC_USER Report you will add a exclution filter on the Username ADMIN1.

The report will receive 3 users as an result with its LDAP Query (SAPUSER1, SAPUSER2 and ADMIN1).

After that it will remove ADMIN1 from the list of users to sync.

Which means, you have to exclude usergroups like SUPER, ADMIN and only include dialog users.

Otherwise, the report will lock or delete your system / background users

Regards

Manuel