on 11-12-2013 6:37 AM
Dear All,
My LDAP connection is connected but when I run the synchronization with T-code RSLDAPSYNC_USER to get the data from active directory to SAP GRC its not coming.
When I try to create request the users do not come in access request when I search them.
Do I need to keep my LDAP connection always on? Whats a procedure.
Please check my issue.
Regards,
Abhisshek
Hello,
if you have performed whats mentioned in LDAp Config notes.
and result not coming up. would like you to check with your windows admin team and ensure you have correct base enntry. could you please maintain perfect base entry that will solve issue.
Regards,
Prasant
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Dear Julien,
I just maintained following settings in screenshot.
I assigned correct group field mapping and also the AD Parameter.
Please correct me if I have done wrong after checking these screenshots.
Dear Prashant,
I thing my windows team is really confused with these settings can you please advise how to maintain perfect base entry? I Really appreciate your feedback.
Regards,
Abhisshek
Dear Prasant,
This was the Issue I maintained perfect Base entry and Issue is partly resolved.
But now only Userid and last name is coming in access request not the first name and email address...
I can search the userid and last name but not the first name and email address please check the screenshot below.
Regards,
Abhisshek
I had a similar issue:
Julien
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Dear Julien,
Thanks for your reply.
I checked some of the attributes you mentioned
1) I Checked the AD server name, it is exactly the same as the RFC connection name.
2) I don't have anything in group parameters ( under Maintain Mapping for Actions and Connector Groups)
3) I have attached the screenshot for Logical port which should be exactly same with AD server name.
4) For Mapping please check the attached screenshot I guess everything is in uppercase.
Do attributes also needs to be in Uppercase??
5) Please let me know the correct steps where AD is declared in PROV and AUTH mapping.
I just want to correct me here if I did something wrong.
3/I thought to following customizing point
4/On my side, everything is in uppercase
5/Assign connectors in the AD connector type
3) This setting has been done already (Check in Common Component Settings/Integration Framework/Maintain Connectors and Connection Types/Define Connectors)
4) Attribute section in Mapping is coming in lowercase from active directory do we need to change these settings in active directory also ( I am not an Active directory expert so no idea)
5) These settings are done already (Common Component Settings/Integration Framework/Maintain Connection Settings/Scenario-Connector Link) but there is another drop down --> Maintain file path for logical connection do I need to add these settings as well? Please check the below screenshot.
Regards,
Abhishek
3/ Try with uppercase.
5/ No
Also:
GROUPMEMBER | member |
Roles:OC | group |
User:OC | person |
Julien
Abhisshek:
Are you trying to create SU01 users in GRC or only secure the data for the requests? If it is the latter, then you do not need to run the transaction you show above? Please advise what your intentions are.
if you are just looking for the Data to be filled in on the request screens, you need to MAP the fields from LDAP to GRC to AC, then set your LDAP Connector as the user details source as noted below by Prashant below. This is configured in the Access Control IMG.
Thanks,
Kevin Tucholke
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Dear Kevin,
I am trying to create users and give authorization with access request. The LDAP Connector has already been selected as the user details source in SPRO. (Correct me the step I thing could be wrong)
My LDAP connection is working and mapping has been done in GRC. The users created in active directory are also coming in new screen with user details when I go to transaction LDAP -> FIND -> Base entry and Filter but when I try to create access request userid (KAGED) or users first name and last name do not come in Access request 10 please check the screenshots below.
Are the fields mapped in the Mapping section under LDAP Server in Transaction LDAP?
You do not need to run the RSLDAPSYNC_USER program just to get the data to populate user data for requst itesm (i.e. First/Last Name, Manager, ...).
Your screen shot shows you are looking for a user ID. This would then also request that your LDAP connector is set up as the User Search Source as well.
Hope this helps.
Kevin
Make user search data source at LDAP.
Regards,
Prasant
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
HI Prashant,
Please tell me how? I know about 2051 parameter and I also said YES there.
with description Enable User ID Validation in Access Request against Search Data Sources.
When I do connection test with LDAP server I get below error
Can Someone who is an LDAP expert can confirm that LDAP connection is not set properly.
Regards,
Abhishek
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.