cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

LDAP is not working properly. My data from active directory is not coming in SAP GRC AC10

Go to solution
former_member399658
Participant

on ‎11-12-2013 6:37 AM

0 Kudos

Dear All,

My LDAP connection is connected but when I run the synchronization with T-code RSLDAPSYNC_USER to get the data from active directory to SAP GRC its not coming.

When I try to create request the users do not come in access request when I search them.

Do I need to keep my LDAP connection always on? Whats a procedure.

Please check my issue.

Regards,

Abhisshek

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

former_member193066
Active Contributor
‎11-20-2013 1:41 AM
0 Kudos

Hello,

if you have performed whats mentioned in LDAp Config notes.

and result not coming up. would like you to check with your windows admin team and ensure you have correct base enntry. could you please maintain perfect base entry that will solve issue.

Regards,

Prasant

Show replies
Show replies
former_member399658
Participant
‎11-20-2013 7:40 AM
0 Kudos

Dear Julien,

  • As per your advise I must change also the attributes also in Mapping right they should be all in uppercase?

  • Also Please tell me the steps here --> Maintain Connectors and Connection Types assign SOD-LOG to your AD group.

       I just maintained following settings in screenshot.

  •     I maintained the correct settings in Maintain Mapping for Actions and Connector Groups.

             I assigned correct group field mapping and also the AD Parameter.

             Please correct me if I have done wrong after checking these screenshots.


Dear Prashant,

I thing my windows team is really confused with these settings can you please advise how to  maintain perfect base entry?  I Really appreciate your feedback.

Regards,

Abhisshek

former_member399658
Participant
‎12-20-2013 7:30 AM
0 Kudos

Dear Prasant,

This was the Issue I maintained perfect Base entry and Issue is partly resolved. 

But now only Userid and last name is coming in access request not the first name and email address...

I can search the userid and last name but not the first name and email address please check the screenshot below.

Regards,

Abhisshek

former_member193066
Active Contributor
‎12-20-2013 9:02 AM
0 Kudos

This si Mapping issue.

go to LDAP MAP press F6  and use proposal.

. save it and go to Spro>GRc> Accecc control > maintain mapping for connector and connector group.

there you MAp field .

once you do that go to se38 and run rsldapuser sync job.

Regards,

Prasant

former_member399658
Participant
‎12-20-2013 9:34 AM
0 Kudos

Dear Prasant,

The mapping is accurately done please check the screenshot below and correct it if there is anything wrong.

And when I Run the Sync job I get the error.

Regards,

Abhisshek

former_member193066
Active Contributor
‎12-20-2013 7:17 PM
0 Kudos

you mapping is incorrect.

please see guide or go to LDAPMAP and see at bottom what is corresponding value for the same.

and ensure both in are same in LDAPMAP what value you put in.

had to be done for both AUTH and PROV.

Regards,

Prasant

Former Member
‎06-01-2015 7:52 AM
0 Kudos

Its an old post, but I had the same issue. Fixed with correction in Mapping as suggested on above post.

Updated 'synchronization' mapping within LDAPMAP to import the required entries (first name , email).

Answers (3)

Answers (3)

former_member72743
Explorer
‎11-18-2013 2:36 PM
0 Kudos

I had a similar issue:

  1. Make sure your AD is declared in PROV and AUTH scenario and correctly mapped
  2. Check the AD server name, it should be exactly the same as the RFC connexion name
  3. Mapping must be in uppercase
  4. Logical port should be defined with AD server name
  5. Also I deleted group parameters( under Maintain Mapping for Actions and Connector Groups) which solved my issue

Julien

Show replies
Show replies
former_member399658
Participant
‎11-19-2013 8:58 AM
0 Kudos

Dear Julien,

Thanks for your reply.

I checked some of the attributes you mentioned

1) I Checked the AD server name, it is exactly the same as the RFC connection name.

2) I don't have anything in group parameters ( under Maintain Mapping for Actions and Connector Groups)

3) I have attached the screenshot for Logical port which should be exactly same with AD server name.

4) For Mapping please check the attached screenshot I guess everything is in uppercase.

Do attributes also needs to be in Uppercase??

5) Please let me know the correct steps where AD is declared in PROV and AUTH mapping.

I just want to correct me here if I did something wrong.

former_member72743
Explorer
‎11-19-2013 10:24 AM
0 Kudos

3/I thought to following customizing point

  • check in Common Component Settings/Integration Framework/Maintain Connectors and Connection Types/Define Connectors

4/On my side, everything is in uppercase

5/Assign connectors in the AD connector type

  • common Component Settings/Integration Framework/Maintain Connection Settings/Scenario-Connector Link
former_member399658
Participant
‎11-19-2013 11:50 AM
0 Kudos

3)  This setting has been done already (Check in Common Component Settings/Integration Framework/Maintain Connectors and Connection Types/Define Connectors)

4) Attribute section in Mapping is coming in lowercase from active directory do we need to change these settings in active directory also  ( I am not an Active directory expert so no idea)

5)  These settings are done already (Common Component Settings/Integration Framework/Maintain Connection Settings/Scenario-Connector Link) but there is another drop down --> Maintain file path for logical connection do I need to add these settings as well? Please check the below screenshot.

Regards,

Abhishek

former_member72743
Explorer
‎11-19-2013 2:38 PM
0 Kudos

3/ Try with uppercase.

5/ No

Also:

  • in  Maintain Connectors and Connection Types assign SOD-LOG to your AD group
  • in Maintain Mapping for Actions and Connector Groups
    • did you mapped the AC fields to your AD fields? Assign group field mapping
    • did you mapped AD parameters?Assign group field mapping. check with
      GROUPMEMBERmember
      Roles:OCgroup
      User:OCperson

Julien

kevin_tucholke1
Contributor
‎11-12-2013 4:02 PM
0 Kudos

Abhisshek:

Are you trying to create SU01 users in GRC or only secure the data for the requests?  If it is the latter, then you do not need to run the transaction you show above?  Please advise what your intentions are.

if you are just looking for the Data to be filled in on the request screens, you need to MAP the fields from LDAP to GRC to AC, then set your LDAP Connector as the user details source as noted below by Prashant below.  This is configured in the Access Control IMG.

Thanks,

Kevin Tucholke

Show replies
Show replies
former_member399658
Participant
‎11-13-2013 8:59 AM
0 Kudos

Dear Kevin,

I am trying to create users and give authorization with access request. The LDAP Connector has already been selected as the user details source in SPRO. (Correct me the step I thing could be wrong)

My LDAP connection is working and mapping has been done in GRC. The users created in active directory are also coming in new screen with user details  when I go to transaction LDAP -> FIND -> Base entry  and Filter but when I try to create access request userid (KAGED) or users first name and last name do not come in Access request 10 please check the screenshots below.

kevin_tucholke1
Contributor
‎11-13-2013 3:31 PM
0 Kudos

Are the fields mapped in the Mapping section under LDAP Server in Transaction LDAP?

You do not need to run the RSLDAPSYNC_USER program just to get the data to populate user data for requst itesm (i.e. First/Last Name, Manager, ...).

Your screen shot shows you are looking for a user ID.  This would then also request that your LDAP connector is set up as the User Search Source as well.

Hope this helps.

Kevin

former_member193066
Active Contributor
‎11-12-2013 7:17 AM
0 Kudos

Make user search data source at LDAP.

Regards,

Prasant

Show replies
Show replies
former_member399658
Participant
‎11-12-2013 7:42 AM
0 Kudos

HI Prashant,

Please tell me how? I know about 2051 parameter and I also said YES there.

with description Enable User ID Validation in Access Request against Search Data Sources.

When I do connection test with LDAP server I get below error

Can Someone who is an LDAP expert can confirm that LDAP connection is not set properly.

Regards,

Abhishek

former_member193066
Active Contributor
‎11-13-2013 3:43 PM
0 Kudos

IN SPRO>IMg GRC ,Maintaindata source .. main LDAP ID as data source .

Regards,

Prasant

former_member399658
Participant
‎11-14-2013 5:54 AM
0 Kudos

Dear Kevin, Prashant,

I did that already. SPRO>IMg GRC ,Maintaindata source .. main LDAP ID as data source.

The mapping is also done with transaction code LDAPMAP

Regards,

Abhishek

Ask a Question