cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

PSS: Entries in table GRACUSERCONN???

former_member184114
Active Contributor

on ‎02-17-2014 6:56 AM

0 Kudos

Hi All,

If we see this table name, it implies that this table should contain the users synchronized from respective connectors defined. For example, if we synchronized users for connector PRDCLNTXXX, this will pull all the users from the system this connector is pointing to.

Now like wise,  if connector is LDAP, then this will pull all the users from LDAP system.

What I noticed that, in one of our systems, synchronization is successfully done for LDAP system. When I checked the entries for table GRACUSERCONN for LDAP connector, I dont see any entries at all!

But when a user tries to log on and uses PSS, this seems to authenticate user appropriately.

My understanding is that, whoever is available in GRACUSERCONN will be allowed to access PSS via end user logon page. But in this case, I dont see any users in this table for this connector but this seems to be working fine!

Can anybody tell me what exactly is happening? If this table is empty for this LDAP connector, then how this is authenticating the user?

Please share your thoughts on this.

Regards,

Faisal

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Colleen
Advisor
Advisor
‎02-17-2014 7:27 AM
0 Kudos

Hi Faisal

Are the LDAP users appearing in GRACUSER table instead?

Have a look at GRACUSER and GRACUSERCONN tables before and after running a sync for system to see what happens

Regards

Colleen

Show replies
Show replies
former_member184114
Active Contributor
‎02-17-2014 8:42 AM
0 Kudos

Colleen,

Thanks for your reply.

I have checked table GRACUSER for LDAP connector. Still it shown only 1 entry!

Although, I have synchronized for all user for LDAP connector and there are of course so many users in LDAP. I eventually see only 1 user?

Dont understand the connection and use of these table yet!

Regards,

Faisal

former_member306258
Explorer
‎02-17-2014 9:14 AM
0 Kudos

Hi Faisal,

Any error in SLG1 or any dumps after running the repo sync for ldap?

aNuar

former_member184114
Active Contributor
‎02-17-2014 9:24 AM
0 Kudos

Nope!

It seems to be successful!

former_member306258
Explorer
‎02-17-2014 9:42 AM
0 Kudos

Full sync or incremental? Is your ldap connection working (SM59 and LDAP )?

former_member184114
Active Contributor
‎02-17-2014 9:44 AM
0 Kudos

Dear,

It is both and LDAP connection in SM59.

Regards,

Faisal

former_member306258
Explorer
‎02-18-2014 1:03 AM
0 Kudos

Hi Faisal,

What I understands for PSS, user needs to exists in the SAP backend and repo sync for that particular connector must be completed. We encounter this a couple of months back where a user is unable to use PSS. We re-run repo sync for the SAP connector and once done, user able to use PSS.

I was referring to the LDAP transaction. In transaction LDAP, are you able to pull any samaccountname from the AD server? Either this or your mapping for LDAP might not be accurate. For example in the field name in AD does not match the ones in SAP (number of character restrictions for some field).

Thanks,

aNuar

former_member184114
Active Contributor
‎02-18-2014 4:43 AM
0 Kudos

Anuar,

Thanks for your reply.

In order to access PSS, a user need not be present in SAP systems, provided the authentication source is LDAP.

What you shared here is, I think, the authentication source is SAP system, therefore, if a user in not available in SAP system then he is not able to use PSS. The same is applicable to LDAP also. If a user is available in LDAP, he is allowed to use PSS, otherwise no.

I am able to search any user in LDAP tcode.

Regards,

Faisal

Colleen
Advisor
Advisor
‎02-19-2014 6:46 AM
0 Kudos

Hi Faisal

You might be at the stage where you either run ST05 trace on the sync job or debug it to see how it's working. You could also attempt the same for end user login with AD authentication

It will help check the tables and sequences, etc. I did that last year when I found the GRACUSER* tables and was trying to understand how they are used/troubleshoot issues.

Regards

Colleen

former_member184114
Active Contributor
‎02-19-2014 9:24 AM
0 Kudos

Colleen,

Yes, I am doing it now. Will post it's outcome.

Regards.

Faisal

Ask a Question