cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

LDAP Authentication Issues

Former Member

on ‎03-18-2014 11:53 AM

0 Kudos

Currently we had integrated GRC10 (SP13) with LDAP (AD) as per the SAP Note 1584110 - GRC Access Controls 10 - How to configure LDAP connectors. We are able to establist connection and pull users using the report RSLDAPSYNC_USER.

When the end users are trying to login using browser using the LDAP Password they are getting error message.

Cannot unbind LDAP system 

Cannot perform read operation on LDAP system 

Cannot connect to LDAP system

Kindly let me know if I have missed any steps.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (4)

Answers (4)

pawan_amarnani
Participant
‎05-27-2015 11:41 AM
0 Kudos

Hi,

I am facing the same issue.

at end user log on screen , it given the error "can not connect to LDAP system" when I am giving correct ldap user and password.

Please help.

Regards,

Pavan

Show replies
Show replies
mamoonr
Active Participant
‎03-19-2014 7:02 AM
0 Kudos

Show replies
Show replies
former_member193066
Active Contributor
‎03-19-2014 7:22 AM
0 Kudos

SP13 ..

do 1 things..i had issue duing my go live..

in SICF you have maintained guest user.

give in full access.

this will be fine.

Regards,

Prasant

mamoonr
Active Participant
‎03-19-2014 7:29 AM
0 Kudos

Thank you Prasant....It worked.SAP_ALL was for guest user in DEV and QA but we were hesitant to give in PROD. It does solve the issue by giving SAP_ALL.

But SAP_ALL should not be recommended in PROD environment .DO you have any idea of specific authorization for this access?

Thanks,

Mamoon

Colleen
Advisor
Advisor
‎03-19-2014 7:42 AM
0 Kudos

have a look at S_LDAP, S_ICF and S_RFC authorisations

possibly run trace or check ST22 logs for error to get specific value.

mamoonr
Active Participant
‎03-19-2014 7:45 AM
0 Kudos

Thanks Cooleen... Will check and update all.


former_member193066
Active Contributor
‎03-19-2014 7:53 AM
0 Kudos

yes, RFC auth and LDAP auth fixes it.

forgot note number its there in 1 of old notes .

Regards,

Prasant

Former Member
‎03-19-2014 12:24 PM
0 Kudos

Still facing the issue. Maintained the guest user with SAP_ALL, SAP_NEW.

`Kindly confirm if i need to enter the IP address of LDAP in host file.

Colleen
Advisor
Advisor
‎03-19-2014 10:09 PM
0 Kudos

Hi Vinayak

Can you please compare your transaction LDAP configuration between DEV and PRD to see if there is a slight difference

Also, there is a program that should run to keep the connection open (ask your Basis person) - I can't remember what my counterpart did but they executed a program to keep the LDAP connection open

I noticed there's KB article to checking LDAP binding - it might help you to troubleshoot the issue

1978357 - User Search from LDAP: Checking if LDAP Authentication and Binding is successful

Regards

Colleen

former_member193066
Active Contributor
‎03-20-2014 6:39 AM
0 Kudos

check your base entry.

download ldap .exe tool.

then connecto to LDAP system using it.. then bind it

view tree , and check for user location ..

you will get complete base entry.

you should be fine then

mamoonr
Active Participant
‎03-19-2014 6:58 AM
0 Kudos

Hi Vinayak,

Please let me know if you are able to resolve the issue.As my production system is also throwing same error.

Thanks,

Mamoon

Show replies
Show replies
mamoonr
Active Participant
‎03-18-2014 12:48 PM
0 Kudos

Hi Vinayak,

Please run connection test for LDAP connectors in Sm59 .It may be connection is lost .

Thanks,

Mamoon

Show replies
Show replies
Former Member
‎03-18-2014 12:53 PM
0 Kudos

Hi Mamoom,

We have already established connection and SM59 is successful still the users are not able to login

Regards

Vinayak

former_member184114
Active Contributor
‎03-18-2014 1:20 PM
0 Kudos

Vinayaka,

May I know if you are able to search LDAP users from LDAP tcode?

Please follow this note#1604946 - End User Authentication failing for LDAP System

Regards,

Faisal

Colleen
Advisor
Advisor
‎03-19-2014 7:06 AM
0 Kudos

Hi Vinayak

Have you gone to transaction LDAP and tried to complete a search?

Regards

Colleen

mamoonr
Active Participant
‎03-19-2014 7:13 AM
0 Kudos

Hi Colleen,

May be its silly, but please let me know how to complete a search in LDAP transaction?

I have the same error in Production but Dev and QA are working fine.

Thanks,

Mamoon

Ask a Question