cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How can I configure ECC6.0 to use LDAP (Active Directory) password

Former Member

on ‎03-21-2007 11:07 AM

0 Kudos

We're setting up an integrated authentication between the ECC 6.0 and the LDAP server, in our case the Microsoft Active Directory. We have some users that can't use WebGui because some features, that only run in the SapGui. We have already configured UME in the Sap Portal accessing directly the ADS server, and Sap Logon Ticket from Portal to ECC. Everything is ok to access the WebGui and SapGui by the Portal with the Sap Logon Ticket. However it demands that all users make the authentication previously in the Sap Portal. Is there another scenario only with SAP tools, for example using Sap Logon directly to the Active Directory. Obs.: Our entire sap servers are UNIX.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎03-19-2008 6:30 PM
0 Kudos

With standard SAP solutions isn't possible authenticate the stack abap, when installed in a unix serve directly in the Active Directory Windows server.

Then our go live was in january, you setup the SAP EP to read directly the informations of LDAP, setup the SAP logon ticket, and the sincronization beetwen CUA (SOLMAN, PI, BI, ECC, APO) and LDAP (unhapelly without password).

Show replies
Show replies
former_member433984
Active Contributor
‎07-31-2007 9:28 AM
0 Kudos

were note <a href="https://service.sap.com/sap/support/notes/735639">735639</a> helpful for you

Show replies
Show replies
Former Member
‎07-31-2007 2:02 PM
0 Kudos

Unhappily I had already seen this note and many others about spnego. My question is about a standard solution without SSO web server proxies, IIS, Sap Porta, etc. Directly process the authentication in a LDAP server by the stack ABAP.

Former Member
‎08-01-2007 2:11 AM
0 Kudos

Hi,

Did you go with the LDAP Support in the Installation Master after your ECC normal Installation.

Additional Software Life Cycle Tasks --> Application Server --> Oracle --> LDAP Support.

I guess this would Provide Authentication for the ABAP Users from the LDAP.

Award Points if helpful

Thanks,

Tanuj

Former Member
‎08-02-2007 5:49 PM
0 Kudos

I saw the SAP ERP 2005 SR2 ABAP+Java on HP-UX : Oracle Instalation Guide and the Master Guide – Support Release 2 mySAP™ ERP 2005 NetWeaver™ 2004s Using SAP® ECC 6.0.

Both of them don't have a clear explanation how to configure (if is possible) a ECC in Unix platform to perform the user authentication in a LDAP Directory (Microsoft Active Directory).

I'm very anxious for talking with anyone with experience in this subject.

Former Member
‎08-02-2007 9:14 PM
0 Kudos

Hi

Launch the SAPINST screen of the Installation Master.

Go thru the following

Additional Software Life Cycle Tasks --> Application Server --> Oracle --> LDAP Support.

I guess this would Provide Authentication for the ABAP Users from the LDAP.

Did you try this option.

Thanks,

Tanuj

former_member433984
Active Contributor
‎08-03-2007 7:37 AM
0 Kudos

> Hi

>

> Launch the SAPINST screen of the Installation

> Master.

>

> Go thru the following

>

> Additional Software Life Cycle Tasks --> Application

> Server --> Oracle --> LDAP Support.

>

> I guess this would Provide Authentication for the

> ABAP Users from the LDAP.

>

> Did you try this option.

>

> Thanks,

> Tanuj

why to post double even without understanding what should be achieved and how it could be achieved??????????????????

solution proposed by you will set the flag to register SAP instances in LDAP (but not the users) that you can later use them in SAP MMC or SAPGUI, but definitely it will not map LDAP users to SAP users.

Former Member
‎08-03-2007 6:04 PM
0 Kudos

Hi

Sorry for that. Any way , I did not tell that it would solve the problem for sure.

Can you please suggest a solution for that.

188371 Configuring the LDAP Connector

793191 FAQ: User master synchronization with LDAP directories

512230 Notes for using the LDAP transaction

The RSLDAPSYNC_USER report as mentioned in 793191 will syncronize the LDAP users to the SAP Users.

As far as i know , It doesnot provide runtime authentication to LDAP as it is for JAVA (Portal Users).

Thanks,

Tanuj

Former Member
‎08-06-2007 6:56 PM
0 Kudos

I had already read all these notes.

In the last week, I tried to configure the UME in our PI/XI environment to access the LDAP. As the result, the ABAP stack was perform the authentication perfectly above the LDAP. However I had some problems with the Java stack and I comeback the back. I will try it, in the next week again.

It's what I'd like to ECC environment. Anyone has already configured the UME in an ECC? Install a basic Java stack without all Java components only the UME in order to make this integration. If it’s possible I’ll very appreciate any documentation.

Other problem is the limitation of datasource in the UME, I didn't remember exactly but I guess that is only 5 (Authorization in the ECC, BI, SolMan, PI, APO, CRM, LDAP, Portal, etc). If it's possible I'll group the environments in different UME managers. Forget this paragraph lets focus in the integrated authentication in this thread after that authorization.

Ask a Question