on 03-21-2007 11:07 AM
We're setting up an integrated authentication between the ECC 6.0 and the LDAP server, in our case the Microsoft Active Directory. We have some users that can't use WebGui because some features, that only run in the SapGui. We have already configured UME in the Sap Portal accessing directly the ADS server, and Sap Logon Ticket from Portal to ECC. Everything is ok to access the WebGui and SapGui by the Portal with the Sap Logon Ticket. However it demands that all users make the authentication previously in the Sap Portal. Is there another scenario only with SAP tools, for example using Sap Logon directly to the Active Directory. Obs.: Our entire sap servers are UNIX.
With standard SAP solutions isn't possible authenticate the stack abap, when installed in a unix serve directly in the Active Directory Windows server.
Then our go live was in january, you setup the SAP EP to read directly the informations of LDAP, setup the SAP logon ticket, and the sincronization beetwen CUA (SOLMAN, PI, BI, ECC, APO) and LDAP (unhapelly without password).
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
were note <a href="https://service.sap.com/sap/support/notes/735639">735639</a> helpful for you
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
Did you go with the LDAP Support in the Installation Master after your ECC normal Installation.
Additional Software Life Cycle Tasks --> Application Server --> Oracle --> LDAP Support.
I guess this would Provide Authentication for the ABAP Users from the LDAP.
Award Points if helpful
Thanks,
Tanuj
I saw the SAP ERP 2005 SR2 ABAP+Java on HP-UX : Oracle Instalation Guide and the Master Guide Support Release 2 mySAP ERP 2005 NetWeaver 2004s Using SAP® ECC 6.0.
Both of them don't have a clear explanation how to configure (if is possible) a ECC in Unix platform to perform the user authentication in a LDAP Directory (Microsoft Active Directory).
I'm very anxious for talking with anyone with experience in this subject.
> Hi
>
> Launch the SAPINST screen of the Installation
> Master.
>
> Go thru the following
>
> Additional Software Life Cycle Tasks --> Application
> Server --> Oracle --> LDAP Support.
>
> I guess this would Provide Authentication for the
> ABAP Users from the LDAP.
>
> Did you try this option.
>
> Thanks,
> Tanuj
why to post double even without understanding what should be achieved and how it could be achieved??????????????????
solution proposed by you will set the flag to register SAP instances in LDAP (but not the users) that you can later use them in SAP MMC or SAPGUI, but definitely it will not map LDAP users to SAP users.
Hi
Sorry for that. Any way , I did not tell that it would solve the problem for sure.
Can you please suggest a solution for that.
188371 Configuring the LDAP Connector
793191 FAQ: User master synchronization with LDAP directories
512230 Notes for using the LDAP transaction
The RSLDAPSYNC_USER report as mentioned in 793191 will syncronize the LDAP users to the SAP Users.
As far as i know , It doesnot provide runtime authentication to LDAP as it is for JAVA (Portal Users).
Thanks,
Tanuj
I had already read all these notes.
In the last week, I tried to configure the UME in our PI/XI environment to access the LDAP. As the result, the ABAP stack was perform the authentication perfectly above the LDAP. However I had some problems with the Java stack and I comeback the back. I will try it, in the next week again.
It's what I'd like to ECC environment. Anyone has already configured the UME in an ECC? Install a basic Java stack without all Java components only the UME in order to make this integration. If its possible Ill very appreciate any documentation.
Other problem is the limitation of datasource in the UME, I didn't remember exactly but I guess that is only 5 (Authorization in the ECC, BI, SolMan, PI, APO, CRM, LDAP, Portal, etc). If it's possible I'll group the environments in different UME managers. Forget this paragraph lets focus in the integrated authentication in this thread after that authorization.
User | Count |
---|---|
95 | |
11 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.