Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Update AD data from ECC

Former Member

‎08-01-2014 3:25 PM

0 Kudos


Hi Experts,

We have a requirement where client wants SAP ECC system ( ECC 6.0 EHP7 ) to be the master. Whenever a new hiring happen, user account will be created first in ECC and this should get updated in MS AD from ECC. All user creation, update and deactivation in AD should go via ECC.

We checked for LDAP connector but not sure whether it will fulfill our requirement and is a recommended approach.

Is there any other way like web service etc. to achieve this.

Request any pointers on the same.

Thanks in advance

- Swarnaprakash

3 REPLIES 3

mvoros
Active Contributor

‎08-02-2014 3:30 AM

0 Kudos

Hi,

an interesting approach. Usually, an ECC system does not need to have all users. Anyway, LDAP connector is what you are looking for. SAP uses it to export personal records into LDAP server for one of the IdM scenarios. You can have a look there for an inspiration. The LDAP server in that case is not AD so you might need to do some additional mapping. The program used by IdM scenario should be RPLDAP_EXTRACT_IDM.

I would also suggest to think if having a dedicated system for user provisioning (e.g. SAP IdM) isn't a better idea for future than implementing a custom solution in ECC.

Cheers

Former Member
In response to mvoros

‎08-07-2014 3:33 PM

0 Kudos

Hi Martin,

Thanks for the info. IDM is a better approach but due to some reasons we cannot implement IDM at this point of time, so we need an approach where ECC can directly update AD.

I did some check on LDAP connector and have few qs:

1) Since AD is not source to ECC, where and what details related to AD server we will need to add. What kind of user mapping is required?

2) Will this solution do both creation as well as update of user data in AD?

3) Any limitations/cons of using this approach?

Request your inputs on above.

Thanks

mvoros
Active Contributor
In response to mvoros

‎08-08-2014 12:15 AM

0 Kudos

Hi,

I think you misunderstood how IdM solution scenario works. The source of users in personal record in SAP HR. It pushes these records to LDAP server and IdM reads these users from there. So this demonstrates that it's possible to take data from ECC system and export them as records in LDAP. Obviously, it can create/change records.

Regarding limitations/cons. First thing is that you have to build this from scratch. I can't see how you could easily re-use program used by IdM scenario. You can use it as template how to export data to LDAP. There also might be some limitations when exporting to Microsoft AD. IdM scenario uses SAP LDAP server. I don't know, I have never implemented export to AD.

Cheers