cancel
Showing results for 
Search instead for 
Did you mean: 

SAP GUI authentication through MSAD (LDAP)

former_member183953
Participant
0 Kudos

Hi,

How do i achieve user authentication on SAP Gui through MSAD (LDAP). Please note, i do not want Single Sign On (SSO). I want following:

1, User login to Windows 7/MAC desktop authenticated from Microsoft Active Directory account

2, User opens SAP Gui client and logs on to ECC instance once again using the user/ID password of corporate active directory.

I do not want SSO where user  clicks on sap gui connection and it automatically connects to instance without asking user credentials.

Please let me know how could i achieve this.

Thanks

Vik

Accepted Solutions (0)

Answers (2)

Answers (2)

0 Kudos

Hi Vikas


As Patrick mentioned, there is no native support built into the ABAP AS for LDAP authentication via SAPGUI.


As an option and If you have SAP Identity Management you could look at deploying the password hook, this provides an enterprise password of same password approach. Hence end users can enter their MSAD password to gain access to SAP via SAPGUI - it works well.


SAP Identity Management : Password Hook Configuration Guide

http://scn.sap.com/docs/DOC-17112

The SAP NetWeaver Identity Management Password Hook is a password hook DLL that can be installed on the Microsoft domain controller(s) in the password verification chain. The hook intercepts password changes in the Microsoft domain and distributes it to other applications using the SAP NetWeaver Identity Management Identity Center. 


Hope it helps.


Rgrds

Craig

Former Member
0 Kudos

Hi Vik,

SAP NetWeaver ABAP can only authenticate against an LDAP using some SSO mechanism. There is no native support built into the application server. Using SAP NetWeaver Single Sign-On, you can also configure the system to do an authentication using the LDAP server when starting the SAP-GUI connection, which to my understanding is what you want.

Kind regards,

Patrick

former_member183953
Participant
0 Kudos

Hi Patrick,

Yes I want to authenticate from LDAP, but want user to again insert user id/password in Gui connection. I don't want direct connection to sap gui, once user logs on into his desktop.

This is only to add additional security and also keep single password for desktop and SAP authentication.

Thanks

vik

Former Member
0 Kudos

Hi Vik,

as said, this is possible using the SAP Single Sign-On product, however there is no native support in SAP NW ABAP to do this. The only other option is the one mentioned by Craig, although in the end the users will have to still maintain to passwords and the password policies most likely will differ and you have two places to reset passwords.

Regards,

Patrick