cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

IDM HCM Delta Mechanism (VDS)

Former Member

on ‎06-12-2015 9:28 AM

0 Kudos

Dear

I modify an entry (first name for example) in PA30 and I can see an entry is made in table: HRLDAP_PERNR

After that I am trying to do a delta run with the program:

RPLDAP_EXTRACT_IDM (delta option enabled!!!)

I am getting the following error: ( using program SPLDAP_DISPLAY_LOG_TABLES)

LDAP_CREATE failed

Entry already exists.

In the VDS I have configured the DB and enabled the additional parameter:

VALIDATE_MODIFY = TRUE

FIXVALIDFROM = TRUE

Kind regards

Lucas

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

Former Member
‎06-15-2015 12:25 PM
0 Kudos

I don't understand, I did a standard VDS setup and it's not working, is there any good documentation on how to setup HCM -> VDS -> IDM?

Is it possible there is a bug with IDM 8.0?

Show replies
Show replies
former_member222441
Explorer
‎06-15-2015 12:52 PM
0 Kudos

The scope is in most cases 2, if you have created the master identity store before the staging area.

In the developer studio (or identity center) you will find the number of the scope in the properties of your staging area. It should be the ID with a value like "2/HCM_Staging_Area" (I'm not sure for 8.0).

The above mentioned SQL statements show the scope under row IS_ID.

Under the IdM 7.2 documentation you will find the docu. This should be compatible to 8.0. You can also check, if the RDS package for IdM is usefull for your landscape. There is a Blog Post how to use RDS with IdM 8.0.

Regards,

Andi

jaisuryan
Active Contributor
‎06-15-2015 12:58 PM
0 Kudos

Hi Lucas,

Yes, probably you can get it raised to SAP and check.

Check with them if below notes are applicable for you...

2121940 - LDAP search on VDS for character # not working

2090457 - VDS search function is case sensitive

Kind regards,

Jai

former_member222441
Explorer
‎06-12-2015 5:01 PM
0 Kudos

Hi Lucas

sometimes the error messages on ABAP are confusing. You can check the operation log within VDS and hopefully get some more informations.

Show replies
Show replies
Former Member
‎06-15-2015 7:26 AM
0 Kudos

VDS Error:

Can not add entry to MIC:java.lang.Exception: Could not get or create CB1CLNT800 00100096 node: ERROR:Entry already exists)

That message is correct, the entry already exists. But I don't want to create it, I want to update it (delta). With this particular record I changed the first and last name in PA30.

Kind regards

Lucas

jaisuryan
Active Contributor
‎06-15-2015 7:38 AM
0 Kudos

Hi Lucas,

Did you activate RPAD00INFTY and HRPAD00INFTYDB BAdIs in your HCM system?

Kind regards,

Jai

former_member222441
Explorer
‎06-15-2015 8:44 AM
0 Kudos

How HR LDAP Export works:

1. HR makes an LDAP SEARCH for the object in VDS

2. if VDS returns a result, HR makes a MODIFY on the object

   if not HR makes an ADD operation

You can check this in the audit log in your VDS. If in your case HR only makes one ADD operation and throws the error, most probably you have in your HR_EXPORT Report the option "optimized for LDAP initial load" selected, i.e. the report only makes an ADD operation.

Another reason can be that the SEARCH operation failed, so the HR report decides to create the object. The result for the SEARCH operation you find in the audit log.

Regards,

Andreas 

Former Member
‎06-15-2015 8:45 AM
0 Kudos

Hi Jai

Is there any guide on the HCM config for IDM / VDS configuration.

I activated RPAD00INFTY but I don't have the expertise to know if HRPAD00INFTYDB is activated.

Thank you !

Kr,

Lucas

former_member222441
Explorer
‎06-15-2015 8:53 AM
0 Kudos

Hi Lucas,
you found the personnel number in the table HRLDAP_PERNR. So the needed BAdI is activated.

Here is some information:

Retrieval of Employee-Related Data by SAP ERP HCM - User Management and Distribution with SAP NetWea...

Former Member
‎06-15-2015 8:55 AM
0 Kudos

Dear Andreas

Thanks !

UserName:hruser_|_ClientIP:10.32.22.127_|_UserGroup:Authenticated_|_StartingPoint:o=idstore_|_OperationType:SEARCH_|_OperationSubType:sub_|_Filter:(&(OBJECTCLASS=sapIdentity)(CN=CB1CLNT800 00100096))_|_RequestedAttributes:objectclass_|_ReturnedEntries:0_|_Fetched from cache: false_|_ResultCode:0_|_ResultMessage:(Identity Store 7.2 1700:0:OK)_|_Operation duration (ms):11_|_System load (engines):1

It's the second reason, my SEARCH isn't returning any value.

Do you have any idea what could be causing this? If I use the LDAP browser within VDS I can see the actual record showing up...

Kr,

Lucas

former_member222441
Explorer
‎06-15-2015 10:07 AM
0 Kudos

first try the same SEARCH operation with your LDAP Browser (you can do this more comfortable with a Tool like LDAPBrowser or even with transaction LDAP in your HR System):(&(OBJECTCLASS=sapIdentity)(CN=CB1CLNT800 00100096))

Try this statement on your DB server:
SELECT * FROM idmv_value_basic where attrname='MSKEYVALUE' and searchvalue='CB1CLNT800 00100096'


If you dont get a result, try this (in this case a conversion happened while the object is created but not on a SEARCH operation):

SELECT * FROM idmv_value_basic where attrname='MSKEYVALUE' and searchvalue like ='%00100096%'


Check the config of the staging area Data source in VDS. It should look like:

Check on the VDS root node, if there are Pre- or Post- processing methods for the SEARCH operation are selected but not for the ADD operation or vice versa.

Regards,

Andi

Former Member
‎06-15-2015 10:42 AM
0 Kudos

Thanks 🙂

Both select statements return a record.

VDS settings are like in your screenshot.

Kr

Lucas

former_member222441
Explorer
‎06-15-2015 11:17 AM
0 Kudos

In VDS Config do the following:

  1. set the LOG LEVEL of the Operation Log to ALL
  2. Start and Stop the service
  3. open the Operation Log
  4. clear the log
  5. deselect the auto-refreh
  6. start the single export of the HR Extract report (better send the same SEARCH operation by an LDAPBrowser software)
  7. Refresh the Operation log

Now, you hopefully get some more information about the failure of the search result. For sure you get the translation to the according SQL statement.

Regards,

Andi

Former Member
‎06-15-2015 11:53 AM
0 Kudos

In the VDS config, what should the database scope be?

lambert-giese
Active Participant
‎06-12-2015 10:52 AM
0 Kudos

Hi Lucas,

maybe you have the "Optimize for LDAP Initial Run" flag in RPLDAP_EXTRACT_IDM set, although this is not your initial run?

Best regards,

Lambert

Show replies
Show replies
Former Member
‎06-12-2015 12:36 PM
0 Kudos

Dear Lambert

No it's not enabled.

Kind regards

Lucas

Ask a Question