Hi David,

Thanks for the reply, but I'm actually using the mapping proposal that is provided for Active Directory. And then chosen the relevant fields that I would like to import.

Could the case sensitive problem still be the issue?

When I use the find function in tcode LDAP, with the same case for an attribute name as in my mapping, I'm still able to read the data.

Thanks again

Sujeet

I think I know what you're problem may be.. There is a hard limit or 1000 results for a LDAP search against active directory. And I think you're hitting this limit. One way to test is to narrow your search to one small OU with only 10 users in the OU.

This setting can be changed at the controller and is called "MaxValRange". here's a link to more info <a href="http://support.microsoft.com/kb/315071">http://support.microsoft.com/kb/315071</a>

Before you make this change on your domain controller I'd try narrowing the search to a single OU first.

Sounds like your settings in RSLDAPSYNC_USER need to be changed. I'd check and make sure the settings in "objects that exist both in the directory and the database" is set to "compare time stamp"

Dave,

Thanks again for the reply, I have managed to sort things out - a combination of error in the case that I was using and an error in the mapping.

I have one other issue, I would like to map to an OU of disabled users, then lock these users on the SAP databse. Do you perhaps know of a way that I could achieve this? RSLDAPSYNC_USER doesn't seem to provide me with the option.

Thanks

Sujeet

when we wanted to sync a property that didn't exist in Active Directory we used the 'notes' field in AD. What I'd try to do is find out what 'disabled' maps to in SAP and enter that value in the notes field. As an example lets say SAP mapping is 'SAPid_disabled=1' so you'd just enter a '1' in the notes field and sync that. I'm not sure this will work but I don't see why you can't do something like this.