on 11-30-2015 1:44 PM
Hello Friends,
I hope I'm posting in the right forum,
I would like to start the post by telling the fact that I'm new in BASIS profession.
I am interesting to give authorization roles to a user to make LDAP SYNC with active directory in background job.
I want to give him the exactly needed roles for that operation, without giving him "SAPALL" Profile.
what are the exactly authorization roles the user needs to success with the LDAP SYNC job?
Thanks in advance,
Ariel.
Hi Ariel:
For the LDAP User sync job you need to have the user setup on the AD side and not in SAP. So there is no need to assign any roles to the user on SAP side.
Please refer below notes for further information:
188371 - Configuring the LDAP Connector
793191 - FAQ: User master synchronization with LDAP directories
Hope this helps.
Thanks.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thank Mandeep For The Replay,
My situation is kind different.
I'm creating the users in the Active Directory, and have a background job that running by an user that have 'SAPALL' profile in Solman (CUA.)
that user query the Acrive directory for users that are 'member of' specific group and if they are,
it creates on SAP the new user by taking fields data from Active Directory.
so i guess that that user suppost to have permissions to create users in SAP and only read permissions on the Active Directory.
Thanks In Advance.
Ariel Wainberg.
Hi Ariel:
No need to give SAP_ALL to a user that is required to only create users.
Yes a read authorization in AD and SU01 auth on SAP side should be enough.
Please go through this document for more details for a similar scenerio as yours that might give you better understanding.
http://santy.wdfiles.com/local--files/sap-pages/ECC_AD_LDAP.pdf
Thanks.
http://santy.wdfiles.com/local--files/sap-pages/ECC_AD_LDAP.pdf
User | Count |
---|---|
94 | |
11 | |
11 | |
10 | |
9 | |
8 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.