cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

LDAP Transaction\Report

former_member325332
Explorer

on ‎11-30-2015 1:44 PM

0 Kudos

Hello Friends,

I hope I'm posting in the right forum,

I would like to start the post by telling the fact that I'm new in BASIS profession.

I am interesting to give authorization roles to a user to make LDAP SYNC with active directory in background job.

I want to give him the exactly needed roles for that operation, without giving him "SAPALL" Profile.

what are the exactly authorization roles the user needs to success with the LDAP SYNC job?

Thanks in advance,

Ariel.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

former_member199290
Participant
‎11-30-2015 6:38 PM
0 Kudos

Hi Ariel:

For the LDAP User sync job you need to have the user setup on the AD side and not in SAP. So there is no need to assign any roles to the user on SAP side.

Please refer below notes for further information:

188371 - Configuring the LDAP Connector

793191 - FAQ: User master synchronization with LDAP directories

Hope this helps.

Thanks.

Show replies
Show replies
former_member325332
Explorer
‎12-01-2015 6:27 AM
0 Kudos

Thank Mandeep For The Replay,

My situation is kind different.

I'm creating the users in the Active Directory, and have a background job that running by an user that have 'SAPALL' profile in Solman (CUA.)

that user query the Acrive directory for users that are  'member of'  specific group and if they are,

it creates on SAP the new user by taking fields data from Active Directory.

so i guess that that user suppost to have permissions to create users in SAP and only read permissions on the Active Directory.

Thanks In Advance.

Ariel Wainberg.

former_member199290
Participant
‎12-02-2015 8:58 PM
0 Kudos

Hi Ariel:

No need to give SAP_ALL to a user that is required to only create users.

Yes a read authorization in AD and SU01 auth on SAP side should be enough.

Please go through this document for more details for a similar scenerio as yours that might give you better understanding.

http://santy.wdfiles.com/local--files/sap-pages/ECC_AD_LDAP.pdf

Thanks.

http://santy.wdfiles.com/local--files/sap-pages/ECC_AD_LDAP.pdf

Ask a Question