on 04-11-2016 11:59 PM
I am working on a project right now where we are linking Active Directory to GRC AC 10.1. The connection is working, but when using the search function in the Access Request form, all the info, including computer objects/server info is being pulled along with user info.
Is there a way I can make the default filter just pull user info from Active Directory and not the all the other info? I tried changing the filter in the LDAP Find in Directory screen (screenshot below) to "(&(objectclass=user))", but it does not save.
Any recommendations on what needs to be done for me to have only user info pulled.
Hello Stephanie,
Please follow LDAP guide in SAP Note 1584110. In SPRO maintain the group parameter mapping for PROV and AUTH actions for the LDAP connector group. Here you can set objectclass as user by mapping 'User:OC' to 'user' or any other objectclass which suits your landscape.
Best Regards,
Zoltan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Stephanie,
To search for users only in access request, map 'User:OC' to 'user' in group parameter mapping and assign a custom objectclass attribute to the LDAP connector, as attribute name 'OBJECTCLASS1' with attribute value '(OBJECTCATEGORY=PERSON)'. See also KBA note 2312009.
Best Regards,
Zoltan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.