cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Purpose/Importance of Users Synchronization from LDAP???

Go to solution
former_member184114
Active Contributor

on ‎04-21-2016 9:04 AM

0 Kudos

Dears,

This might be a basic question for all of you. However, I think I have some gap in my understanding, therefore seeking your help.

Access Request:

------------------------------

We use parameter 2050 (from 'Performance' category) to make 'realtime' search enable/disable.Even I have used this several times. And it did give the desired result. As a result, searched the users 'online' within AD and fetched the user details appropriately. This served the purpose.

PSS:

--------------------

Does above parameter (2050) have any impact on PSS too? When a user accesses EULP to change his password, he will have to enter his AD User ID and Password.I would like to understand how this verification is done? I guess, this application uses the 'system' user defined LDAP Tcode (correct me, if required).

Another parameter we use:LDAP_END_USER_AUTH_SUFFIX for LDAP connector with value '@yourdomain,com' for both actions: 3&4). I am a bit confused between these 2, as which actually is responsible.

The real Problem:

------------------------------

Above configuration is working fine with me with one problem. When a user tries to reset the password, PSS cannot send the email to the end user. The error message is: " Password reset failed: no valid Email-id maintained for user id". This means that PSS is not getting the email id online and it is trying to fetch the details from GRACUSER table for LDAP Connector. For me, this table is empty for this connector for some technical problem (I am still investigating it)

Is users synchronization from LDAP is used ONLY for this purpose? When ARM can fetch the details from LDAP online, why cant PSS?

Please share your views on this.

Regards,

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

plaban_sahoo6
Contributor
‎04-21-2016 12:04 PM
0 Kudos

HI,

parameter 2050 is simple gives you user search result from LDAP. This feature is used when a user tries to search other ids, in Access requests. this parameter is limited to requests , i.e PSS does not fetch email, by this parameter.

While using EUL, Password is reset for the user id, that logs in. Email id is fetched from/for the system, chosen for reset. i do not think email data is not fetched from GRACUSER. Could you put a trace ST05, to confirm this.

Regards

Plaban

Show replies
Show replies
former_member184114
Active Contributor
‎04-21-2016 3:34 PM
0 Kudos

Plaban,

Thanks for your reply.

What I did is, I have now maintained one of the SAP systems as 'user details' system (earlier, there was only LDAP). This worked and an email was sent to the user.

This signifies that, the user detail (email id) is fetched from SAP system. In neither ARM nor PSS the users synchronization from LDAP is used (meaning GRACUSER table).

May you share your view on what is the main purpose of this table or any other tables storing the users data?

Regards,

Answers (1)

Answers (1)

Former Member
‎04-21-2016 1:56 PM
0 Kudos

Hello Faisal,

Did you set the LDAP connector as 1st search data source and also 1st detail data source?

You might check note 2303443 - How user details are synched in GRACUSER table based on "User Detail Data Source" connecto...

Best Regards,

Zoltan

Show replies
Show replies
Ask a Question