cancel
Showing results for 
Search instead for 
Did you mean: 

R/3 users Authntication to LDAP?

Former Member
0 Kudos

Hello,

I have configured the LDAP Conenctor using Tx LDAP from R/3 4.7 running on AIX Server to MS-ADS LDAP Server.

After making all the settigns i have run the report RSLDAPSYNC_USER for synchronizing the users between R/3 amd LDAP.

Then the Users available in LDAP are getting Updated and Created in R/3, but the users in R/3 are not getting created. Its giving the LDAP_CREATE Failed, Restriction Violated For this I have posted in the previous thread.

I want to know some of my assumptions are correct / wrong.

1. If we do all these settings, when the User try to login he will be authenticated to LDAP?

2. In MS-ADS the password length is more than 8 char we can have, but in SAP its 8 char, do we need to increase this field length.

3. Or if the user changes the password in MS-ADS, do we need to run the synchronization again.

4. We are assuming that if the LDAP configuration is finished then the users are not required to maintain or change their passwords in R/3 instead they can use the MS-ADS password and changes also in MS-ADS. Is this assumption right?

Please Sugegst me.

I am still investigating for the sync from R/3 to LDAP.

The User available in LDAP is created in R/3 but there is no password allocated for him. Do i need to mention the password attribute also in the mapping, if so can any one please let me know the attribute and corresponding filed of R/3.

Thanks & Regards

Sumanth

sumanththunga@yahoo.com

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
0 Kudos

Hi Suman,

I am even unable to connect to MS AD server. I know you did this long time back. But can you tell me how did you do this like any document or configuration steps. I am able to connect ldap server in non ssl mode but unable to run RSLDAPSYNC_USER program. I am getting errors there. My AD server is configured in suca way that it only accepts data through SSL and valid CA certificates. We configured our SAP system in SSL mode. But i am getting the error saying 'ldap server is not active'. I opened an oSS ticket on this. They login to my system and they are also uanle to find the cause. Please let me know if you have any idea or any document on this.

I would be greatly appreciated if you can reply to my personal email.

Venkata Battula

bvrkreddy@yahoo.com

Former Member
0 Kudos

Hi Venkat,

Look into the following link. It may be helpful to you.

http://help.sap.com/saphelp_nw04/helpdata/en/06/371640b7b6dd5fe10000000a155106/frameset.htm

regards

anand.M

Former Member
0 Kudos

Hi,

After some changes in mapping, now the users in both sides are getting created.

The only clinch is on the Password and the Activation of Users in Directory Server.

Can some once please clear my assumptions.

Thanks & Regards

Sumanth

Former Member
0 Kudos

HI Thunga/Craig:

We are also struck at this stage using ldap synch. Password is not synching up from LDAP to R/3 as password is encrypted in ldap. So, is there any way we

can just authenticate userid and password from ldap

and not storing the password in R/3. We want this to

work with normal sapgui and NOT with webgui.

Thanks

Former Member
0 Kudos

Hi Prakas,

I Logged the OSS Message for Checking the Issues of Authentication to LDAP from SAP R/3.

Please find the Below Clarifications and SAP Replies along with the SAP Notes.

Questions Posted in OSS Message:

We need to get confirmation that, is this LDAP is for Authenticating like EP or only for Having the Sync Data between both systems?

Secondly when the Users are getting created in Active Directory, they are in Deactivate Mode, To make it automatically aactive do we need to set any settings in R/3 or Directory, for this we searched the Notes and Documentation, but could not succeeded.

Please Suggest. Our main concern is can we achieve the Authentication From LDAP as like in EP -> LDAP in this R/3 or not? The Users are expecting to do authentication, instead to maintain the passwords at different

places.

Replies from SAP

- login in this manner is not possible, see note 603208

- syncing the password is also not possible.

- in general, please read note 448360 about features provided in the

LDAP area.

0000448360 Requests in the LDAP environment (directory integration)

0000603208 Passwords during the LDAP user master synchronization

But, I think we can achieve Authentication in Another Way, NTLM Authentication, For this You Need to Do SAP GUI Client Maintenance Also.

I am in Collection of More DEtails in this Area. Once I get all info and procedure i will update you.

Regards

Sumanth