on 06-08-2005 9:25 AM
Dear all,
we have several SAP production systems (and more to come)for different, partly overlapping, groups of end users. Currently we are providing one saplogon.ini file to all end-users, which contains simply all SAP systems we have here. But this is not desirable either from the point of unnecessary complexity as well as from a security point of view, as you publish all network addresses with the saplogon.ini file.
So we are currently looking for a solution, which provides only those SAP systems to a end-user, which he only needs.
Does anybody know, if there are any applications on the market, which can do this e.g. in connection with LDAP?
thanks in advance
Richard Schöninger, SAP basis
Hello,
Another idea is using several saplogon.ini file via help of windows enviroment variable SAPLOGON_INI_FILE.
Please take a look following sap note;
Note 1426178 - SAP Logon (Pad): create/distribute server configuration file
Note:
Only one xml file can be set and used together with the corresponding saplogon INI file (and sapshortcut.ini file) at one time for the server configuration in SAP Logon (Pad).
Best Regards
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Richard,
As i know there is no tool providing your demands, and (correct me if i am wrong) LDAP or similar products are for single sign on, but do not solve your problem with saplogon.ini file generation. But just to give you an idea on how we are handling this as we have about 90 different SAP systems (Sandbox, Dev, QA, Prd and so on...) in our landscape:
(Prerequisite is of curse that users have the same user-id in the defined systems)
1) On a daily bases all defined dialog users user-ids are extracted from every of our SAP systems and written to a file share.
2) Afterwards also on daily bases all these extracted data are consolidated. (Result is a table of user's and the sap system they have a user-id in)
3) This table is then used to generate a specific saplogon.ini file for every user that again is placed on a file share.
4) The user specific saplogon.ini file is then copy'ed to the users PC with the logon script every time the user is logging on to the network.
This is how we are handling this issue, hopefully you can use it as an inspiration, or as an example on how it can be handled.
Regards
Rolf
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Yeah, we have the same problem, and we don't (and will not) use SAP Portal.
Try SAP Note 608781 for more informations about LDAP. But this is only for systems in your local server. If you want to access via SAP Router, forget it.
A "workaround" is create shortcuts for all systems and distribute it with a software like a Novell Zen Works. Or create groups in start menu and separate it in landscapes, system (only DEV), and so on.
If somebody has a better idea...
Message was edited by:
Alexandre Zannella Gorian
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
SAP Portals has this functionality, it works quite well for us. SAP also has ways to integrate with Microsoft's Acvtive Directory. Here is some information about their offerings from SDN:
http://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/unkown/sap active directory integration of sso and user management.pdf
Regards,
John
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.