01-29-2008 12:51 PM
Hi All
I have managed to connect the AD server & SAP Ecc 6.0 using the LDAP connector.But there is no Function module which synchronizes Users passowrd from AD server into SAP.
Do you know any best practices to do this.
Thank you
Naveen.
01-29-2008 12:59 PM
Hello Naveen,
To my knowledge, the best practice is not to synchronize passwords at all (except perhaps sending initial ones).
Besides, how are you getting the password out of the AD...?
You will have great, great difficultly in synchronizing the AD hash with the SAP hash.... of that I am quite certain.
Cheers,
Julius
01-29-2008 12:59 PM
Hello Naveen,
To my knowledge, the best practice is not to synchronize passwords at all (except perhaps sending initial ones).
Besides, how are you getting the password out of the AD...?
You will have great, great difficultly in synchronizing the AD hash with the SAP hash.... of that I am quite certain.
Cheers,
Julius
01-29-2008 1:04 PM
Naveen,
The info provided by Julius is correct. You cannot sync password with AD since AD passwords are used to generate keys, which are used during Kerberos authentication with the domain. So, AD does not allow access to passwords.
The LDAP sync is designed only for non password info for an account, e.g. company name, address, telephone number.
Thanks,
Tim
01-29-2008 1:18 PM
01-29-2008 1:19 PM
01-29-2008 2:40 PM
See [SAP Note 376856|https://service.sap.com/sap/support/notes/376856].
But I assume that you actually intend to achieve SSO - most likely based on using SPNEGO.
Unfortenately, you did not reveal whether you are referring to NWAS ABAP or NWAS Java when mentioning that you intend to connect to an "SAP system". Well, NWAS Java does support SPNEGO - while NWAS ABAP does not.
Searching this SDN forum for the keywords "SPNEGO", "Kerberos", "ADS" you'll find many hits ...
Cheers, Wolfgang