cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

connectivity between LDAP server and SAP XI

Former Member

on ‎04-24-2008 1:03 PM

0 Kudos

Hi friends

Can anyone give any insights on how this solution can be implemented.We are relatively new to XI and don't have any idea about LDAP also.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (4)

Answers (4)

Former Member
‎04-24-2008 1:14 PM
0 Kudos

You want to write some thing on proxies maximum we use the Java proxies.

Show replies
Show replies
former_member556603
Active Contributor
‎04-24-2008 1:14 PM
0 Kudos

Hi,

Synchronizing SAP R/3 User Data with Corporate LDAP Directory

Purpose

The Enterprise Portal integrates a corporate LDAP directory as its primary store for central user data in the portal. One possible scenario is that you have been using an SAP R/3 System to administer your central user data, for example using Central User Administration (CUA). This means that you now need to populate the LDAP directory with user data from an SAP R/3 System. Possibly you wish to continue using the SAP R/3 System for central user management and would like to synchronize this data with the corporate LDAP directory at regular intervals.

Systems based on SAP Web Application Server (SAP Web AS) Release 6.10 or higher provide a directory interface for user management. This interface allows data from R/3 user management to be exported to a directory server and, if required, to be synchronized periodically.

Passwords are however not synchronized from the SAP Web AS to the corporate LDAP directory. This means that if your corporate LDAP directory contains user data that has been synchronized from a SAP Web AS, it does not contain any passwords and the Enterprise Portal cannot authenticate users against the corporate LDAP directory. You must set up the portal to authenticate users against the SAP Web AS or another SAP R/3 System directly.

If the user IDs in the corporate LDAP directory are the same as the users in all SAP R/3 Systems using the Single Sign-On mechanism with SAP logon tickets, there is no need to perform user mapping. For more details, see Single Sign-On to SAP Systems.

Prerequisites

You have developed a concept for data flows between SAP systems and your corporate LDAP directory. Note that only systems based on SAP Web Application Server 6.10 or higher can use the interface to an LDAP directory. SAP recommends that you use a 6.10 System for Central User Administration (CUA), which collects all the user data from connected SAP Systems. The data in the CUA System can then be synchronized with the directory. The following diagram shows an example of a system landscape with a directory.

Process Flow

First you synchronize the data from an SAP Web AS to the corporate LDAP directory. The process is described in the documentation for the SAP Web Application Server. See the section on Synchronization of the SAP Database with the LDAP Directory.

Then you need to set up the portal to authenticate its users against the SAP Web AS or another SAP R/3 System. See Configuring the Portal for SAP R/3 Authentication.

Configuring UME to Use an LDAP Server as Data Source

Purpose

There is no option to set up SAP User Management Engine (UME) to use an LDAP directory as data source during installation. Instead you have to install with a database and configure the UME manually after installation.

Prerequisites

· You have installed a SAP Web Application Server Java where the UME is configured to use the database of the J2EE Engine as data source.

· The LDAP directory has a hierarchy of users and groups that is supported by UME. The hierarchies supported by UME are groups as tree and flat hierarchy. For more information, see Organization of Users and Groups in LDAP Directory.

· The administrator of the LDAP directory must create a user that UME can use to connect to the LDAP server. This user should have read and search permissions for all branches of the LDAP directory. If UME also needs to write to the LDAP directory, the user must additionally have create and change authorizations.

Process Flow

...

1. Enter connection data for the LDAP server in the LDAP configuration tool.

2. Select the location of default users and groups.

3. Restart all cluster nodes.

4. Verify the configuration.

5. Change user in secure storage (optional).

Result

You have connected UME to an LDAP directory.

We strongly recommend that you configure Secure Sockets Layer (SSL) between the UME and the LDAP directory. Some directories, such as Microsoft Active Directory Server, require an SSL connection if you want to create users on the directory. For more information, see Configuring SSL Between the UME and an LDAP Directory.

You should check that the attribute mapping defined in the data source configuration file is appropriate for the schema that you use in your LDAP server. For more information, see Customizing a UME Data Source Configuration ® .

In addition, you can configure your LDAP directory for high availability. For more information, see Configuring High Availability of the LDAP Data Source.

Thanks,

Satya Kumar

Reward if it is useful

Show replies
Show replies
Former Member
‎04-24-2008 1:13 PM
0 Kudos

Hi

check this links

https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/b089fb71-a3b7-2a10-64a2-8c77243b...

http://help.sap.com/saphelp_nw04/helpdata/en/63/14f5b51a6eff429f2d8b2063400e82/frameset.htm

Show replies
Show replies
Former Member
‎04-24-2008 1:08 PM
0 Kudos

Hi Prithvi

Depending on your scenario and availability of resources there could be three solutions to this scenario:

1)Use ABAP Proxies

2)Use Java Proxies

3)Build an adapter module and use it.

for connectivity from xi to LDAP.Please give further details of your scenario.Maybe we can help in providing a solution.

Show replies
Show replies
Former Member
‎04-24-2008 1:10 PM
0 Kudos

Which will be an easier option realtively?I do not know ABAP.

Former Member
‎04-24-2008 1:15 PM
0 Kudos

If you are not knowing ABAP there are still two solutions left :

Java proxies or adapter module.

This is how you can do it via java proxies:

refer

https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/10716e9f-23d7-2a10-8c8c-d2665615...

There is some config within XI (3.0 - SP5 our version).

Run transaction spro > Sap web Application Server > System Administration > Directory Integration > configure LDAP Connector

Then define LDAP Users Configure the LDAP Server.

former_member556603
Active Contributor
‎04-24-2008 1:17 PM
0 Kudos

Hi Kapoor,

While wu are using proxies we have to write ABAP Code or Java Code.

You have to know Basic ABAP in case of JAVA part u have to know J2SE Part.

Thanks,

Satya Kumar

Ask a Question