Solved: Table USREXTID

Former Member · ‎07-17-2008

Hello,

I was wondering if anyone could explain me what is the use of type LD in table USREXTID. I am looking for a way to login to an R/3 system through LDAP, and this option caught my eye. Can anyone give me some information about it.

If this section is not the best for this type of question, please direct me where.

Regards,

Leandro Fonseca

tim_alsop · ‎07-17-2008

Hello again,

I just found something which might explain what the LD type is for. If you look at [this page|http://help.sap.com/saphelp_nw04/helpdata/en/4f/bd2c3a11f3bf31e10000000a11402f/content.htm] in the SAP help library you will notice that the LD type in USREXTID table is described. It seems to be specific to the LDAP PAS module provided with the external ITS product. I think this might be the only place where this table entry type is used, and I hope you are aware that external ITS is not supported with later releases of SAP ...

Thanks,

Tim

tim_alsop · ‎07-17-2008

Hello,

I checked the LD type you mentioned, and it does indeed look like an LDAP DN can be configured in the USREXTID table entry, suggesting it is used to authorize an LDAP connection into the ABAP system, from a specific DN. I don't think this means it is to allow users to logon using LDAP authentication, since this would not be very secure. I am however not sure what it is used for because I cannot find any documentation on this, after doing a quick search using google

If you are looking to logon to SAP using userid and password in an LDAP directory, can you let me know what LDAP directory you are using, and if it is Active Directory ? Often people want to logon to SAP using Active Directory account and password, and they refer to Active Directory as their "LDAP Server", but in fact Active Directory account domain authentication can be (and often is) performed using more secure authentication protocols, e.g. Kerberos. When a user logs onto a Windows workstation using a domain account, they are actually authenticating using the Kerberos protocol, and it is very common, and possible to use the Kerberos credentials on the workstation already available to authenticate the user to the SAP ABAP AS.

Thanks,

Tim

tim_alsop · ‎07-17-2008

Hello again,

I just found something which might explain what the LD type is for. If you look at [this page|http://help.sap.com/saphelp_nw04/helpdata/en/4f/bd2c3a11f3bf31e10000000a11402f/content.htm] in the SAP help library you will notice that the LD type in USREXTID table is described. It seems to be specific to the LDAP PAS module provided with the external ITS product. I think this might be the only place where this table entry type is used, and I hope you are aware that external ITS is not supported with later releases of SAP ...

Thanks,

Tim

WolfgangJanzen · ‎07-24-2008

See also [SAP Note 509237|https://service.sap.com/sap/support/notes/509237]:

User assignment via USREXTID:

If you want to continue executing the user assignment via the USREXTID table, you must set ~exid_type to LD. This type is only available for backends as of SAP system 6.10. Systems before this version number can be retrofitted manually with their own EXTID_TYPE. However, you should not take the existing 'ID' or other types because these could be used internally by SAP.

[SAP Note 487859|https://service.sap.com/sap/support/notes/487859] describes how new USREXTID types can be added (for systems < 6.10).