How to only synchronize one specific LDAP user group with SAP?

Hi,
Hopefully this is the correct forum to post this in. I want to have continuous one-way synchronization of users from my LDAP server to my SAP central system. I've started configure in SAP using transaction SM59 and LDAP. Can I somewhere set that only one specific LDAP user group shall be transferred to SAP (they do not need to be assigned to any specific group, profile, role in SAP) - or should this be done on the LDAP server side (or is it at all possible)?
Correct me if I'm wrong, but the User Group field in the report RSLDAPSYNC_USER only concerns SAP user groups right? This would therefore not be sufficient since I want to select the users to synchronize based on user groups in the directory.
Thanks, Oscar

We've used a repository constant to specify the LDAP filter for reading users / groups from the LDAP target.
E.g. LDAP_FILTER_USERS (&(objectCategory=person)(objectClass=user))
Then we also have a constant for the LDAP_STARTING_POINT
For our AD Group Initial Load we filter according to these settings:
LDAP_FILTER_GROUPS = (objectclass=group)
LDAP_STARTING_POINT_GROUPS = ou=IDMManagedGroups,ou=Groups,dc=cfstest,dc=le,dc=ac,dc=uk
The above example only reads AD groups starting at the specified OU
Then in a Job From LDAP Pass the LDAP URL looks like this:
LDAP://%$rep.LDAP_HOST%:%$rep.LDAP_PORT%/%$rep.LDAP_STARTING_POINT_GROUPS%?*?SUB?%$rep.LDAP_FILTER_GROUPS%
I hope this helps
Paul

Similar Messages

How do I delete one of the user accounts on my computer and not lose the data in that account?

How do I delete one of the user accounts on my computer and not lose the data in that account?

I actually have the opposite of this problem. haha.
https://discussions.apple.com/thread/4484354

ITunes 9.0.1 will only play one specific playlist

itunes 9.0.1 will only play one specific playlist, and freezes when I try to do anything else. Had 9.0.0.7, then upgraded...said would fix the problem, but didn't. When I sync iPhone itunes freezes as well. Tried to delete podcasts...froze. Tried to delete duplicate songs...froze. Tried to...you get the picture.
Any help?

Problem has been resolved...had to reinstall, then go to add/remove programs and repair iTunes.

HT1386 How do you sync one specific song

How do you sync one specific song from your itunes library in the computer to your phone

Make sure that the "Sync Music" option from the Music tab in your iTunes is checked but not the "Entire music library" underneath the "Entire music library" option you can select which parts of you iTunes library to sync with your iPhone.

How does schedule with RESTful API a Webi report for a group of users ("Schedule For" to "Schedule for specified users and user groups" with one or more users/groups)?

SAB BO 4.1 SP1
Does it have an RESTful API to schedule a Webi report with the parameter to specify a group of users ("Schedule For" to "Schedule for specified users and user groups" with one or more users/groups)?

Hello Ricardo,
have you try a call like this one ?
    <schedule>
      <name>"test"</name>"
      <format type=\"webi\"/>
      <destination>
        <inbox>
         <to>userId1,userId2,userId3,groupId1,groupId12</to>
        </inbox>
      </destination>
    </schedule>
Regards
Stephane

How can I send one sms to a group of people?

how can I send one sms to a group of people?

Read the User's Guide which covers basic functionality such as this.

How to create user groups in SAP

Hello Gurus,
Can anyone let me know how to create user groups in SAP-HR Module and who will be creating the user groups.
plz provide me the steps.

Hi Stephanie,
IMG --> Personnel Mgmt --> Personnel Administration --> Basic Setting s --> Maintain User Parameters
Please refer the below links:
http://scn.sap.com/thread/1653026
http://scn.sap.com/thread/1682721
http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/10eab7af-0e54-2c10-28a5-87b47adbe1a5?QuickLink=index&overridelayout=true&44478681629499
Thanks,
Madhav.

How many ways we can create authorization for user groups in sap query reports

Hi Gurus, I am getting a problem when I am assigning users to user group in sap query report .The users other than created in user groups are also able to add &change the users .So please suggest me how to restrict users outside of the user group.
Please send me if u have any suggestions and useful threads.
Thank You,
Suneel Kumar.

I don't think it can be done. According to the link below 'Users who have authorization for the authorization object S_QUERY with both the values Change and Maintain, can access all queries of all user groups without being explicitly entered in each user group.'
http://help.sap.com/saphelp_46c/helpdata/en/d2/cb3f89455611d189710000e8322d00/content.htm
Although I think you can add code to your infoset and maybe restrict according to authority group, i.e.:
Use AUTHORITY-CHECK to restrict access to the database based on user.
Press F1 on AUTHORITY-CHECK to find out how to use it in the code

How can we find all the available user-exits in sap without using SMOD?.

How can we find all the available user-exits in sap without using SMOD?.

Hi,
Please check this links for user exits list.
http://www.planetsap.com/Userexit_List.htm
http://www.easymarketplace.de/userexit.php
http://www.sap-img.com/ab038.htm
Regards,
Ferry Lianto

Online Availability of Sun ONE Application Server User Groups

The Sun ONE Application Server User Group community is now available online at
http://developer.iplanet.com/usergroups/appserverhome.jsp
Sanjay

from the standard download pages (on www.sun.com, simply select download...)
then you end up here:
http://www.sun.com/download/products.xml?id=42ae317c
but why would you want 7.0 ?? thats getting old now. You really should be looking at the very least at 7.1; and better yet at 8.1
cheers
Tom

Login on user group with redirect ORA-01403: no data found

Hi,
i have 3 home page, one for each user group
I would like to address the home page based on the value the group's
i tried to do this with a process on login page
:FSP_AFTER_LOGIN_URL := null;
declare l_page varchar2(30);
begin
SELECT gr.GRP_ID
into :P101_GRP_ID
FROM DB1USG ug, DB0USR us
WHERE
AND us.USR_ID=:P101_USERNAME
AND us.USR_ID=ug.USG_USR_ID;
if :P101_GRP_ID = 'CPY' then l_page := '5007';
elsif :P101_GRP_ID = 'TRF' then l_page := '5005';
elsif :P101_GRP_ID = 'VND' then l_page := '7051';
else l_page := '1'; -- default home page
end if;
wwv_flow_custom_auth_std.login(
P_UNAME => :P101_USERNAME,
P_PASSWORD => :P101_PASSWORD,
P_SESSION_ID => v('APP_SESSION'),
P_FLOW_PAGE => :APP_ID||':'||l_page
end;
after password input i received ORA-01403: no data found error
Any help?
Thanks in advance
km

Hi Scott,
first access
user USR1--> page afer login --> 7051 ->OK
logout
user USR2-->page right 5007
page afer login --> 7051 --> no 5007
Scott,
in process on login page i added the line
:P0_FIRST_PAGE_ID := l_page;
and
i modified logout URL on my Authentication Scheme
wwv_flow_custom_auth_std.logout?p_this_flow=&APP_ID.&p_next_flow_page_sess=&APP_ID.:&P0_FIRST_PAGE_ID.
Many thanks
km

How to enable only a subset of LDAP users to be able to login to OBIEE

We have enabled LDAP authentication. Now every single LDAP user can login to Presentation server. That is an issue. Not all LDAP users are OBIEE users. Only a small subset of the LDAP users should be able to access OBIEE. We have a database table that lists all OBIEE users. This table however does not have user password information. User Password information is stored in the LDAP.
so question is how do we limit OBIEE access to only OBIEE users and not all LDAP users.
Thank you

Thanks for your suggestion. If i understand it correctly, user will still be able to login to Presentation server but will not have access to any content using your solution approach. Did i get it right?
In my current setup, user gets authenticated against LDAP, then i extract user group for that user and assign it to GROUP. Only those users gets assigned to GROUP who have access to OBIEE. We have secured RPD and Catalogs so that user must be a member of at least one GROUP to be able to access content.
Right now, a LDAP user who is not present in OBIEE user table, is able to login to BI Presentation server but is not able to see any thing. Because user gets authenticated, but does not have any authorization rights. So far so good.
I would like to take next step, where use login to BI Presentation server is denied if user id does not exist in the OBIEE user table ( but exists in the LDAP).
Thank you

HOW-TO specify database credentials in LDAP user

Hi:
I want to know how can i specify oracle database credentials (oracle database usernname) that one specific user will use to connect to the database for instance when using Oracle Forms.
I saw in OID some "tags" like orcluserv1, etc... is this ? how can i do it ?
For instance i want that:
LDAP user Database user
user00001 dbuserA
user00002 dbuserA
user00003 dbuserA
user00004 dbuserB
user00005 dbuserB
So ldap user00001 will connect to the database with dbuserA ..
Thanks in advance,
Ricardo

Hi Ashish:
I've succesfully created an user with OIDDAS and assign it a "resource acess information" of type OracleDB.
So, when creating this user i specified the username in db that this user will use to access database. Until now, it's all perfect. But, where's this information is stored ?
I've access OID Manager and see that user is create in the Entry Management, but the DB information is not stored in any of the properties of this user.
This is a problem, because I want to make an APP that will use DBMS_LDAP pack to create user dynamically, so I have to know what attributes/classes/properties that user needs for assign it to a specific DB user.
Can you help ?
Thanks The information is stored in an Oracle Specific container called 'cn=oracleContext' in the default subscriber.
You can use the DBMS_LDAP_UTL package (shipped in iAS 902) to query these Resource Access Descriptors. Directly
storing these from PL/SQL is not presently supported. OIDDAS is the only interface through which you can get this done.

How to get Request object and LDAP user

Hi All,
How to get Request object, coz i want to see the out put of this code
IUser myUser = request.getUser();
String uid=myUser.getUid();
I want to get only LDAP user from the server, for that i am having code but i think this code is returning me all user from the server.
com.sap.security.api.IUser user = null;
try {
      IUserFactory userFactory = UMFactory.getUserFactory();
     IUserSearchFilter searchFilter = userFactory.getUserSearchFilter();
ISearchResult searchResult = userFactory.searchUsers(searchFilter);
   int count = 0;
    List list = new ArrayList();
     while (searchResult.hasNext()) {
                  count++;
                   String uniqueid = (String) searchResult.next();
                    user = userFactory.getUser(uniqueid);
                    list.add(user.getUniqueName());
This code is giving me all user from the server LDAP and as well as portal user.
But i want only LDAP.
Please help me out. It's urgent.
Regards,
Deepak

Hi
use the following code
//Request
IWDRequest = WDProtocolAdapter.getProtocolAdapter().getRequestObject();
//User
IWDClientUser = WDClientUser.getCurrentUser();
Regards
Ayyapparaj

How can i synchronize my contacts in my iPhone with the ones in my iPad?

How can I synchronize my contacts in my iPad to the ones in my iPhone??

I do that by using iCloud to house all my contacts. Then simply use the same Apple ID on the iPad and iPhone, and turn on iCloud on both.

How to only synchronize one specific LDAP user group with SAP?

Similar Messages

Maybe you are looking for