Ms-Active Directory integration with SAP 4.7 SR2 through LDAP Connector

Dear Gurus,
Let me clarify the scenario:
At our end, we are planning for SSO, we are integrating Microsoft ADS with SAP 4.7 IDES
Following are the system details:
SAP: IDES 4.7, on Windows 2000 Advance Server, Oracle 8.1.7.,Kernel-620
MS-Active Directory: Windows 2003 Enterprise Edition, with Service Pack-1
With the above mentioned landscape we have integrated
LDAP-Connector on MS-Active Directory, on MS-Active Directory OS
side we have tested the command (ldap_rfc –a LDAP_ADS –g
ides.ho.com –x sapgw00) then we are testing it through an
RFC in SAP 4.7(IDES), with result success.
Everything is fine Im able to Log ON thru the User but when I try to search objects in LDAP(ie. ADS) thru "FIND", but getting Error message "operation Failed".
Referred note 511141 for the error.
Can't find anything more.
Required help...
Regards,
SHAH

Dear Juergen,
As of we have applied the SP-level till 40.
Through LDAP tcode we are able to Logon to the Directory server, and we
are also able to search, through FIND,
the system displays all entries below the specified base entry.
After that we are trying to Synchronize it, using report RSLDAPSYNC_USER through SE38, but its showing following errors:
Connection created to Server LDAP_ADS (successfully with Green)
Operation Failed (Error with Red)
Error message: LDAPRC001
LDAP_SEARCH failed (Error with Red)
Error message: LDAPACCESS101
The System could not create directory objects pool (Error with Red)
Error message: LDAPSYNC005
Connection to LDAP_ADS server terminated
As for first Error: Error message: LDAPRC001, we referred Note 511141,
Response: "This error msg does not mean that the SAP System sent incorrect data".
For Error message: LDAPACCESS101 and Error message: LDAPSYNC005, we refferred 696021 and 695026
Response: to apply the correction change, as our SP level is above the requirement, we have
level-40.
Unable to get further, any solution/suggestion.
Bye for now.
Regards,
Shaibaz

Similar Messages

  • Tutorial: Azure Active Directory integration with Igloo Software

    Click reply and tell us what you think:
    Tutorial: Azure Active Directory integration with Igloo Software
    Markus Vilcinskas, Knowledge Engineer, Microsoft Corporation

    Hello
    Can you be little clear, what you have tested with Airwatch MDM cloud?.. which scenarios?.. 
    1) Device Enrollment ?
    2) Access to Airwatch console?
    3) Access to Airwatch self service portal?
    By following the steps We do not get it working at all. by the way some of the steps in this tutorial are unclear and outdated;  
    I finally personally figured out how things should look like, and  make it work but only with Device Enrollment scenarios from the mobile devices itself. not from the pc and browsers or from the Access panel.

  • Active directory Integration with OBIEE

    Hi all,
    Can any one send me a link for active directory integration with OBIEE.
    I have imported the users succesfully and I was able to login to analytics as an AD user.
    But SSO is not possible. Kindly help me over this.
    Thanks,
    Haree.

    Thanks for reply veeravalli.
    Me too followed the same link and successfully imported all the users from AD into OBIEE and login in is also possible.
    But my requirement is to have Single Sign On ie.., users may log on to their Windows PCs and access Oracle BI EE via a standard web browser with no further authentication required on their part.
    Thanks,
    Haree

  • Can Microsoft active directory integrated with Oracle Applications

    Hi,
    Can anyone provide me any document on Microsoft Active Directory Integration with Oracle Applications(12.0.6)
    Manish

    Hi,
    It is possible, please refer to the following documents for details.
    Note: 376811.1 - Integrating Oracle E-Business Suite Release 12 with Oracle Internet Directory and Oracle Single Sign-On
    Note: 415007.1 - Oracle Application Server with Oracle E-Business Suite Release 12 FAQ
    Regards,
    Hussein

  • Process flow - Active Directory integration with Enterprise Portal

    Hi
    I have seen number of documents/forum discussions on integrating Microsoft Active Directory (LDAP) with Enterprise Portal, but unable to find out the process flow for achieving the same.
    I have installed Enterprise Portal 6 (SP13) running on Web AS 640 (J2EE Standalone). The UME is currently configured to use Java database. (i.e datasourceconfiguration_database_only.xml)
    I intend to proceed as below for integrating with Active Directory and integrate with Windows authentication:
    1) Configure UME to use an LDAP Server as Data Source using Config Tool
    http://help.sap.com/saphelp_erp2004/helpdata/en/cc/cdd93f130f9115e10000000a155106/frameset.htm
    2) Configure Enterprise Portal UME i.e http://<host name>:50000/irj - System Administration - System Configuration - UM Configuration
    <b>Should I configure Data Sources & LDAP Server here as I have already configured these using J2EE Config tool (point no.1).</b>
    3) Integrate Windows authentication with EP using IISProxy module.
    I hope the above will enable me to logon to Portal without supplying username and password once you are logged on to the PC using your Windows user name and password.
    Also, any schema updates required to Activie Directory i.e What additional data is stored in A.D.
    I would appreciate your guidance on this.
    Thanks in advance,
    Chandu

    Hi Chandau,
    you wanted that some users are not taken into account by the User Management Engine (UME).
    This behavior can be established by specifying the
    ume.ldap.negative_user_filter property for the LDAP data sources in the data source configuration file. Using this property one can define that all users and accounts that
    match the defined conditions are filtered out by the UME API.
    A detailed documentation can be found in the SAP Online Help:
    http://help.sap.com/saphelp_nw04/helpdata/en/9a/f43541b9cc4c0de10000000a1550b0/
    content.htm
    In the following example of a data source configuration file for Microsoft Active Directory
    Server the attribute userPrincipalName is used as Logon ID of a portal user id (j_user).
    Here the user accounts that have one of the following Logon ID’s (index_service,
    notificator_service and cmadmin_service ) are filtered out.
    <dataSources>
    </dataSource>
    <dataSource id="CORP_LDAP">
    <privateSection>
    <ume.ldap.negative_user_filter>
    userPrincipalName=[index_service,notificator_service,cmadmin_service]
    </ume.ldap.negative_user_filter>
    </privateSection>
    </dataSource>
    </dataSources>

  • Active Directory integration with call manager

    Hi,
    I am facing issues while Integrating the CCM to my Active Directory using AD Plug-in.
    SITE SETUP:
    1. Windows 2003 Parent Domain Controller located remotely with GC.
    2. Windows 2003 Child Domain for the Parent DC located Locally with GC.
    3. Cisco CallManager 4.1.3 sr3b
    My Requirement is to integrate CCM with my Windows 2003 AD.
    My Questions are:
    1. Do I need to Provide the Parent Domain name or the Child Domain name while performing the AD Plug-in Setup?
    2. Does my Call Manager need to have the Forest access of the Active Directory (i.e., Does it perform some modifications in the Parent Domain)?
    3. Does the user account (which is used for Directory Integration) need to have direct members of Schema Admins or thru some other domain admin groups (i.e., Admin user -> Child Domain Admins Groups -> Parent Domain and Schema Admin Groups)?
    Can anyone can help me on this?
    Thanks,
    V.Kumar

    1. Do I need to Provide the Parent Domain name or the Child Domain name while performing the AD Plug-in Setup?
    Use the root domain, in this case the Parent domain.
    Cisco does not recommend having a Cisco Unified CallManager cluster service users in different domains because response times while user data is being retrieved might be less than optimal if domain controllers for all included domains are not local.
    2. Does my Call Manager need to have the Forest access of the Active Directory (i.e., Does it perform some modifications in the Parent Domain)?
    Yes, actually all domains in the forest share the same Schema, which will be modified after running the AD plugin.
    3. Does the user account (which is used for Directory Integration) need to have direct members of Schema Admins or thru some other domain admin groups (i.e., Admin user -> Child Domain Admins Groups -> Parent Domain and Schema Admin Groups)?
    Account should be a member of the Schema Admins group in Active Directory, try the one in parent domain.
    Correct permissions for CCMAdministration and similar example for your setup:
    http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_implementation_design_guide_chapter09186a00806e8c04.html#wp1043057
    HTH

  • Active Directory integration with Solman 71. ITSM and Business Partners

    Good morning.
    We have 30 000 users on the Active Directory. All these users must be able to log a call via Solman 7.1. Is there a way to avoid creating the 30 000 users on the Solman system by integrating Solman & AD & automatically assigning the BP to the user(s)? What alternatives are there?
    Kind regards,
    Mojo

    Hi Mojo,
    You can setup the CuA (Central User Administration) to synchronized all your LDAP database to the cua. Then you solman will have to be declare on each ...
    Notes = CuA is a old technology which works fine  ... but SAP does not really support it. New product is called "IDM". It does request to your need I think..

  • Active Directory integration with Service Desk and Busines Partners

    We have populated the business partners in Service Desk with data from Windows Active Directory, but this was a one-time import.
    At the moment if there are any changes to Active Directory then the business partner records need to be updated manually.
    Does anybody know if anyway to integrate Active Directory with the business partner records in Service Desk?
    Thanks
    Simon

    This was also our problem.
    We have multiple user sources (an LDAP, ADS, different SAP systems). I'm not aware of any automated way of doing that.
    If you want to use issue management/service desk all the users need to also be created as SU01-users to be able to use the workcenters. The SU01-Users have also to be assigned to the appropriate business partner. There is no automation for this.
    For us this drawback was so big that we stopped using the service desk.
    Markus

  • Windows active directory integeration with sap user mangement

    Hi All
    I have installed  sap as local installation now my client wants to integerate sap user management with windows active directory.we have ECC,BI,PI ,SCM and ep system in our landscape.kindly suggest hoe to do that and what will be the best strategy to do that in a simple scenario.
    Regards
    Pranav

    pranav kumar wrote:
    Hi Kenneth
    >
    > I jst want to integerate the sap with windows active directory.
    >
    >
    > Regards
    > Pranav
    Hi Pranav,
    Check the article, http://www.sdn.sap.com/irj/scn/index?rid=/library/uuid/c00464ce-c974-2e10-f5be-f8f4c6dce31c
    Then, take e a look at SSO solutions at http://ecohub.sap.com/
    You can find many solutions there.
    Best regards,
    Orkun Gedik

  • Active Directory Integration with OBIEE 11.1.1.6.0

    Hi all,
    I have a wierd issue, might be due to my lack of understanding regarding LDAP, but here is the problem.
    When I use the Principal for configuring AD Authenticator, I use something like
    Principal:             CN=test test,OU=Groupe,DC=abc,DC=com
    User Base DN:      OU=Groupe,DC=abc,DC=com
    This fetches users successfully, I could see a user named "test" in the Users and Groups Screen.
    I have multiple authenticators, and CONTROL FLAG for all is set to SUFFICIENT.
    Refreshed the GUIDs too.
    But when I try to login using the username test    it throws out error saying
    Error Message From BI Security Service: SecurityService::authenticateUserWithLanguage [OBI-SEC-00015] Unable to find user in identity store
    [2013-12-10T06:35:54.000+00:00] [OracleBIServerComponent] [ERROR:1] [] [] [ecid: 19498f464dc721aa:7ff6bd7a:142dc1e4b45:-8000-0000000000000660] [tid: ec4]  [nQSError: 43126] Authentication failed: invalid user/password.
    NOTE: The install is an OBIEE Simple Install. Does it have a limitation on the No. of Authenticators? (just a wild guess)
    Could any one help in resolving this login issue?
    Regards,
    Kiran P

    Hi,
    Verify that your Oracle EBS OLTP DbAuth Connection Pool executes on connect Physical SQL :
    call /* valueof(NQ_SESSION.ACF) */ APP_SESSION.validate_icx_session('valueof(NQ_SESSION.ICX_SESSION_COOKIE)')
    Best,
    Ark

  • Help with Active Directory Integration and kerberos

    Hello,
    I’m encountering a bug preventing me to use Active Directory integration with kerberos :
    Our domain name is CORP.DOMAIN.COM.
    When we request the GC in this domain :
    bash-3.00# nslookup -query=any gc.tcp.corp.domain.com
    Server: 1.2.1.6
    Address: 1.2.1.6#53
    ** server can't find gc.tcp.corp.domain.com: NXDOMAIN
    there is no answer.
    But when we request without corp, we find the servers :
    bash-3.00# nslookup -query=any gc.tcp.domain.com | grep sis
    gc.tcp.domain.com service = 0 100 3268 serveur02.corp.domain.com.
    gc.tcp.domain.com service = 0 100 3268 serveur01.corp.domain.com.
    bash-3.00#
    Is-it possible to add the possibility to enter the domain name where reside the gc.tcp ?
    Thank you.

    Hello
    the domain.com domain exist, but it's not our domain.
    so, when I put domain.com, it search with no result (nothing appends).
    our kdc.conf :
    [kdcdefaults]
    kdc_ports = 88,750
    [realms]
    CORP.DOMAIN.COM = {
    profile = /etc/krb5/krb5.conf
    database_name = /var/krb5/principal
    admin_keytab = /etc/krb5/kadm5.keytab
    acl_file = /etc/krb5/kadm5.acl
    kadmind_port = 749
    max_life = 8h 0m 0s
    max_renewable_life = 7d 0h 0m 0s
    default_principal_flags = +preauth
    krb.conf
    [libdefaults]
    default_realm = CORP.DOMAIN.COM
    default_checksum = rsa-md5
    [realms]
    CORP.DOMAIN.COM = {
    kdc = dc01.corp.domain.com
    kdc = dc02.corp.domain.com
    [domain_realm]
    .corp.domain.com = CORP.DOMAIN.COM
    corp.domain.com = CORP.DOMAIN.COM
    in every domain, I think the GC are in corp.domain.com. but in my company, it's in domain.com...
    Thank you,

  • MS active Directory Configuration on SAP 4.7 and ECC6.0

    Hello
    Can anybody guide the steps required for MS Active Directory Configuration with SAP 4.7 on AIX and
    and ECC 6.0 also on AIX 5.3.
    Currently we are using many different applications on client landscape.
    The requirement is for implementing the Single Sign On for all the applications
    on the client landscape.

    Please check
    /people/andre.fischer/blog/2008/06/04/windows-server-2008--active-directory-certified-for-the-bc-ldap-usr-directory-interface-for-user-management
    In Case you also have EP then
    /people/wai-hon.lam/blog/2006/04/20/windows-integrated-authentication-via-kerberos-on-an-ldap-data-source
    Also check below for SSO
    Note 121178 - NT: Installation note for SSO Single Sign On
    Note 138498 - Single Sign-On Solutions

  • Issue with Reset Password from Active Directory Integration Pack

    I seem to be having some issues with a subscription in the Reset Password activity from the Active Directory Integration Pack. The "User Password" field refuses to take a value from a subscription provided earlier in a Generate Random
    Text activity. As you will see in the screenshot below, when the Reset Password activity runs, the User Password value is blank.
    Any idea why this might be happening? It looks like a possible bug with the Active Directory Integration Pack.

    Hi John,
    I think this is not a bug, this should be by design because the password is a secure string. If you look for the Published data for Reset User Password activity at
    http://technet.microsoft.com/en-us/library/hh553463.aspx it is not listed there as well.
    If you need the the string (e.g. to send it via email) use the
    data from the "Generate Random Text" Activity.
    Regards,
    Stefan
    www.sc-orchestrator.eu ,
    Blog sc-orchestrator.eu

  • Issues in BO integration with SAP EP

    Hi All,
    integration of SAP EP 7 and BOexi3.1.
    My requirement is to show the BO WEBI reports in portal. My scenario is like directly connecting to BO from EP using SSO with out connecting to BI.
    For Bo,Only data is comming from BI , Roles and  user creation are saperately is done in BO only. Is it possible to connect do sso between SAP EP and BO with out connecting to BI.
    BO is not using any Active Directory., users and roles  are created in its own database and Portal users are stored in ume data base. how to achive sso between SAP EP and BO.
    Thanks
    Rajeev

    Hi,
    Go through the below link which gives great details on the BOXI integration with SAP EP.
    http://wiki.sdn.sap.com/wiki/display/BOBJ/IntegrationofBOEXI3.1intotheSAPEnterprisePortal+7.x
    You should be able to get the SSO details also here.
    Regards,
    Noor.

  • Brief discussion on SAP XI and its' Integration with SAP MDM.

    Hi,
    I have never worked on SAP XI.
    I am discussing it on brief, please give your valuable replies.
    SAP XI consists of System Landascape Directory(SLD).
    SLD Consists of Business System and Techinical System.
    Technical System contains all information about the software
    component. The Business System consists of Inbound and Outbound Business
    System which are used as logical names for data transfer.
    There is communication Channel for Receiver and Sender Business System and n agreement
    is signed between Sender and Receiver.
    Outbound Interface defined for Business System Outbound and Techical System associated
    with the Business System,
    Inbound Interface defined for Business System Inbound and Techical System associated
    with the Business System.
    In SAP NetWeaver XI Integration Directory, we have defined the Integration Scenarios,
    Actions, Interface Objects, Mapping Objects, Adapters Objects.
    Mapping Object defines the Structure and Value Mapping.
    Adapter Objects defines the Adapter program which implements RFC Adapter, FTP Adapter logic.
    FTP Adapter is used for XI-MDM Communication.
    RFC Adapter is used for XI-ECC Communication.
    Integration Repository: Both Outbound and Inbound Interfaces are Mapped with Value mapping and
    Structure Mapping inside Integration Repository.
    The File Adapter takes the File from the Outbound port of MDM System
    and sends it as IDOC to Receiver Business System.
    Value Mapping must be done between Sender and Receiver interfaces.
    Value Mapping is done by XSLT or Java based program.
    SAP NetWeaver XI Integration Server at runtime:
    Message Split, Interface Determination, Receiver Identifaction, Mapping, Techincal Routing
    and Call Adapter Proccess are done.
    In SAP XI 3.0 and MDM 5.5:
    Step 1: Create busines system as service.
    Step 2: Create communication channel for each business service. If the system can communicate
    through different channels, then create all possible channel types if necessary.
    Step 3: Create receiver agreement between the systems.
    Step 4: Interface determination:
    - Here you see for the first time the software component mentioned;
    there are some special requirements regarding this software component in relation to the customizing ID mapping.
    - To modify this software component, the customer needs to copy the SAP standard delivered software component
    into its own namespace. The customer is able to modify to create archives
    for the customized ID mapping.
    Receiver determination.
    Configure an FTP Server on the MDS.
    Create a send folder for outbound messages using outbound port(s) for
    remote systems(s).
    Create receive folder inbound messages using inbound port(s) for remote systems.
    This ia all about concept of SAP XI Infractsture and its' Integration with SAP MDM 5.5.
    Regards
    Kaushik Banerjee

    Hi Kaushik,
    You must be aware of File types that MDM Import Manager can Import i.e. we have XML, Excel etc. Now there are two transactions to extract data from R3
    1. MDMGX -
             - For lookup table extraction
             - Output in XML format which MDM can import without using XI.
              - FTP can be configured to put the file in the desired folder which will be then picked by Import Server.
    2. MDM_CLNT_EXTR -
              - For Main table records.
              - Output is in Idoc format which MDM doesn't understand hence we need XI in between which converts Idoc file received from R3 into XML which can then be imported using Import Manager or Import Server. For this we need to implement XI Scenario that consists of Source System, Receiver System, Type of Data etc.
    Just a basic understanding...
    Regards,
    Jitesh Talreja

Maybe you are looking for