SAP CUA Vs Corporate LDAP

Hello All,
   Could anybody please let me know the pros and cons of the SAP CUA and Corporate LDAP?
Please this is urgent
Thanks,
Leena.

Hi All,
Can anyone please suggest the advantages/disadvantages of SAP CUA over Corporate LDAP.
I've gone through several threads and a lot has been spoken about it but still I would like to know the pros and cons of each approach so that technical consultants can decide to choose the best as per their landscape.
Please also suggest the differences in terms of complexities and costs incurred in implementing the same.
Thanks & Regards,
Anurag Gwari

Similar Messages

  • Regarding SAP CUA vs Corporate LDAP for authentication purposes

    Hello All:
       Could anyone please give more information about SAP CUA and the corporate LDAP? Please suggest which is more advantageous and what is the cost involved in each of these. These are the options for the authentication of SAP Enterprise Portal in our system here. We want to figure out which has more advantages over the other one.
    Thanks,
    LBuegg

    Hello all,
       Appreciate your response for this query. We need to figure out the options soon. Its kind of urgent.
    Thanks again..
    L Buegg.

  • EP 6.0 SP2: Users move in Corporate LDAP,

    Hello,
    my corporate LDAP was changed. All the users moves from O=x to O=y. Now no user can login.
    When i add the new users to the Portal, they lost there personel settings.
    Is it possible to manipulate the Database? Or ist their any other trick?
    Stephan

    Hi Stephan,
    if you move users in your LDAP-Directory you loose the role assignments because the roles are assigned to the DN (Distinguished Name) of the user. i.e: CN=user1, O=x, C=DE. So when you move the users from O=x to O=y the DN of the users changes and so the role assignment becomes invalid.
    There is the possibility to change the uniqueID of users in the UME, so that it's not the DN but the CN, which in your case remains the same. You can do this be changing the attribute mapping in the UME.
    More infos you can find here: http://help.sap.com/saphelp_ep60sp2/helpdata/en/b6/8b9aed8d7c11d5bdd8006094191908/frameset.htm
    Be aware that if you change the uniqueID to CN you should also take care of the fact that the CN must be unique in the LDAP tree you use for the portal users. Also, a.f.a.i.k., after this change the Directory can only be integrated read-only.
    Hope that helps,
    Robert

  • SAP Abap system as LDAP source/server?

    Hello,
    is it possible to configure a SAP Abap system as LDAP server so that I can read out the user information via LDAP?
    We have a SSL-Gateway that needs to preauthenticate external users and we don't want to manage those users in two different systems.

    Marc,
    Are you thinking about Central User Administration (CUA). Then it is possible by LDAP.
    Hope this helps.
    Manoj

  • Need Tcode for Synchronization of SAP Useradministration with an LDAP

    Hi Experts,
    i am configuring the SAPR/3 4.7EE server with an LDAPserver( OID Oracle Intranet Directory server) by using the tcodes SM59,LDAP.
    Now i Need the Tcode for Synchronization of SAP Useradministration with an LDAP
    when i clicked on the ServerNames tab on the screen with Tcode LDAP,
    i am not getting the Synchornization screen when i clicked on the Synchronization
    can anyone provide me the info where i have to do the Synchronization of SAP User Administration with an LDAP?
    Regds
    Phani

    Hi Olivier
    To be specific, we have an application(.Net) which uses SAP as backend and retrieves the data from SAP using RFC and BAPI's. Well everything works fine with SAP R/3(where using the connection string and SAPConnector we could establish connection and call the RFC/BAPI).
    When it comes to SAP ECC we have no idea about the connection string or how to connect using SAPConnector. I knew that ECC uses a secured connection so i want to know how to connect to SAP ECC using .Net Connnector.
    For the SSL could you tell me how exactly can we apply that to the above described situation?
    thanks
    sathish

  • How can I provision users to SAP CUA with their passwords Disabled?

    I need to provision users to SAP CUA with their passwords disabled. How can I configure this if at all?
    Thanks!

    Thanks for the quick response. I am confirming with SAP team if its permission issue.
    Following is the snippet from JBOSS log:
    2009-04-14 11:06:26,659 INFO [STDOUT] Running SAP CUA Create User
    2009-04-14 11:06:26,659 INFO [XL_INTG.SAPCUA] createUser(): Create User Request
    2009-04-14 11:06:26,659 INFO [XL_INTG.SAPCUA] createUser(): userId :00000209, userGroup:,lastName:Employee 209,firstName:Last Name - 209,userTitle:0003,langComm:,department:,langLogIn:,timeZone:,telephone:,extension:,Fax:,email:,dateFormat:,decimalNotation:,function:,roomNo:,floor:,building:,code:,commType:,alias:,startMenu:,userType:,RoleProfile:,RoleProfileOption:Role
    2009-04-14 11:06:26,659 INFO [XL_INTG.SAPCUA] SAP CUA Create Connection Request
    2009-04-14 11:06:26,659 INFO [XL_INTG.SAPCUA] createCUAConnection(): START SAP Connection creation.
    2009-04-14 11:06:26,659 INFO [XL_INTG.SAPCUA] createCUAConnection(): SAP Connection creation successfull.
    2009-04-14 11:06:26,690 INFO [XL_INTG.SAPCUA] getStatus() :returnStructure:User 00000209 does not exist
    2009-04-14 11:06:26,690 INFO [XL_INTG.SAPCUA] getStatus() :Type:I
    2009-04-14 11:06:26,690 INFO [XL_INTG.SAPCUA] getStatus() :Mesage NUMBER:124
    2009-04-14 11:06:26,690 INFO [XL_INTG.SAPCUA] findUser(): User not exist in SAP CUA
    2009-04-14 11:06:26,690 INFO [XL_INTG.SAPCUA] createUser(): Create User Start
    2009-04-14 11:06:29,487 INFO [XL_INTG.SAPCUA] getStatus() :Mesage :User 00000209 created
    2009-04-14 11:06:29,487 INFO [XL_INTG.SAPCUA] getStatus() :Mesage Type:S
    2009-04-14 11:06:29,487 INFO [XL_INTG.SAPCUA] getStatus() :Mesage NUMBER:102
    2009-04-14 11:06:29,487 INFO [XL_INTG.SAPCUA] addRoleToUser():Add Role to User
    2009-04-14 11:06:29,753 INFO [XL_INTG.SAPCUA] getChildData() :getUserRoles method is Started
    2009-04-14 11:06:29,800 INFO [XL_INTG.SAPCUA] getUserRoles() :getUserRoles method End
    2009-04-14 11:06:30,128 DEBUG [org.jboss.ejb.plugins.LRUEnterpriseContextCachePolicy] Running RemoverTask
    2009-04-14 11:06:30,128 DEBUG [org.jboss.ejb.plugins.LRUEnterpriseContextCachePolicy] RemoverTask, PassivatedCount=0
    2009-04-14 11:06:30,128 DEBUG [org.jboss.ejb.plugins.AbstractInstanceCache] removePassivated, now=1239725190128, maxLifeAfterPassivation=1200000
    2009-04-14 11:06:30,128 DEBUG [org.jboss.ejb.plugins.LRUEnterpriseContextCachePolicy] RemoverTask, done
    2009-04-14 11:06:30,362 INFO [XL_INTG.SAPCUA] getStatus() :Mesage :Role assignment to user 00000209 changed
    2009-04-14 11:06:30,362 INFO [XL_INTG.SAPCUA] getStatus() :Mesage Type:S
    2009-04-14 11:06:30,362 INFO [XL_INTG.SAPCUA] getStatus() :Mesage NUMBER:048
    2009-04-14 11:06:30,362 INFO [XL_INTG.SAPCUA] Role added successfully to the user.
    2009-04-14 11:06:30,362 INFO [XL_INTG.SAPCUA] changePassword(): Change Password Start
    2009-04-14 11:06:31,284 INFO [XL_INTG.SAPCUA] getStatus() :Mesage :Password Not Allowed
    2009-04-14 11:06:31,284 INFO [XL_INTG.SAPCUA] getStatus() :Mesage Type:E
    2009-04-14 11:06:31,284 INFO [XL_INTG.SAPCUA] getStatus() :Mesage NUMBER:001
    2009-04-14 11:06:31,284 DEBUG [XL_INTG.SAPCUA] changePassword(): chanegPassword eventPassword Not Allowed
    2009-04-14 11:06:31,284 ERROR [XL_INTG.SAPCUA] changePassword():Change Password Error:Password Not Allowed
    2009-04-14 11:06:31,284 ERROR [XL_INTG.SAPCUA] createUser():ChangePassword error after user creation:SAP.PASSWORD_CHANGE_ERROR
    2009-04-14 11:06:31,284 ERROR [XL_INTG.SAPCUA] createUser():Deleting the User
    2009-04-14 11:06:31,284 INFO [XL_INTG.SAPCUA] deleteUser(): Delete User Start
    2009-04-14 11:06:32,222 DEBUG [org.jboss.ejb.plugins.LRUEnterpriseContextCachePolicy] Running RemoverTask
    2009-04-14 11:06:32,222 DEBUG [org.jboss.ejb.plugins.LRUEnterpriseContextCachePolicy] RemoverTask, PassivatedCount=0
    2009-04-14 11:06:32,222 DEBUG [org.jboss.ejb.plugins.AbstractInstanceCache] removePassivated, now=1239725192222, maxLifeAfterPassivation=1200000
    2009-04-14 11:06:32,222 DEBUG [org.jboss.ejb.plugins.LRUEnterpriseContextCachePolicy] RemoverTask, done
    2009-04-14 11:06:34,769 DEBUG [org.jboss.ejb.plugins.LRUEnterpriseContextCachePolicy] Running RemoverTask
    2009-04-14 11:06:34,769 DEBUG [org.jboss.ejb.plugins.LRUEnterpriseContextCachePolicy] RemoverTask, PassivatedCount=0
    2009-04-14 11:06:34,769 DEBUG [org.jboss.ejb.plugins.AbstractInstanceCache] removePassivated, now=1239725194769, maxLifeAfterPassivation=1200000
    2009-04-14 11:06:34,769 DEBUG [org.jboss.ejb.plugins.LRUEnterpriseContextCachePolicy] RemoverTask, done
    2009-04-14 11:06:43,863 INFO [XL_INTG.SAPCUA] getStatus() :Mesage :Role assignment to user 00000209 deleted
    2009-04-14 11:06:43,863 INFO [XL_INTG.SAPCUA] getStatus() :Mesage Type:S
    2009-04-14 11:06:43,863 INFO [XL_INTG.SAPCUA] getStatus() :Mesage NUMBER:090
    2009-04-14 11:06:43,863 INFO [XL_INTG.SAPCUA] getStatus() :Mesage :Role assignment to user 00000209 deleted
    2009-04-14 11:06:43,863 INFO [XL_INTG.SAPCUA] getStatus() :Mesage Type:S
    2009-04-14 11:06:43,863 INFO [XL_INTG.SAPCUA] getStatus() :Mesage NUMBER:090
    2009-04-14 11:06:43,863 INFO [XL_INTG.SAPCUA] getStatus() :Mesage :Role assignment to user 00000209 deleted
    2009-04-14 11:06:43,863 INFO [XL_INTG.SAPCUA] getStatus() :Mesage Type:S
    2009-04-14 11:06:43,863 INFO [XL_INTG.SAPCUA] getStatus() :Mesage NUMBER:090
    2009-04-14 11:06:43,863 INFO [XL_INTG.SAPCUA] deleteUser(): User deleted SUCCESSFUL
    2009-04-14 11:06:43,863 DEBUG [XL_INTG.SAPCUA] createUser(): 00000209:SAP.USER_CREATION_FAILED
    2009-04-14 11:06:43,863 INFO [XL_INTG.SAPCUA] closeCUAConnection(): START SAP Connection Close.
    2009-04-14 11:06:43,878 INFO [XL_INTG.SAPCUA] closeCUAConnection(): SAP Connection Close successfull.
    2009-04-14 11:06:43,925 DEBUG [org.jboss.ejb.plugins.LRUEnterpriseContextCachePolicy] Running RemoverTask
    2009-04-14 11:06:43,925 DEBUG [org.jboss.ejb.plugins.LRUEnterpriseContextCachePolicy] RemoverTask, PassivatedCount=0
    2009-04-14 11:06:43,925 DEBUG [org.jboss.ejb.plugins.AbstractInstanceCache] removePassivated, now=1239725203925, maxLifeAfterPassivation=1200000
    2009-04-14 11:06:43,925 DEBUG [org.jboss.ejb.plugins.LRUEnterpriseContextCachePolicy] RemoverTask, done
    2009-04-14 11:06:44,878 INFO [STDOUT] Running SAP CUA ADD ROLE
    2009-04-14 11:06:44,878 INFO [XL_INTG.SAPCUA] addRoleToUser() :Add Role
    2009-04-14 11:06:44,878 INFO [XL_INTG.SAPCUA] SAP CUA Create Connection Request
    2009-04-14 11:06:44,878 INFO [XL_INTG.SAPCUA] createCUAConnection(): START SAP Connection creation.
    2009-04-14 11:06:44,878 INFO [XL_INTG.SAPCUA] createCUAConnection(): SAP Connection creation successfull.
    2009-04-14 11:06:44,878 INFO [XL_INTG.SAPCUA] getStatus() :returnStructure:User 00000209 does not exist
    2009-04-14 11:06:44,878 INFO [XL_INTG.SAPCUA] getStatus() :Type:I
    2009-04-14 11:06:44,878 INFO [XL_INTG.SAPCUA] getStatus() :Mesage NUMBER:124
    2009-04-14 11:06:44,878 INFO [XL_INTG.SAPCUA] findUser(): User not exist in SAP CUA
    2009-04-14 11:06:44,878 ERROR [XL_INTG.SAPCUA] addRoleToUser() :User Id :00000209 not exist in target SAP system.
    2009-04-14 11:06:44,878 INFO [XL_INTG.SAPCUA] closeCUAConnection(): START SAP Connection Close.
    2009-04-14 11:06:44,878 INFO [XL_INTG.SAPCUA] closeCUAConnection(): SAP Connection Close successfull.

  • Corporate LDAP

    How to configure External Authentication with corporate LDAP?

    The below link tells how to configure Shared Services to support authentication of users stored in LDAP, refer to chap 10
    http://download.oracle.com/docs/cd/E12032_01/doc/epm.921/hss_install.pdf

  • SAP CUA

    Hi All,
    I am currently working on SAP CUA.
    I wanted to know where the data for CUA is stored in case of roles and profiles
    There are two tables i came across
    a)USRSYSACTT (has lnaguage as one of the column)
    b)USRSYSACT
    Which table should be used to check the profiles.
    What is difference between the two.
    Is the data in both consistent
    Best Regards
    Manoj

    Hi Alex,
    Thanks for the reply.
    I would explain you the scenarion in more detail.
    Imagine if there is a SAP CUA setup .
    Admin system ==> ADMCLNT800
    Child system 1 ==>CH1CLNT800
    Child system 2 ==>CH2CLNT800
    System ADMCLNT800 has data as
    a)role1
    b)role2
    c)profle1
    d)profile2
    System CH1CLNT800has data as
    a)role3
    b)role4
    c)profle3
    d)profile4
    System CH2CLNT800 has data as
    a)role5
    b)role6
    c)profle5
    d)profile6
    Now each of them will have it own data  repository specific to it like  user ,profiles,roles.
    But i am interested in the CUA data repository ,which i think would be in the admin system containing  all the above data in a master place.
    Now i am interested  in knowing this table.
    Please let me know if  the scenario is clear.
    Best Regards
    Manoj

  • SAP CUA connector changes password in master system AND child systems?

    Please confirm if OIM can change the password in both SAP CUA master and child systems through SAP CUA connector. The connector guide mentions the following parameter can be defined in SAP CUA IT Resource.
    Parameter: SAPChangePasswordSystem Flag that accepts the value X or ' '
    If the value is X, then the password is changed
    only in the master system. If the value is ' ', then
    the password is changed in both master and child
    systems.
    This parameter is used by the Reset
    Password function.
    Thanks!

    Hi,
    1) You can use report RSCCUSND to distribute users from CUA to child client. Check section "Sending User Master Data to a Child System" in [CUA cookbook|http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/fe4f76cc-0601-0010-55a3-c4a1ab8397b1?quicklink=index&overridelayout=true].
    2) if the user account has not been synced to CUA then you should be able to delete it in child system. The button should be displayed for unsynced users. You can use transaction SCUG to sync users between new child system and CUA. Check section "Transfering Users from New System" in [CUA cookbook|http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/fe4f76cc-0601-0010-55a3-c4a1ab8397b1?quicklink=index&overridelayout=true].
    Cheers

  • We have SAP CUA on Solution manager 4.0

    Hi,
    We have SAP CUA on solution manager 4.0,SAP BASIS component 700. Do you know what is the latest Support pack and version for solution manager and what is netweaver identity management.Which one is better for CUA environment
    Thanks and Regards
    Yakoob.

    Hi,
    Netweaver Identity Management (IdM) should replace SAP Central user administration (CUA) somewhere in the future. As far as I know SAP still supports CUA but doesn't develop further enhancements for it, because they see IDM as the new product. So when you still want to work with CUA then you can create a new one on your new SolMan and you have to move the administration to this one.
    Regards, Basti

  • OIM - SAP CUA Connector - Unlocking Accounts

    Hello All
    We are implementing the Oracle Identity Manager connector for SAP CUA, and have the following concern:
    If a user is locked manually by the SAP Security Administrator in a target SAP System (Prod for example), what is to prevent the End User from logging into OIM Self Service and unlocking themselves?
    The OIM Connector Doc seems to state that the target system is unlocked regardless of locked state (meaning it sends an unlock request regardless of whether the user is locked or not).
    How does this take Maintenance/Downtimes into consideration (where no business/end users should be in the system)?  What about fraudulent or suspicious accounts (where the Security team has frozen/locked someone's account to prevent further activity)?
    My thinking is that if an SAP Security Admin has locked an account, OIM should not unlock the account.  The only unlocks which should take place are for Incorrect Passwords?
    Just wondering if anyone has experience with OIM connecting to SAP CUA

    >
    Nigel Wyman wrote:
    > My thinking is that if an SAP Security Admin has locked an account, OIM should not unlock the account.  The only unlocks which should take place are for Incorrect Passwords?
    >
    > Just wondering if anyone has experience with OIM connecting to SAP CUA
    Not worked with OIM, but worked with SAP IDM/GRC:
    But I was asking why you would use CUA once you will have OIM working ?
    1.you should have only  a single point of user administration, why dont you lock the user  from OIM instead of logging into CUA.
    2.In our  present project , DEV and QA we are using ACCESS enforcer for all user administration purposes with approval workflows, it works very well. security should not login to the systems without approval.

  • IDM-SAP CUA Integration

    I have been under the impression that instead of creating accounts on each SAP child systems (SAP ECC, SAP Portal, SAP BI etc), we can create the accounts in SAP CUA using IdM and then provide information to SAP CUA such that it does further provisoining on SAP child systems
    Is this possible ?
         So, far I have not been able to create such account. I am successful in creating accounts in SAP CUA, however, no matter which attribute I use (cuasystems, activityGroups etc) to represent a list of SAP child systems to be passed to SAP CUA to create account, it does not work.
    I am definitely out of ideas and looking for some help.
    Thanks,
    Rajesh

    I think there is a setting on the SAP CUA system and the child systems that needs to be set correctly.
    We have an environment where we provision a user to CUA and assign the user roles (direct activity groups) that map to BI and ECC.
    CUA then uses those roles and the systems they map to in order to provision to those child systems.
    Check your SAP configuration, because this worked fine for us. One thing to note, is that changing an existing user's password in CUA will NOT replicate to child systems. So you may have to manage those child systems directly to change passwords.

  • Is it possible to authenticate the SAP GUI user against LDAP ( no SSO )

    Hi
    I was under the impression that you can user LDAP to authenticate your SAP GUI user . ( so users do not have to maintain and remember multiple passwords )..
    However - note #603208  claims that this is not possible.
    This is quite an old note , is this still true ?
    note #793191 ( FAQ ) says :
    9. Can I synchronize user passwords?
    Response: No.
    The password cannot be synchronized. For more information, see Note 603208.
    and note #603208 says :
    A comparison of the production password with a directory is not possible.
    The following reasons are responsible for this:
    The password is not stored in the plain text or in in "enciphered" form, neither in SAP Web Application Server nor in the directory, rather is is stored as a "hash value" that is calculated from the password that is entered. The function used for this is especially designed so that the password CANNOT be reconstructed from the hash value.
    For technical reasons, the user master synchronization cannot therefore extract the plain text of the password and send this to another system.
    The user's password has a size that is known only to the user. Even the system administrator and database administrator cannot obtain any information about the password.
    A comparison in plain text form would violate this basic rule. For this reason, the use of a hash value is a generally applied standard.
    Often the adjustment of passwords in several systems is equated with the term "Single Sign-On".
    However, this term must only be applied if the user logs on once and this logon information is transferred within the system infrastructure.
    The SAP Web Application Server supports real Single Sign-Ons (note 138498).

    Please do not duplicate post!
    See the other thread...

  • SAP IDM Integration with LDAP VS Rest.

    Hi,
    I'm looking for an best approach through I can integrate my custom application with SAP IDM 7.2. I have read couple of article and found IDM is based on VDS and allow LDAP as well as Restful web services.
    Would like to know the best approach.
    Here what I want to achieve:
    1. Dynamic Schema detection for User, Role and Employee
    2. Get all User List and there corresponding Role.
    3. Password Reset/Set/Change
    Thanks
    Shital

    Hi Nits,
    This guide presents the official SAP Connectors for IdM. SAP and 3rd-party.
    It seems that are no official connector for ADOBE CQ and HYBRIS.
    But you can build you own connector. (JDBC, WebServices, LDAP)
    Using the same concept as the SAP Standard connectors, Folders (Aplication Actions, Plugins) HOOK Tasks.
    It will depended in what integration layer this solutions offer.

  • Corporate LDAP vs. Call Manager LDAP

    Hello
    I've been trying to get to a conclusion about this.
    My company uses the Call Manager LDAP directory, but now we will upgrade the Call Managers (from 3.3 to version 4.1).
    What benefits do we have if we use the Call Manager with the corporate directory (Active Directory) instead of the built-in?

    Take a look at the following post.
    http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Unified%20Communications%20and%20Video&topic=IP%20Telephony&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.1ddc519e
    Hope this helps. If so, please rate the post.
    Brandon

Maybe you are looking for