SAP - LDAP synchronization doubt

I have setup SAP - LDAP synchronization on WebAS 6.20 with Active Directory on W2k3. The mappings are default what SAP suggested me along with its standard schema extensions. When I run the RSLDAPSYNC_USERS, I m faced with 2 problems here,
1) I have selected When users exists both in AD and DB it should compare the timestamp and update the values accordingly.  If user doesn't exist in Active Directory then Create it .
For this I created a user JLIN ( Jason Lin )in both active directory (created manually from AD - MMC ) and SAP using SU01.
On sync it throws error :
Type
Message text
Connection created to server MSAD
Number of Objects in Directory 0
Number of Objects in Database 1
Objects that Exist Both in the Directory and in the Database: 0
Successfully Bidirectionally Updated: 0
Updated Successfully in Database: 0
Successfully Updated in Directory: 0
Cannot Update: 0
No Synchronization Necessary: 0
Objects that Only Exist in the Directory: 0
Ignored: 0
Objects that Only Exist in the Database: 1
<b>|    |Entry already exists                                           |
LDAP_CREATE failed
Error while writing object JLIN to the directory  </b>
Successfully Created in Directory: 0
Cannot Create in Directory: 1
Total Time Required: 00:00:00
Connection to server MSAD terminated
This means that it is not able to recognize the user JLin in Active Directory as the same user as JLin in SAP. Any idea what could I be doing wrong ? When the user is created in by SAP into AD ( i.e. if jlin did not exists ) the sync etc happens perfectly well . Any pointers on this ?
2 ) On the other hand, we have 2 sets of users to be synchronized, one in active directory and the other in SAP. Since these systems are governed by different sets of userid policies the userid for a user in Active directory may not be same as that of SAP. So we need to map these userids for synchronization.  is there a way to specify in SAP / Active directory which Active Directory / SAP user they map to ?
What we want to achieve is When a user is deleted / disabled from active directory he should be deleted / disable in SAP too.
Message was edited by: Harsh Busa

Figured out that SAP uses sapUsername attribute in Active directory user object
Harsh

Similar Messages

  • SAP LDAP Connector / UME LDAP and Global Site Selector (GSS)

    Hi,
    I'm wondering if SAP LDAP Connector / UME LDAP will work with Global Site Selector service, such as  CISCO GSS 4400 Series, so that GSS can provide load-balancing for LDAP access.
    If it works, is there a specific configuration on the SAP side?
    Thanks in advance.
    -denny-

    Hey Denny,
      Wondering if you ever sorted this out. I'm trying the same thing right now and UME is failing (and portal won't start) when I use the FQDN of the GSS. Behavior is strikingly similar to using the FQDN of the Active Directory domain. The only way I found to use AD as an LDAP source is to list individual DCs in the UME config. I'm hoping to use GSS instead.
    -Kevin

  • Can sap LDAP read and sync this group

    Hello
    I configure LDAP in my sap abap system and its run ok on ou.
    But in my company I have lots of users and not all need sap, and the users are in some ouu2019s .
    I create group in AD that called SAP_USERS and I add same users to this group.
    Can sap LDAP read and sync this group?
    Thanks
    Nir

    Hello,
    have you find a solution for your problem?
    Could you share the solution with us?
    Thank you and Regards
    Matteo

  • SAP calendar synchronization tool

    Hi,
    Im looking for SAP calendar synchronization tool but i cannot find it. Someone have a suggestion?? Please reply to <removed by SDN Forum Moderator>
    Thanks and regards
    Fabrizio Gotta

    Hello Fabrizio,
    to install the SAP CRM Groupware Connector you need two components.
    1. SAP Mapbox which is avaliable on the DVD 51032269 - BS 2005 SR2 Java Components. But I think that you also get the newer "MAPBOX Support Package 12 for CRM 4.0 640" version form http://service.sap.com/patches.
    2. Get the latest Version which is currently "Support Package 12 for SAP GROUPWARE CONNECTOR 4.0 " directly from http://service.sap.com/patches. Here you can use the search for "groupware".
    Please check all the notes avaliable in the Component CRM-MW-GWI. There's are Groupware Integration Guide at http://service.sap.com/crm-inst.
    Regards
    Gregor

  • SAP Ldap - AD application mode

    Hello List
    I have setup SAP LDAP sync with AD in domain mode and works pretty well but the AD team is a little reluctant to extend the schema of the User objects and worried about the traffic in network sync.
    So we have setup an Active Directory server in application mode which is a replica of the entire AD in another server.
    The way authentication seems to work is the user authenticates to the actual domain and can get access to ADAM .
    I m not able to understand how to set it up in LDAP sync server information.
    Has anyone tried this earlier ?
    Thanks in Advance

    I have found a way to make this work by simply adding a user in ADAM to the member attribute of the Administrators role. Connection works fine now.
    However, when I attempted to create a new user with an accountid of ubxxi and assigning him an ADAM resource it gives me an error of the following:
    com.waveset.util.WavesetException: Error trying to lookup LDAP object 'ubxxi' javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C090604, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece]
    com.waveset.util.WavesetException: An error occurred adding user 'ubxxi' to resource 'ADAM'. javax.naming.InvalidNameException: Invalid name: ubxxi
    Any ideas? I'm not an LDAP guru so I assume that this is an ldap related issue.
    Birkoff77

  • Configure SAP LDAP mapping for MS-ASD

    Hello,
    I 'm configuring an LDAP connector from my MS-AD to my SAP-4.7 ABAP system so the user account from the MS environment gets synchronized with my SAP system.
    I have configured the connection and created some mapping already but I have still some questions about the settings:
    1. With the report I'm able to synchronize an MS_AD account with my SAP environment. For the first test I only add one account name so all other existing accounts are not changed. When the MS-AD account not exists on SAP the account is created like the mapping. I have also the option in this report to delete the user account from the SAP system when the account doesn't exist any more in the MD-AD. How could I prevent that some special user accounts on the SAP system are note deleted even when they are not available in the MS-AD?
    2. With the mapping function MAP_SPLIT_CHAR  a variable by a certain character into two ore more SAP fields like telephone number and telephone extension. Is it possible to split the content of a variable by a fixed amount of characters?
    For example the user location is written like ABC.XZZ
    ABC is the building number and X is the floor number and ZZ is the chamber.
    3. With the mapping function MAP_conc_CHAR I'm able to combine to MS-AD fields into one SAP filed. Is it possible to combine a constant value with a field from MS-AD?
    4. I'm able to insert multiple parameters or user roles by using the function MAP_CONSTANT. I add one attribute and the constant values as parameters. For a couple of parameters I have to insert a MS-AD field. How could I combine inserting constant parameters with some MS-AD fileds
    Example
    The Parameters CAC and BUK are fixed to the company code. But the parameter PER must be set to the employee number. This value I get from the MS-AD .
    5. For the Employee mapping to SAP-HR I have also to configure the Stucture and fields. Does any one have an overview of structure names and field names from the employee structure? It couldn't be asked with the F4 option which could be user with the user mapping.
    Manny thanks in advanced for the answers.
    Kind regards,
    Richard Meijn

    Hi,
    1.
    create a user group for the special users and another user group for "real" users. Restrict the synchronization report to the second user group.
    2.
    You can write your own mapping functions. You will need a developer key in your system and some ABAP knowledge. Create your functions with SE80 or SE37. It is easy to create a function
    3.
    The same: create your own mapping function.
    4.
    It might be possible to fill the different parameters from different AD values depending on the parameter name. Use the ABAP statement "CASE". But there is no such function. You have to write it by yourself.
    But think about what you really want to do. Do you want to invent an Identity Management? There are already a lot of tools. The SAP answer "SAP Netweaver Identity Management" was already mentioned.
    Regards
    Rainer

  • Sap fico payment doubts?

    Dear Sap gurus,
    i have doubt ,company abc in india, currency inr,vendor in america currency usd,and vendor bank account in singapore currency sinpore currency.now  i want make payment to that  vendor through app .how can i make this payment and also what are  required configuration   for this execution .Please say as early as possible  freinds?
    Regards
    venkat

    Hello Dogboy 49,
    Thanks for your last answer.
    Now I´m facing a problem... I´m trying to install SAP SCM 7.0 EHP3 to do this I downloaded the Software Provision Manager 1.0 (SWPM) the latest version the SP05 and as it mentioned in installation guide and also in sap note 1680045 - Release Note for Software Provisioning Manager 1.0 SP05 I downloaded the 70SWPM*.SAR file. When I started the SWPM I don´t see in there any installation option specific to install the SAP SCM 7.0 EHP3, I don´t know where is it! I only see in there the installation option for SAP SCM 7.0 EHP2 and EHP1 as you can see in the following image:
    Can you tell me where is the installation option for SAP SCM 7.0 EHP3? Can you help me please?
    Thank you,
    samid raif

  • LDAP synchronization with third party directory server

    Hi,
    In release 2 I have created a java program, that synchronizes a MS Active Directory (and other LDAP compliant directorys) and the OID, with the purpose to maintain Portal users and groups automatically.
    Often the tree structure in the third party DS is structured in an organizational manner (company, divisions, departments and users).
    Is it possible to "copy" this structure into the OID so the users will be able to log on to the Portal application or is it necessary to create Portal users in the "cn=users" that was created during installation of the infrastructure database.
    Any help will be appreciated, thanks
    Steffen Vogdrup

    You can configure the location of users in OID by modifying the value of the orclcommonusersearchbase attribute in cn=Common,cn=Products,cn=OracleContext,<subscriber_dn> to point to the highest node of the user subtree. However, there are three seeded users PUBLIC, PORTAL and PORTAL_ADMIN. These users will need to be moved directly under the new user search base. Any groups that contain references to these users in owner or uniquemember attributes will also have to be updated to reflect the correct DNs. After you have gone through these steps, you will need to run ssoca to reconfigure the SSO server and then run ptlasst in the MIDTIER mode to rewire Portal with the OID server.

  • Synch'ing SAP - LDAP ( WAS6.10)

    Hi,
    I have used the fantastic functionality available from WAS6.10 to synchronise SAP backend systems with an LDAP..
    BUT, I'm trying to synchronise the security access a user has in a 4.6c SAP system to Active Directory.  What options do I have here?  If possible, it would also be good to be able to synchronise other information from the HR master data.
    thx!
    -- Edit: I have looked at the SLDAP function group and there are quite a few function modules that seem to interface an LDAP.  Does anyone have any experience with implementing a synch using these function modules?

    Doug Reeder wrote:
    > I've installed Eclipse 3.4.1 on OS X 10.5.7 (same problem under 10.5.6)
    > with the Web Standard Stools (1.4.0, 1.5.1 and 3.0.2)
    >
    > My problem is, in the Script Explorer, NEITHER feedsearch.js NOR
    > protoype.js IS DISPLAYED, SO I CAN'T OPEN feedsearch.js TO EDIT IT.
    > Other JavaScript files in that directory are displayed just fine in the
    > ScriptExplorer.
    The Script Explorer is only part of WTP 3.0, so I'm not sure where
    the other versions come into it. The first thing you should do is
    update to Ganymede SR2/WTP 3.0.4, because I'm unable to cause the
    same thing to happen with it with the default view Filter settings.
    Nitin Dahyabhai
    Eclipse WTP Source Editing
    IBM Rational

  • SAP LDAP connection

    Dear all,
    One of our outsource Basis consultant recommends to configure the As ABAP system to LDAP directory.
    When we configured LDAP, could we maintain the users in the transaction SU01? or SAP trusts the LDAP user management therefore the user cannot be maintained anymore in SU01?

    << Do not post the same question across a number of forums >>

  • New to SAP...Doubts regarding ALE.

    Hi all,
    I am new to SAP.
    Can any one please explain me the following.!
    What is the difference between EDI and ALE?
    What is Logical system, Port, RFC destination, Customer Distribution Model, Partner Profile, Message type, Message control and if any of the important terminology that I have missed in the ALE concept?
    Please help to explain me clearly in detail as I have no knowledge reg these and tried searching for info in various links, but still found difficult to understand?
    Many thanks in advance....
    Regards
    Nani Ancha

    ALE/EDI
    Purpose
    Electronic Data Interchange (EDI) and Application Link Enabling (ALE) are used for exchanging business data between different systems.
    For both these forms of communication, you require the IDoc Interface. The IDoc interface is made up of the definition of a data structure and the processing logic of this data structure. The data structure is the IDoc. The IDoc is the general exchange format of the communicating systems. IDocs can be sent using different methods (for example, Structure linkRFC or as a file).
    Application Link Enabling (ALE)
    You distribute data using ALE if you want to communicate from one system to one or more other (mostly internal) systems. ALE transfers data in IDoc format and uses the methods of tRFC for data transfer.
    ·       ALE enables the integration of business processes across several SAP or non-SAP systems.
    Electronic Data Interchange (EDI)
    You use EDI if you want to exchange business application documents with an (external) partner system (for example, a customer or vendor). The SAP system sends EDI messages in IDoc format to an EDI subsystem, where they are converted to a universal EDI standard (UN/EDIFACT or ANSI/X12). This enables communication with non-SAP systems.
    ·       By definition, two partners are involved in the process in an EDI application scenario: The sender and the recipient of an EDI message.

  • SAP Business module doubt

    Dear All,
    I heard that MsSAP is a business suit of SAP AG. It has 5 enterprise applications
    1. ERP
    2. CRM
    3. SCM
    4. SRM
    5. PLM
    I think HR and FICO comes under ERP.
    Then what about other modules? Like MM, SD, PP, PS ETC
    And BI/BW, BASIS, ABAP...
    I'm totally confused, please trow some lights on the main product (business suit) name of SAP and the branches and sub branches...
    Regards
    ET
    Moderator: Please, read help.sap.com

    hi,
    actually SAP has main 5 products that you have mentioned.like scm,crm etc.. and SAP BI,SAP BW are the business solutions of SAP
    .SD,MM,FICO,ABAP,HR,PP,PS comes under the SAP modules.ABAP is a programming language.
    Rgeards
    Niladri

  • Synchronization Doubt

    public class SimpleThread extends Thread {
        public SimpleThread(String str) {
            super(str);
        public void run() {
             synchronized (this) {
                 for (int i = 0; i < 10; i++) {
                     System.out.println(i + " " + getName());
                     try {
                         sleep((int)(Math.random() * 1000));
                     } catch (InterruptedException e) {}
                 System.out.println("DONE! " + getName());
        public static void main (String[] args) {
            new SimpleThread("Jamaica").start();
            new SimpleThread("Fiji").start();
    } Though I synchronize the run method using a synchrnized blok output is jumbled up. I was expecting
    All Jamaica's followd by all Fiji's but this does not happen

    You have synchronized on a variable that is local to each object. You need a common lock
    public class SimpleThread extends Thread {
        static Object sLock = new Object();
    >
    public SimpleThread(String str) {
    super(str);
    public void run() {
         synchronized (sLock) {
         for (int i = 0; i < 10; i++) {
    System.out.println(i + " " +
    + getName());
         try {
    sleep((int)(Math.random() * 1000));
    andom() * 1000));
         } catch (InterruptedException e) {}
         System.out.println("DONE! " + getName());
    public static void main (String[] args) {
    new SimpleThread("Jamaica").start();
    new SimpleThread("Fiji").start();
    >
    >
    Though I synchronize the run method using a
    synchrnized blok output is jumbled up. I was
    expecting
    All Jamaica's followd by all Fiji's but this does
    not happen
    Message was edited by:
    tjacobs01

  • SAP WebPage Composer Doubt

    Hi,
    Have created some webpages and added them as Iviews(com.sap.nw.wpc.runtime    in order to hide detailed navigation)
    However when i assign these through a role to a user no content is shown.no error message also.
    when i add super admin role to the same user the content is shown.
    Looks like a permission issue but not sure the exact reason.
    Since no error message is shown am assunig it is not a security zone issue.
    Please help.
    Thanks
    Rocky.
    P.S:will reward points for helpful answers.

    Hi...
    Hadn't given end user permission for the folder
    Portal content>Web Page Composer.
    It's working fine now.
    Rocky

  • Regarding SAP S&D Doubts

    Hi Everybody,
    Can you plese tell me where should post my quiries related sales and distributions.  Is there any special site for that?
    Waiting for reply,
    With Regards,
    Bhaskar

    Hi,
    There is no separate SD forum as yet..  You can try the SAP ERP Manufacturing - Production Planning (SAP PP) forum.
    Regards,
    Suresh Datti

Maybe you are looking for

  • How to find out the primary and failover DNS name

    Hi; This sounds very stupid, but could some one please tell me how to find out the name/dns name of the primary and failover server without using the CDS console. any help is appreciated

  • Using the result of a jms webservice

    When I have deployed my simple HelloWorld webservice, I obviously want to write a client. I chose to write a dynamic client, which works fine(almost!). Only one problem, in the programming guide that comes with weblogic they only mention how to call

  • "Statement not accessible" error in Implicit enhancement - SAPMF05A

    Hi,   I am trying to implement Implicit Enhancement in program SAPMF05A, in module transaktions_init. When I click on Edit -> Enhancement Option -> Show implicit enhancement, it displays implicit enhancement at end of module ( after ENDMODULE) statem

  • Request of app for nokia 5230

    can anyone tell me if there is an app for the nokia 5230 that lets you view the screen and operate it via PC. for example i like listening to the radio on loudspeaker but id rather listen it via the speakers on my computer.

  • Saving location?

    I'm using Maps 3.01. How do I save a location, either on line or off-line? It seems I have to open Landmarks and then open another interation of Maps in order to do something as simple as saving my current location (when online) or finding a location