User base Synchronization between SAP and MS Active Directory Server
Dear all!
I'm using Web AS 6.20 ABAP and MS Active Directory Server based on Win 2003 Server.
i successfully implemented the synchronization of user data between SAP and the ADS.
My question: Is there a way to customize the users on Active Directory Server in regard to their SAP authorization (roles auth. objects etc.)?
Currently I don't have a clue how to do this.
Regards,
Christoph
Have you searched on SDN for "Active Directory"? That turns up a number of results. I think your expectation might be backwards though, it's not how ADS exposes SAP specific data but how SAP uses ADS to store SAP specific data. My understanding (from quite some time ago so I am fuzzy on this) is that SAP can use ADS in much the same way it can use LDAP as an external user store.
The Security Newsletter from November 04 [https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/documents/a1-8-4/sap security newsletter november 2004.pdf] mentions that a webinar is hosted on SDN about this exact topic, unfortunately I was unable to find a direct link.
Regards,
Marc g
Similar Messages
-
Synchronization between AD and Sun Java Directory Server
I would like to build an environment as below, kindly let me know whether it is possible or not.
My Enterprise Directory is Active Directory and i have Policy Server which directs the sso users to get authenticated with that server. I would like to synchronize the user data from Active Directory to Sun Java Directory Server (existing version is 5.2 Service Pack 4) including the passwords and i would like to know with which hashing algorithm these passwords are stored in the sun directory server. Because i want to synchronize the same attributes from sun java directory server to Oracle Internet Directory and is it possible to get my sso users to get authenticated at OID even?
Kindly let me know whether this approach is feasible or not?
Any suggestion to this approach is greatly appreciated...
Thanks in advance...
Regards,
Kishore Repakula.i would like to know with which hashing algorithm these
passwords are stored in the sun directory server.Like most other directory servers, SunDS offers a few choices here.
The most secure is SSHA, which you'd probably want to use unless you have apps with dependencies on other hashes (e.g., CRYPT for backward compatibility with UNIX password field).
I would like to synchronize the user data from Active Directory
to Sun Java Directory Server (existing version is 5.2
Service Pack 4) including the passwords...Sun has a "Identity Synchronization for Windows" product which might work for you.
http://www.sun.com/software/products/directory_srvr_ee/identity_synch/
Unfortunately, the big trick with AD passwords is that they are stored in a proprietary one-way hash, so you can't just sync them directly over to another directory. Likewise, you can't import password hashes from other sources into AD and expect them to work. -
SAP and MS Active Directory 2008
hi all,
i want to set up a connection between our MS Active Directory 2008 and the SAP user maintenance.
what i've already done:
1. setup a RFC connection with the name LDAP_{Hostname of AD}
2. setup a ldap system user with auth. mechanism "simple bind" and credential storage "simple memory"
3. setup a LDAP connector
4. setup the LDAP server with port no. 389, product name = ms ad 2003 domain mode, protocol version = ldap version 3, ldap application = user, default = true, base entry = {highest level}, system logon = {the ldap system user}
5. done the ldap server mapping. you can see it in the screenshot here: http://imageshack.us/photo/my-images/444/mappingoverview20111017.jpg
when i now try to log in to the LDAP server, everything works fine and i get a green light.
now when i try to search something over the "find in directory" application i get an error message like that:
Operation failed
Message no. LDAPRC001
Diagnosis
This is an error message that is triggered by the directory server.
It is not possible to analyze the error in the SAP system.
Procedure
Check the log files for the directory server (if they exist), to see if they contain more information.
i get the same error message when i try the report RSLDAPSYNC_USER.
can anybody help me please?
best regards & TIA
strobbelHi...
Red light Operation failed (Message no. LDAPRC001) - This says Opeartion failed due to fail in search
Red light LDAP_SEARCH failed (Message no. LDAPACCESS101) - This says LDAP Search Failed due to Insufficient Privileges to connect from AD to SAP.
So try these ...
. While logging to the directory server did u check the option "USE SYSTEM USER" ?
. And while searching the Seacrh parameters should be as below,
Base Entry : OU=Users,OU=BDN,DC=bdn,DC=xyz
Filter : (&(objectclass=*))
. Also check for the user's privileges which is trying to connect to SAP. -
Synchronization between SAP and Legacy system for Equipment Master
Hello Experts
We are moving Equipment master from our legacy system to SAP system using LSMW direct input. After moving the data into SAP, legacy system will be there for a while like 6 month or a Year. So we need to setup a process which can sync Equipment data back into SAP for this period on daily basis. What would be the best method for doing this synch on daily basis??
Please suggest.
Thanks in advance
-HarkamalOne method is to create a report which will select all the new entries created and create a file with the decided fields and send it to the legacy application.You can schedule this report to run every day or based on the freequency both parties agree.In the program store the last run date of the program in TVARVC table and pick up the equipment master records created after the last run date,
so that the program sends only new records every timr.
If you have XI/PI in your landscape , depending on the capabilities of this legacy system you can change this file into inserting the data into a JDBC table , web service etc
Mathews -
OID and MS Active Directory LDAP information Synchronization
Do you know have to do the integration between OID and MS active Directory? How to synchronize the LDAP information between two?
Hi, I have the same question.
Thanks,
Malin -
Password synchronization between OID and AD - 10.1.2
Hi,
I've some questions about the following issue:
I've tried to setup the password synchronization between OID 10.1.2 and active directory, with the intent of exporting ldap users from OID to AD..
Well, the bootstrap gone fine, but when I tried to activate the export of password in the activexp.map configuration file,
I've obtained this:
*Writer Thread - 0 - [LDAP: error code 53 - 0000001F: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM), data 0*
for each entry I tried to export...
I've opened a SR on metalink and I've received the following answer:
_" As shown by the synchronization profile, currently you have a mapping for the password from OID to AD._
_userpassword: : :person:unicodepwd: :person:_
_According to the documentation, password synchronization requires the directories to be configured for SSL mode:_
_http://download-uk.oracle.com/docs/cd/B14099_12/idmanage.1012/b14085/odip_actdir003.htm#CHDEFIED_
_18.3.2.8 Synchronizing Passwords_
_You can synchronize Oracle Internet Directory passwords with Active Directory._
_You can also make passwords stored in Microsoft Active Directory available in Oracle Internet Directory._
_Password synchronization is possible only when the directories run in SSL mode 2, that is, server-only authentication."_
The SSL setup is the only way to achieve this, or there's another alternative?
ThanksYes. It needs to be in SSL.
http://download-uk.oracle.com/docs/cd/B14099_12/idmanage.1012/b14085/odip_actdir003.htm#CHDCJHHB
Some excerpts:
Active Directory Connector uses SSL to secure the synchronization process. Whether or not you synchronize in the SSL mode depends on your deployment requirements. For example, synchronizing public data does not require SSL, but synchronizing sensitive information such as passwords does. To synchronize password changes between Oracle Internet Directory and Microsoft Active Directory, you must use SSL mode with server-only authentication, that is, SSL Mode 2.
-shetty2k -
Can you recommend the best way to do an integration between SAP and Dynamics?
Hi,
I have a requirement to develop a integration process between SAP and Dynamics. Both environments will be deployed in Azure, so there isn't any on-premise machine involved.
I've to implement two different business processes:
A request is received from SAP and some data is sent to Dynamics
A request is received from Dynamics and some data is stored in SAP
My client is requiring me to define a cloud integration architecture that fits to the requirements.
Doing some research, I have thought three possible architecture models.
Use BizTalk Server as IAAS: the provision a full BizTalk virtual machine will fit each requirement. The bad thing is that it will have a big cost for the client.
Use BizTalk Server as PAAS using BAS: other alternative the using BizTalk Services instead of a BizTalk VM. My idea with this model is using BAS to connect with the SAP and use WCF to connect with Dynamics web services. Can you tell me
if this model is feasible? Should be the SAP machine a Windows machine in order to install BAS?
Use BizTalk Server as PAAS using SB Queues: other alternative the using BizTalk Services instead of a BizTalk VM. My idea with this model is using
SB Queues to connect with the SAP and use WCF or other SB Queues to connect with Dynamics. Can you tell me if this model is feasible? Is required a intensve development in both SAP and Dynamics processes to implement the
communication using SB-Queues?
Please, if you have other architecture models that fit better to my requirements, I'd be so grateful for this information.
Many thanks for your help.
Best regards.I have a Mini and since it has BlueTooth, got Creative Labs' T3150 BlueTooth speakers so I can "send" music across the house to them. The iPod Touch has BlueTooth, and would work for this kind of setup, I think.
-
Synchronization between B1 and third party software
Hi Experts,
Is it possible to synchronize between SAP B1 8.8 and Third party software.Here the third party software comes as 'LIBSYS' which is used for Library purpose.so we need to synchronise some data between B1 and Libsys.So if i have to install any software for synchronisation,please suggest me a best
With Regards,
Kambadasan.vHi Kambadasan,
It is extremely difficult or impossible to do exact synchronization with any two independent systems. I believe that library system has too many unique process that is not covered by B1.
Thanks,
Gordon -
Material replication between SAP and SRM
Howdy friends.
Is there any way to stop having to manually activate the material replication queue between SAP and SRM each time please?
Our admin team go to transaction SMQ2 each day and for 2-3 years have been manually activating each queue manually and doing this several times per queue as the entries do not reach zero. Surely, it is possible to set this up to be automatic as a job?
Ciao,
MikeHello,
I could not find the SDN Weblog but here a link to an article that migh help you....[url]http://searchsap.techtarget.com/tip/0,289483,sid21_gci1245134_mem1,00.html[url]
That should help you check your settings, et al and resolve your issue.
Regards, Dean. -
Communication between SAP and 3rd Party Systems using IDOC HTTP XML Interfa
Hi
i am try do
Communication between SAP and 3rd Party Systems using IDOC HTTP XML Interface
With The help of SDN Contribution
link----
( have look on it)
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/4943f2b7-0a01-0010-37af-faff35b2f08c
I am getting error in
Partner system as HTTPLOG and "Execute" to check the results
Error is -- Port could not be created
RFC destination HTTPLOG Not specified for system HTTPLOG
any 1 have any idea if plzzzzzzzz...........
Thank u
RamHello .
we are also in process of implementing the same
could you share the knowledge pl?
1)is it a separate add on with ALE to saphr
or using ECC ??
2)can u share the configuration part ??
we are trying it on webas as addon 3.0 . -
Integration of sap R/3 (4.7) and Microsoft active directory (2003)
Hi All,
I would like to know integration of sap R/3 (4.7) and Microsoft active directory (2003) and also SAP EP and Microsoft active directory. I have been working as a ep consultant with a local bank. I am new for this integration work, So please kindly provide me the steps for integrating these both directories.
Pls help me with this issue.
Thanks in advance,
Regards,
Raghav.Hi,
First You should read:
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/bc72b890-0201-0010-3a8d-e31e3e266893
Regards,
Jarek -
Idoc "missing" between SAP and PI
Hi!
We have an issue with Idocs that are "missing" between SAP and PI. First 5 idocs were processed ok, then 3 went into yellow status. We have set up queue processing on this particular idoc type as there can be posted 2 at the same time. The problem started when 2 idocs were processed at the same time
What have been done
- SMQ1/2 in SAP system does not show any trace of these messages
- SMQ1/2 in PI system does not show any trace of the messages
- Message monitoring in PI does not show any trace of the messages
- SM58 in SAP system is empty
- SM58 in PI system is empty
What checks remain to find out where these Idocs are stuck?
Thanks!
regards OleHi Ole,
Refer This link for IDOC Monitoring.
http://help.sap.com/saphelp_nw70/helpdata/en/6a/e6194119d8f323e10000000a155106/content.htm
In this it is mentioned like
Main Tools
XI Runtime Workbench
Transactions:
u25CF IDX1
u25CF IDX5
u25CF SXMB_MONI
u25CF SM58
u25CF SM21
using these we can monitor..
Thanks. -
SCCM report to show last logged on user and the Active Directory department attribute of that user.
I need to create an SCCM report to show last logged on user on all machines and the Active Directory department attribute of that last logged on user.
You problem is here.
right
join v_R_User USR on USR.ResourceID
= CS.ResourceID
USR.ResourceID != CS.ResourceID, you need to map the username to the user logon to the PC. By using the user’s department information you will
end up with unreliable results.
Anyways you need to make these changes to your query.
left
join v_R_User USR on USR.Unique_User_Name0
= CS.UserName0
http://www.enhansoft.com/ -
Comunication between SAP and SWIFTNET
Hi,
I need to implement an communication architecture between SAP and swiftnet. I have some doubts about this integration:
It is possible to implement the SAP Integration Package for SWIFT without BCM?
The process thought is generate SWIFT files in SAP and put these files in a folder. SAP PI will pick these files and send to an swiftnet shared folder. Did someone has implemented something similar without the SAP Integration Package for SWIFT?
There is some standard module in PI to encrypt files?
The txt SWIFT files has to be generated in xml files to SWIFTNET process them?
Did someone has implemented some similar process using proxies?
Thanks in advance,
RegardsHi Ricardo
Yes; there is no need to install SIPS with BCM - there are v arious implementation scenarios with SAP and SWIFTNet connectivity.
The advantage of BCM is, that the transaction / payments will only be booked in Fi-Co if they were apprvoved and released within BCM.
Remark: SIPS is licensed trough / included in BCM license.
SIPS is mainly used to implement SAP LAU based on HMAC-SHA 256 with an XML V. 2 companion file.
However as mentioned earlier, there are various SAP - SWIFTNet integration scenarios - from a straight forward Fi-Co integration till a fully featured / state of the are SAP blueprint with BCM/PI and SIPS.
Best regards
Christoph -
About integration between SAP and non-SAP applications via javaidoc classes
Hi,All
Now we are implementing a SAP-Retail project,we encounter a problem of integration between SAP and non-SAP applications(POS),we want to set Inbound/Outbound between SAP and POS applications realtimely,POS can connect to the SAP system via VPN,weather it can be implemented?
I conceive to implement it with SAP Java Connector IDoc Class,I don't know weather it is the best solution?If not,please give some other proposal.
I have download the classes from SAP website and try it with the samples provided by SAP(JCoIDocSample1.java/JCoIDocSample3.java),In my testing,Inbound is succeed,but,in SAP-Retail IS,standard Outbound message type is defined via file port,some one told me that SAP Java Connector IDoc Class can only receive idocs from tRFC port?is it true?If not,please tell me how to deploy in SAP so java program can receive idocs from file port?We too are interested in finding information on integration between SAP and Intergraph. Were you able to obtain information and I was wondering if could share this with us.
Thanks,
Sue
City of Edmonton
Maybe you are looking for
-
Hello! I would like to upgrade my after effect monthly plan to creative cloud. How do i go about?
Hello! I would like to upgrade my after effect monthly plan to creative cloud. How do i go about?
-
Can I setup new iPad for someone else from my computer without it messing up my iTunes account?
Would like to know if anyone has done this with success. My mom wants to mail me her new iPad so I can set it up for her. Please advise and thank you.
-
mon mac met plus de 2 min à démarrer depuis l'installation de os x yosemite. J'ai un écran gris avec la pomme et dessous une bande d'avancement de l'ouverture. Je n'avais pas ça avant. Quelqu'un peut il m'aider à trouver une solution svp? l'avantage
-
Exception message 20 and reorderpoint
After searching for information on why SAP gives message 20 if the net requirement is above the reorderpoint i never to the needed information. Yes i am able to see that if reorderpoint is 100 and due to a lot size of 50 pc then naturally we will be
-
XML Gateway Seeded Function/Map for PO Creation
Hi. I am trying to determine if existing EBS XML Gateway functions/maps exist for inserting, changing and cancelling POs into EBS. If not, I would assume then that I could build these XML Gateway components myself. Thanks.