Scribd
Upload
78 views

Sap Adi

Uploaded by

j4jewel
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF or read online on Scribd
78 views

Sap Adi

Uploaded by

j4jewel
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF or read online on Scribd
You are on page 1/ 18
Applies to: SAP Netweaver 7.0/7.1 Microsoft Active Directory 2003 Summary ‘The document describes the detailed steps of configuring the integration of SAP Netweaver User Management with LDAP (Microsoft Active Directory 2003 is used as LDAP). LDAP, being the integrated, provides a central user repository used to centrally maintain user data, thus avoiding the redundant, error prone maintenance of user information in several systems and reduced total cost to ownership. Here the LDAP directory acts as a leading system wherein the Users are imported to the SAP system when the user synchronization happens every time Author: Radha Sk Company: Team: Technical Validation SAP Labs India, Bangalore Created on: 1 July 2009 ‘SAP COMMUNITY NETWORK. SSDN -sch.sep com | BPX bpx-sap.com | BOC -boe sep.com © 2009 SAP AG 1 Integration of SAP Netweaver User Management with LDAP. Table of Contents Prerequisites. Configuring LDAP Connector. Defining System Users. 1. Access the LDAP Connector via Teode "LDAP" choose System Users. 2. Switch to change mode and choose New Entries. 3. Enter the required data and Save the entries. Refer the below screenshot... Defining Server Details. : ses Logging on to the Directory Service os enn Mapping 3 Mapping Using function modules8 Mapping Using function modules o ‘Synchronization of SAP User Administration with LDAP Directory. eauaecy LDAP Synchronization 9 Integration of Java User Management Engine with LDAP Configuring Java UME to use LDAP as a data source withthe User Management Console Procedure... Configuring Java UME to use LDAP as a data source wth the Config Tool.. Limitation of UME when AS ABAP is used as a data source.. Configuring Java UME to use LDAP as a data source with the Netwoaver Administrator Console (NWA) % ‘SAP Netweaver 7.1 Java system. Noanewane ore ProCeMUFE sernnnnnn rameatoat Related content... sos pene Disclaimer and Liability Notice....... reesei «on Error! Bookmark not defined. ‘SAP COMMUNITY NETWORK. SON sdn.sep.com | BPX--bpx-sap.com | BOC boc sap.com (© 2009 SAP AG 2 Prerequisites ‘The LDAP connector requires access to some specific library which is installed on the specific application server platform. The LDAP connector is called using ABAP functions and communicates with the directory services using Lightweight Directory Access Protocol. To check whether LDAP Connector is operable, that is checking the availabilty of LDAP Library on the application server. Run “idap_rfc” command in the kernel directory and check the version details. DAWINDOWS\system3z\cmd.en Bae oes MUNITY NETWORK SDN -sch.sep.com | BPX. px 80¢ - boc Integration of SAP Netweaver User Management with LDAP. Configuring LDAP Connector 4. Create and RFC of connector T-Type Note: It is recommended to use the following naming convention: LOAP_. If there are multiple LDAP connectors on one server then use: LDAP__ Example: LDAP_SERVER 01 2. Select Registered server program as activation type 3. Specify the Program ID same as the RFC destination. 4. Save your entries. Refer the below screenshot for LDAP connector details RFC Destination’ Connection Type __[T) i Description 1 [RFC for LDAP Description 2 O Start on Application Server @ Registered Server Program © Start on Explicit Host tart on Front-End Work Station ProgramiD LoaP “AFS* py © Default Gateway Value O Remote Execution Remote Shell Secure shell Default Gateway Value OSpecity Timeout 60 | Defined Value in Seconds GatewayHost __*°8* _ a sap.conp ‘SAP COMMUNITY NETWORK. SSDN -sch.sep com | BPX -bpx-sap.com | BOC -boc sep.com {© 2000 SAP AG 4 Integration of SAP Netweaver User Management with LDAP. Defining System Users ‘The communication user (Example: TestUser) has to be maintained in the LDAP server which used by the LDAP connector to bind to the LDAP Directory Server. 1. Access the LDAP Connector via Tcode “LDAP” choose System Users 2. Switch to change mode and choose New Entries 3. Enter the required data and Save the entries. Refer the below screenshot. Userid TESTUSER Distinguished Name _testuser Tonly read auth ‘Auth. mechanism [Simple Bind Credential storage Secure storage M.Credentials Defining Server Details Create a new logical LDAP Server. Here you have to maintain the connection details of the physical directory 1. On the initial screen of LDAP choose Server and switch to change mode. 2. Choose New Entries and Enter the required data and Save Entries Refer the below screen shot for Server Entry details Dialog Structure Sewername [ LosPserver ~~ Ginspeing Casynchronization ———E oa LDAPServer (wolf sap.corp yer Productname Microsoft Windows 2003 Actve Directory (Application Mode) a Protocol Version LDAP version 3 4 LDAP Appleation User a] F Detaut Base entry CNsUsers DC=prd-wofDC=sap,DC=corp system Logan TESTUSER ‘SAP COMMUNITY NETWORK. SDN -scn sep com | BPX. bx sap.com | BOC -bee sep com Integration of SAP Netweaver User Management with LDAP. Logging on to the Directory Service Now you must check the connection to the directory service by logging on to it 1, In the initial screen of the LDAP transaction, specify the LDAP server name and the LDAP. connector. 2. Press Logon Provide the System User or enter the directory service user and password. 4, Choose Execute. zw aan Connector (LDAP, LDAPSer Status cos ‘SAP COMMUNITY NETWORK. SSDN -sch.sep com | BPX bpx-sap.com | BOC -boe sep.com © 2009 SAP AG 6 Integration of SAP Netweaver User Management with LDAP. Mapping In transaction LDAPMAP specific SAP dala fields can be mapped to the desired directory attributes. SAP offers directory specific proposals for the mapping of the directory attributes to the SAP data fields. After importing the proposal the mapping details can be customized as desired. For each attribute there is the option to specify whether the customized mapping is only valid for import, export or for both ways of synchronization -envoRess Fest rvenNane peioi@to) ot ness instar sn oeeetol ot en0oRess Function site Spee Cot Tooress ‘ePaRTrENT ou oeioleto|-o_ sanoress emit . peoieto| or iy ‘ADDRESS |FAX_NUNBER facsisileTelephonetuaber (MMO O OC ‘00Ress FRETENS oe ‘ADADDRESS TELT_NUMER ‘telephoneNuaber IOMo|e|o} o 00Ress reuse ones IRI ME ortnnane Ineo) ot ‘avooress INITIALS snitiate IDeInIeIor ote ‘SAP COMMUNITY NETWORK. SDN -scn.sep com | BPX bpx-sap.com | BOC -boe sp.com {© 2000 SAP AG 7 Integration of SAP Netweaver User Management with LDAP. Mapping Using function modules {the desired mapping is not a simple 1:1 relationship, function modules can be used to enable a more complicated mapping procedure. A simple example is the telephone number. The telephone number of a user is stored in the directory attribute “telephone’ (in MS Active Directory). The extension is normally split by a hyphen In SAP the telephone number of a user is stored in two data fields ADDRESS-TEL1_NUMBR and ADDRESS-TEL1_EXT. ‘Therefore the function module MAP_SPLIT_CHAR can be used. ‘This module reads the value for the telephone number from the directory attribute telephone. The extension is split at the position where the system finds a hyphen ~ in the string and the two values are stored in the SAP date fields ADDRESSTEL1_NUMBR and ADDRESS.TEL1_EXT. Mapping Details Nurnoer a 'ADDRESS. TELs_NUmR ‘nooRESS reve felephoneNumber Function Mosule (rap_sPLCT cian [oo \j2ee\configtool\configtcol bat 2. Inthe configlool, choose UME LDAP. File Server [sie (mje) ale = BF custeraata SIE ota ispateher con 2 -B Cltal sever contguraton 3 instance_1097370, ‘SAP COMMUNITY NETWORK. SSDN -sch.sep com | BPX bpx-sap.com | BOC -boe sep.com {© 2000 SAP AG a Integration of SAP Netweaver User Management with LDAP. 3. Configure the LDAP Data Source as required and save your Instance-1097370, 4, Click on the Test connection button to establish @ connection with the LDAP directory with service user. Integration of SAP Netweaver User Management with LDAP. [user path: connection test successful [group path: connection test successful (O Mixed user group hierarchy — 5. Restart the AS Java Now you can see the usars in the User Management console in which the users are imported from the LDAP data source. ete Ett CSS ve io fe Sou an we a o Co are [ ‘be Se ume et we a te rs I “ow a cS tn ke Limitation of UME when AS ABAP is used as a data source In a ABAP+Java dual stack system, by default the system takes the User Management of an ABAP systom. In this case, it possible to configure LDAP as a data source in the Java UME. It is also not possible to create the users in the database of AS Java For more information refer to SAP Note 718383 Configuring Java UME to use LDAP as a data source with the Netweaver Admi (NWA) for SAP Netweaver 7.1 Java system. The above mentioned steps for configuring SAP Netweaver 7.0 java system to use LDAP as a data source are valid for the SAP Netweaver 7.1 system as well. The only difference is we can also configure the User Management with Netweaver Administrative console as well trator Console ‘SAP COMMUNITY NETWORK. SSDN -scn.sep com | BPX -bpx-sap.com | BOC boc sep.com {© 2000 SAP AG 5 Integration of SAP Netweaver User Management with LDAP. Procedure: Login to NWA with Admin rights. Under Related Tasks, choose Configuration, Fill in the required details of the LDAP server and Save your entries. Restart the AS Refer the below screenshot for the connection details: | weeome administrator Ienty Management [Batch inport || User Management Configurtion || User Management Consistency Check User Management Engine Configuration User Pat: (CNeUsers DCeprd.wat DC=sap OCecorp (Group Path: (CheLisers DC=pecsweall DC=sap DC=carp [Use SSL for LDAP Access Use Unique Attribute for UME Unique ID semneccouriname Choose Operation Management -> Users and Access -> Identity Management Connection poo! settings inal Size: 1 Macimun ile Size: 5 Maximum Size: 10 Maximum ile Tene: ‘300000 Connect Timeout: "25000 Monitoring ntervat: 0 Internal LDAP Cache Settings Cache Size: 1100 Cache Lifetine: 300 ‘Additional Settings [Record LDAP Access Reset Current Setings ‘SAP COMMUNITY NETWORK. SDN -sch.sep com | BPX bpx-sap.com | BOC -boc sep.com {© 2000 SAP AG Integration of SAP Netweaver User Management with LDAP. Related content ‘+ SAP Online Help htto/help.sap.com ‘+ hitpziservice.sap.com/security ->Security in Detail -> Identity Management -> Directory Services, ‘SAP COMMUNITY NETWORK. SSDN -scn.sep com | BPX -bpx-sap.com | BOC boc sep.com {© 2000 SAP AG Ww Integration of SAP Netweaver User Management with LDAP. Copyright ‘© Copyright 2009 SAP AG. Alrights reserved, "No pat ofthis publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained heren may be changed without prior notice ‘Som software products markotod by SAP AG and its distibutors contain propritary software componenis of othor software vandors "Microson, Windows, Exce1, Outlook, and PowerPoint are registered racemarks et Ralcrasont Corporation ot, 082, DE2 Universal Databese, System i, System 15, System p, System pS, System x, System z, System z10, System 29, 210,29, 'Sones, p8onies,xSanos, 2So1Ios, oSorvar, ZVI, 208, 1510S, $/360, OS/300, 08/400, ASI400, S/300 Parallel Entorpiso Soiver, PowerM, Power Aichilécure, POWERG*” POWERS, POWERS, POWERS, POWER, OpenPower, PowerPC, BalchPipes, BlaceCenier, System Storage, GPFS, HACMP, RETAIN, DB2 Connect, RACF, Redbooks, 05/2, Parallel Sysplex. KIVSIESA, AIK, Inteligont Miner, Websphere, Netty, Tvak and Intex are vadomarks or glsorod Wademarks of IM Corporation Linux is the registered trademark of Linus Torvalds inthe U.S. and ether counties. ‘Adobe, tho Adobe logo, Acrobat, PostScript, and Roador aro withor adomacks oF ropistered trademarks of Adobo Systoms Incorporated inthe Uniod States ancior other counts. rece is registred trademark of Oracie Corporation LUNIK, X/Open, OSF/, and Moti are registered trademarks of the Open Group, Cit, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFram, and MultiMin aro trademarks or rogstorodtradomarks of Cire Systems, Ine HTML, XML, XHTML and WSC aro trademarks or rogistored tradomarks of WSC, World Wido Web Consortium, Massachusotts Instule of Technology. va i a registered trademark of Sun Microsystems, Ine JavaScripts a roystored tradomark of Sun Microsystems, In, used under eons for tochnolagy invantod an implemented by Netscape. ‘SAP. R'3, SAP NetWeaver, Duet, PartnerEdge, ByDesign, SAP Business ByDesign, and other SAP products and services mentioned harein as woll as tha respocivo logos afo tradomarks or fonstoredtradomaxks of SAP AG in Gormany and other countres, ‘Business Objeots and he Business Objects logo, BusinessObjects, Crystal Reports, Crystal Decisions, Web Inieligence, Xcelsius, and ther Businass Objects products and servioes mentianed herein as well as thelr respective logos are trademarks of regisiored tradomarks of Businoss Objects SA. tho United Siats and n otnercountnes. Business Objocs is an SAP company. ‘Al oher product and service names mentioned aro the trademarks of the respective companies. Data contained in this document serves informational purposes only. National product specifications may vary ‘Those materials are suboct to change witnout notice. These malenas ae provided by SAP AG ane! ts aated Gompanies "SAP Group) fr informational purposes only, without representation or warranty of any king, and SAP Group shal not ba lable fr erro oF ‘omissions with respect tothe materials. The only warranties for SAP Group products and services ae those that are st forth inthe fxpress warranty stalements aocampanying such products and services, itary. Nathing herein should be eansiued 2s constituting an ‘tional waranty, SAP COMMUNITY NETWORK SDN sch.sep.com | BPX box sep.com | BOC -boe sap com

You might also like