Categories
- ABAP Development
- BASIS Security
- BASIS Administration
- BASIS Database
- BI - Business Intelligence
- CRM Customer Relationship
- EP Enterprise Portals
- FICO Financials
- HCM HR Human Capital
- JAVA Development
- Management Accounting
- Master Data Management
- MM Material Management
- PLM Customer Service
- PLM Data Management
- PLM Plant Management
- PLM Project Management
- PLM Quality Management
- PP Production Planning
- SAP Analytics
- SAP ERP Fundamentals
- SCM Discreet Mfg
- SCM Inventory Warehouse
- SCM Logistics Execution
- SCM Process Mfg
- SCM TM Transportation
- SD Sales and Distribution
- SMI Solution Manager
- SOA Service Architecture
- SRM Supplier Relationship
- XI PI Process Integration
Most Rated Articles
»
BASIS Administration
Rate Author : Current :
2.87 /5
Rate this Article : Current :
2.76 /5
Roadmap
The starting point for the following steps is that an SAP system based on an SAP Web AS and a directory server are to be connected to each other. The focus here is on the LDAP Connector, an operating system program shipped by SAP, and the associated Customizing settings.
All of the steps for connecting the SAP system and the directory server are explained in more detail in the following:
RFC Destination and LDAP Connector
Since SAP Basis 4.6, the LDAP Connector has been delivered with every SAP system. If you start the associated program at operating-system level (the ldap_rfc program in the kernel directory), the program outputs a version number and additional technical details. If the LDAP program library is missing for your platform, the system displays an error message.
As the program name suggests, the LDAP Connector is addressed using RFC communication. To do this, an RFC destination of the type T (TCP/IP) that activates the LDAP Connector as a registered server program is required.
Caution: Note that the name of the RFC destination must be written in uppercase letters and without spaces.
If only one LDAP Connector is running in an SAP system for each physical host, call the RFC destination LDAP_ (for example: LDAP_TWDF0013). If more than one is running, add a sequence number with a hyphen, that is, LDAP_- (for example: LDAP_TWDF0013-01).
This proposed naming convention is the current SAP recommendation, which has changed from older versions of documentation. For more information, see SAP Note 587051.
The LDAP Connector should be registered at the local gateway, that is, you must maintain the gateway options so that the Gateway Host points to the local server and the Gateway Service points to sapgw.
For the Program ID field, enter the name of the RFC destination.
You can make all of the Customizing settings for connecting directory services in the SAP Reference Implementation Guide (IMG, transaction SPRO) under the path SAP NetWeaver -> SAP Web Application Server -> System Administration -> Directory Integration. Alternatively, you can also use the central transaction for connecting to directory services, transaction LDAP. There, you can perform Customizing for the LDAP Connector in the Connector area. Use the field help (F1 and F4) and the documentation when creating the connection. The Connector name must be identical to the RFC destination.
For the (logical) definition of the LDAP Connector in the SAP system, you must specify the application on which the (physical) LDAP Connector is running. You can also create connections to multiple directory services using one LDAP Connector. You usually set the Status to Connector Is Active - the Computing Center Management System (CCMS) then monitors the status of the LDAP Connector periodically and attempts (for example, after a restart of the SAP system) to make or keep it available using an auto-reaction method. You can set a trace level for the error log (file dev_.trc. You can evaluate this, for example, with transaction ST11 ).
After storing the Connector data, you can start the LDAP Connector manually from transaction LDAP or (if the status is set to Connector Is Active) wait a few minutes until the auto-reaction method has been executed.
System User
The SAP system must be able to log onto the directory service for the various LDAP operations. The directory services themselves use various authorization concepts (from anyone being able to retrieve information, to extensive identity checks using a directory server).
To do this, enter the logon data for an LDAP system user in the System Users area in transaction LDAP using a specific user ID. In addition to the name and credentials (password entry), this also includes information about whether a user may access the directory service to read only, and where the credentials are stored.
Note: The name of the created user ID corresponds neither to a user in the SAP system, nor to a user in the directory server. Rather, it is a key that is required for the connection data.
This means that you can store the same user ID with multiple server definitions in the SAP system. This simplifies administration if the same physical directory service is behind the various logical servers in the SAP system (perhaps to implement a different mapping for employees and vendors).
Connection Data
After these preparations, define the actual connection data for the directory server to be connected in the Server Names area in transaction LDAP.
This includes host name, port number, and product name of the directory server in use. You also categorize the LDAP application (for example, as a directory for Users). The previously defined system user is also included in the connection data.
Note: In the Server Name field in the SAP system, you can enter a name of your choice. However, you should avoid names that begin with SAP_, since these are reserved for SAP applications.
The starting point for the following steps is that an SAP system based on an SAP Web AS and a directory server are to be connected to each other. The focus here is on the LDAP Connector, an operating system program shipped by SAP, and the associated Customizing settings.
All of the steps for connecting the SAP system and the directory server are explained in more detail in the following:
RFC Destination and LDAP Connector
Since SAP Basis 4.6, the LDAP Connector has been delivered with every SAP system. If you start the associated program at operating-system level (the ldap_rfc program in the kernel directory), the program outputs a version number and additional technical details. If the LDAP program library is missing for your platform, the system displays an error message.
As the program name suggests, the LDAP Connector is addressed using RFC communication. To do this, an RFC destination of the type T (TCP/IP) that activates the LDAP Connector as a registered server program is required.
Caution: Note that the name of the RFC destination must be written in uppercase letters and without spaces.
If only one LDAP Connector is running in an SAP system for each physical host, call the RFC destination LDAP_ (for example: LDAP_TWDF0013). If more than one is running, add a sequence number with a hyphen, that is, LDAP_- (for example: LDAP_TWDF0013-01).
This proposed naming convention is the current SAP recommendation, which has changed from older versions of documentation. For more information, see SAP Note 587051.
The LDAP Connector should be registered at the local gateway, that is, you must maintain the gateway options so that the Gateway Host points to the local server and the Gateway Service points to sapgw.
For the Program ID field, enter the name of the RFC destination.
You can make all of the Customizing settings for connecting directory services in the SAP Reference Implementation Guide (IMG, transaction SPRO) under the path SAP NetWeaver -> SAP Web Application Server -> System Administration -> Directory Integration. Alternatively, you can also use the central transaction for connecting to directory services, transaction LDAP. There, you can perform Customizing for the LDAP Connector in the Connector area. Use the field help (F1 and F4) and the documentation when creating the connection. The Connector name must be identical to the RFC destination.
For the (logical) definition of the LDAP Connector in the SAP system, you must specify the application on which the (physical) LDAP Connector is running. You can also create connections to multiple directory services using one LDAP Connector. You usually set the Status to Connector Is Active - the Computing Center Management System (CCMS) then monitors the status of the LDAP Connector periodically and attempts (for example, after a restart of the SAP system) to make or keep it available using an auto-reaction method. You can set a trace level for the error log (file dev_.trc. You can evaluate this, for example, with transaction ST11 ).
After storing the Connector data, you can start the LDAP Connector manually from transaction LDAP or (if the status is set to Connector Is Active) wait a few minutes until the auto-reaction method has been executed.
System User
The SAP system must be able to log onto the directory service for the various LDAP operations. The directory services themselves use various authorization concepts (from anyone being able to retrieve information, to extensive identity checks using a directory server).
To do this, enter the logon data for an LDAP system user in the System Users area in transaction LDAP using a specific user ID. In addition to the name and credentials (password entry), this also includes information about whether a user may access the directory service to read only, and where the credentials are stored.
Note: The name of the created user ID corresponds neither to a user in the SAP system, nor to a user in the directory server. Rather, it is a key that is required for the connection data.
This means that you can store the same user ID with multiple server definitions in the SAP system. This simplifies administration if the same physical directory service is behind the various logical servers in the SAP system (perhaps to implement a different mapping for employees and vendors).
Connection Data
After these preparations, define the actual connection data for the directory server to be connected in the Server Names area in transaction LDAP.
This includes host name, port number, and product name of the directory server in use. You also categorize the LDAP application (for example, as a directory for Users). The previously defined system user is also included in the connection data.
Note: In the Server Name field in the SAP system, you can enter a name of your choice. However, you should avoid names that begin with SAP_, since these are reserved for SAP applications.