cancel
Showing results for 
Search instead for 
Did you mean: 

GRC AC 10.1 - LDAP Synchronization Issue

0 Kudos
1,376

Hi Experts!

We are implementing GRC AC 10.1 and i´m having an issue with LDAP User Synchronization. Company has AD with users in several OU so we need to do synchronization at root level (i think is not possible to configure multiple base entry).

Im able to use "find" option from LDAP transaction at root level and this is working fine; even if i do a synchronization configuring only one OU like base entry it works fine too. But, if i want to do synchronization at root level, it does not work (i get total count:0  from synchronization).

Im working with GRAC AC10.1, SP 7. I have followed several SCN threads and SAP Notes about LDAP Sync issues but i haven´t had any success.

I have tried using port 3268 and 389. From SLG1 i only get a warning: user adapter is empty (for the record, i have already read this ) and SAP note 1755767).

LDAP connector name is identical to LDAP Server name

Any suggestions or comments would be appreciated.

Thanks!

Accepted Solutions (1)

Accepted Solutions (1)

0 Kudos

Rafael / Paichha:

Thanks for your replies, i could made a full synchronization with AD by increasing "maxpagesize" parameter in AD configuration (following note 1823253) and making page size = 500 in LDAP tcode .

Now im tryng to use a filter for the register that sync job brings. For example, we need to synchronize only users with extensionAttribute1=Activo to reduce amount of registers in synchornization.

At this moment job is synchonizating deactive users, computers, printers, etc. and we only need active users.

¿Any idea about it?


Thanks again!

Emiliano

former_member193066
Active Contributor
0 Kudos

Hello,

I hope you followed the guide LDAP config guide,

The filter are choosed from Maintain mapping for action and connection type.

there might be note for deactivated users.

Regards,'

Prasant

0 Kudos

Hello Emiliano,

Actually I am not familiarized with adding parameters in sync, but I think the only way is in SPRO, assigning attributes to the connector, with parameter OTHERS.

Kind Regards,

Rafael Guimbala

Answers (3)

Answers (3)

0 Kudos

Hi!

I followed the LDAP Config Guide and acording to this, i configured in activity "Maintain mapping for action and connection type" next value:

User:OC          person

It means "Object class = person" but i need like attribute "extensionAttribute1=Activo", i don´t know how to configure this.

Thanks.

Emiliano

Former Member
0 Kudos

Hi Emiliano,

You could map 'User:OC' to 'user)(extensionAttribute1=Activo' in group parameter mapping.

Let us know if that brings you the desired result.

Best Regards,

Zoltan

0 Kudos

Hi Zoltan!

I was able to use "Object Class" like attribute with "(extensionAttribute1=Activo)" as value and it worked fine.

Thanks for the sugestion!

former_member193066
Active Contributor
0 Kudos

Hello ,

In your first screenshot you have page size which is 0, make it 100

Regards,

Prasant

0 Kudos

Hello Emiliano,

Please follow SAP Note 1823253 steps, maybe this help you

Let us know how it goes,

Thanks & Regards

Rafael