-
Products and Technology
By Category
-
Groups
Activity Groups
Industry Groups
Influence and Feedback Groups
Interest Groups
Location Groups
Customer Only Groups
- Developers
- Partners
- Events
- Help Center
- Topic Pages
-
Explore SAP
Products
Learning and Support
-
- Products and Technology
- Groups
- Developers
- Partners
- Events
- Help Center
- Topic Pages
-
Explore SAP
- Explore SAP
-
Products
- Products
- SAP Business Suite
- Artificial Intelligence
- Business applications
- Data and analytics
- Technology Platform
- Financial Management
- Spend Management
- Supply Chain Management
- Human Capital Management
- Customer Experience
- SAP Business Network
- View products A-Z
- View industries
- Try SAP
- Partners
- Services
- Learning and Support
- About
- SAP Community
- Groups
- Interest Groups
- Application Development and Automation
- Discussions
- Functionality of Program RSLDAPSYNC_USER
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Functionality of Program RSLDAPSYNC_USER
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎2008 May 27 9:19 AM
- SAP Managed Tags
- ABAP Development
Hi All,
I'm not familiar in program RSLDAPSYNC_USER. Could anyone tell me the functionality of this program and how does it behave and what does it perfom? Or could you please give me an overview about this program?
All your help would be highly appreciated.
Hoping for your quick response.
Thank you in advance,
CarMey
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎2008 May 27 9:34 AM
- SAP Managed Tags
- ABAP Development
Hi,
Synchronization Report RSLDAPSYNC_USER: Examples
You define how the objects (users) to be synchronized are dealt with on the Directory Synchronization of Users screen. Prerequisites for an error free execution of the report are correct mapping (especially of the required attributes) and correct synchronization indicators in transaction LDAPMAP.
Directory Synchronization of Users: Examples
Example 1:
You are using an FI component system that is to be synchronized with an LDAP-compatible directory server. The directory server is the leading system. This means that all objects in the directory must be replicated in your component system. Objects that do not exist in the component system are to be created there. Only objects that exist in the component system are to be ignored. For changes to objects that exist in both storage areas, the attributes are adjusted according to the settings of the synchronization indicators (Delta comparison)
Choose the Compare Time Stamp option in the Objects that Exist Both in the Directory and in the Database frame.
Choose the Create in Database option in the Objects that Only Exist in the Directory frame.
Choose the Ignore Objects option in the Objects that Only Exist in the Database frame.
Example 2:
As example 1, except that instead of a delta comparison, all objects in both storage areas are to be synchronized according to the synchronization indicators (complete synchronization).
Choose the Ignore Time Stamp option in the Objects that Exist Both in the Directory and in the Database frame.
Choose the Create in Database option in the Objects that Only Exist in the Directory frame.
Choose the Ignore Objects option in the Objects that Only Exist in the Database frame.
Example 3:
As example 1, except that objects that only exist in the database are to be locked.
Choose the Compare Time Stamp option in the Objects that Exist Both in the Directory and in the Database frame.
Choose the Create in Database option in the Objects that Only Exist in the Directory frame.
Choose the Lock in Database option in the Objects that Only Exist in the Database frame.
Example 4:
You are using an HR system that is to be synchronized with an LDAP directory server. The HR system is the leading system. This means that all objects in the HR system database must be replicated in the LDAP-compatible directory service. Objects that do not exist in the LDAP-compatible directory service are to be created there. Only objects that exist in the LDAP-compatible directory service are to be ignored. For changes to objects that exist in both storage areas, the attributes are adjusted according to the settings of the synchronization indicators (Delta comparison)
Choose the Compare Time Stamp option in the Objects that Exist Both in the Directory and in the Database frame.
Choose the Ignore Objects option in the Objects that Only Exist in the Directory frame.
Choose the Create in Directory option in the Objects that Only Exist in the Database frame.
Use
After you have define the mapping, you synchronize the data using report RSLDAPSYNC_USER. Before this, you define on the Directory Synchronization of Users screen how objects found in the search will be dealt with.
User administration with the report RSLDAPSYNC_USER and transaction LDAPMAP works like a "remote control" for the Central User Administration (CUA). Therefore, all limitations and prerequisites of the CUA (such as for the BAPI_USER_CHANGE function module) are also valid for the synchronization function.
Procedure
Execute report RSLDAPSYNC_USER with a background job for delta synchronization (for example, using transaction SA38).
The users SAP*, DDIC and EARLYWATCH are excluded from the synchronization, and you do not need to exclude them explicitly. On the other hand, other communication users, such as those for RFC connections, are treated like normal users.
Specify the logical LDAP server.
Choose an LDAP Connector. If you do not specify a particular LDAP Connector, the system automatically selects one.
Define how the synchronization report should process the entries of the objects that are found during the search. The search result is made up of three subsets:
Objects that exist in both the directory and the database
Objects that only exist in the directory
Objects that only exist in the database
Setting in the Objects that exist in both the directory and the database group frame
Comment
Compare Time Stamp
Delta synchronization: Only objects whose time stamp was changed are synchronized. The synchronization is performed in accordance with the synchronization indicators in transaction LDAPMAP.
Ignore Time Stamp
Complete synchronization: All objects are synchronized according to the synchronization indicators in transaction LDAPMAP.
Ignore Objects
Delta synchronization: Objects that already exist are not updated, but, depending on the settings in the other group frames, objects that do not exist may be created.
*The settings are only different in terms of the scope of users to be synchronized.
Setting in the Objects that only exist in the directory group frame
Comment
Create in Database
The directory is the leading system; that is, it exports all entries to the SAP system
Delete from Directory
The SAP system is the leading system; that is, entries that do not exist in the SAP system are to be deleted from the directory
You must be absolutely certain that the directory entries that are to be deleted are only used for SAP applications and do not contain any external attributes. Otherwise, you may delete entries that other systems are still using.
Ignore Objects
For example, if the users are not used in the SAP system
Setting in the Objects that only exist in the database group frame
Comment
Create in Directory
The SAP system is the leading system; that is, it exports all entries to the directory.
Delete from Directory
The directory is the leading system; that is, entries that do not exist in the LDAP-compatible directory service are to be deleted from the SAP system.
We recommend that you only lock the users. This means that the master data is kept, and the actions of the user can be traced later (for example, for review purposes).
Lock in Database
The directory is the leading system; that is, entries that do not exist in the LDAP-compatible directory service are to be locked in the SAP system.
Ignore Objects
For example, if service users exist in the SAP system that are not used in the directory
Save your entries.
Choose Execute.
Regards,
Jagadish.
Bluesky