Application Development and Automation Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Integration into active directory

hari_cahyadi2
Explorer

‎2010 Mar 17 3:41 AM

0 Kudos
306

Dear ABAP Gurus,

I have requirement from my client as follows :

They have active directory server, and they want to integrate SAP into their active directory. So when they want to login to SAP they want to used their active directory user and password.

We already offer the SSO approach that synchronize the SAP logon user name and password and their active directory but they refused this solution. Because they don't want to manage the user profile 2 times(in SAP and in AD)

Is it posible, when they click the system in the saplogon, we redirect it to read active directory?

Thanks in advance.

Regards,

Haric

1 REPLY 1
Read only

Former Member

‎2010 Mar 17 9:32 AM

0 Kudos
248

I shouldn't think so.

See, you have something like roles (or profiles) in your SAP systems. They can even be attached to a CUA which itself could have several children of all variety (APO, CRM, BI ... even portals if you had a dual stack) - so managing the SAP-application specific authorisations within an LDAP only is out of the question.

I am no expert with MS AD or such: the only thing I assume could be done via LDAP is some kind of matching the AD-userID or -group to something resembling a position or group in one of the SAP systems. On the other hand this would imply that all the SAP systems of one landscape have the same structure of groups/positions. A hard thing to do, yes?

... but as I said, I am not an expert. You might want to post this question in the Security forum - there is Mr Alsop who is pretty good at SSO, Kerberos and maybe AD.