2009 Jun 09 10:08 AM
Hi,
I'm about to configure LDAP integration with SAP, where users that exist only on the LDAP server are created in SAP.
Are any initial passwords automatically set for these users in SAP, or will an administrator have to go in and set an initial password for all created users?
Thanks, Oscar
2009 Jun 09 1:25 PM
Hi,
I assume you will use the LDAP synchronization in an ABAP system. Here you have to maintain the fields to be synchronized. The password field is typically not synchronized but you can fill in the logondata hashvalue. I never tried to get the hashvalue out of LDAP because LDAP and SAP may use different hash algorithms. The better way is to set a fixed value in the mapping. You can use SAP functions to maintain the hashvalue.
Transaction for maintaining the mapping: LDAPMAP.
Regards
Rainer
2009 Jun 10 8:45 AM
This sounds interesting. I've used LDAPMAP to map by SAP fields to LDAP fields, but I thought I always had to provide an LDAP field in my mapping. Do you mean I can map a SAP field (e.g. BAPIPWD) using LDAPMAP to a function module (that e.g. generates an initial password), without mapping it to a LDAP field?
Thanks
2009 Jun 10 3:45 PM
Just ran a synchronization and noticed the password was deactived for newly created users, which is perfectly fine.
However, I'm still interested in if you can assign a value to SAP fields manually through LDAPMAP without entering any directory attribute. E.g. if I want to import 1000 users from SAP to AD and want to automatically give all a very basic role in SAP (that does not have any relation to their LDAP role). But his might be easier to achive after importing them?
2012 Oct 31 4:10 PM