Additional Blogs by Members
Showing results for 
Search instead for 
Did you mean: 
Active Contributor

Take a scenario: Where you have a requirement for

1) User Authentication data source is LDAP

2) User Details Data source is HR(for Manager)

3) SAP User ID is stored in physical attribute in LDAP.

4) HR system infotype 0105 subtype 0001 stores SAPID

5) HR system infotype 0105 subtype 9000 stores domain id

Whenever a user is authenticated in LDAP using SAMACCOUNTNAME the same is passed to HR for details data source information and it also gets validated against Infotype 0105 subtype 0001 to obtain manager and other details.

When SAMACCOUNT id is passed and SAP ID in infotype 0105 and subtype 0001 is stored, it will not match.

Hence a development on target system has to be made where it can validate against infotype 0105 subtype 0001 in /GRCPI/CL_GRIA_USR Method is GET_USR_DETAILS

Now the details can be fetched for access request.

Since the requirement is authentication data source is LDAP.

And SAP ID is stored in physical attribute and Manager should come from HR system.

You have to remove Manager mapping for LDAP in maintain mapping for connector and connector group.

And Enable below parameter.

Access request validations           5023            YES     Consider details from multiple data sources for missing user details in access request

In Data Source sequence for User details keep LDAP above HR.

It will fetch all details from LDAP and change the SAP User ID in Access Request form.

Fill other details from HR system including Manager.



1 Comment