Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
Showing results for 
Search instead for 
Did you mean: 

SAP - LDAP synchronization doubt

Former Member
0 Kudos

I have setup SAP - LDAP synchronization on WebAS 6.20 with Active Directory on W2k3. The mappings are default what SAP suggested me along with its standard schema extensions. When I run the RSLDAPSYNC_USERS, I m faced with 2 problems here,

1) I have selected When users exists both in AD and DB it should compare the timestamp and update the values accordingly. If user doesn't exist in Active Directory then Create it .

For this I created a user JLIN ( Jason Lin )in both active directory (created manually from AD - MMC ) and SAP using SU01.

On sync it throws error :



Message text


Connection created to server MSAD

Number of Objects in Directory 0

Number of Objects in Database 1

Objects that Exist Both in the Directory and in the Database: 0

Successfully Bidirectionally Updated: 0

Updated Successfully in Database: 0

Successfully Updated in Directory: 0

Cannot Update: 0

No Synchronization Necessary: 0

Objects that Only Exist in the Directory: 0

Ignored: 0

Objects that Only Exist in the Database: 1

<b>| |Entry already exists |


Error while writing object JLIN to the directory </b>

Successfully Created in Directory: 0

Cannot Create in Directory: 1

Total Time Required: 00:00:00

Connection to server MSAD terminated


This means that it is not able to recognize the user JLin in Active Directory as the same user as JLin in SAP. Any idea what could I be doing wrong ? When the user is created in by SAP into AD ( i.e. if jlin did not exists ) the sync etc happens perfectly well . Any pointers on this ?

2 ) On the other hand, we have 2 sets of users to be synchronized, one in active directory and the other in SAP. Since these systems are governed by different sets of userid policies the userid for a user in Active directory may not be same as that of SAP. So we need to map these userids for synchronization. is there a way to specify in SAP / Active directory which Active Directory / SAP user they map to ?

What we want to achieve is When a user is deleted / disabled from active directory he should be deleted / disable in SAP too.

Message was edited by: Harsh Busa


Former Member
0 Kudos

Figured out that SAP uses sapUsername attribute in Active directory user object