Showing results for 
Search instead for 
Did you mean: 


Former Member
0 Kudos

Dear all ,

Wht is the difference between LDAP and Active directory.

Now v r using Active directory .

V want to synchoronize SAP r/3 id and windows login id .

How to do that ?

thx in advance.



View Entire Topic
Active Contributor
0 Kudos

Microsoft Active Directory is an LDAP. LDAP is the standard, which stands for Lightweight Direcotry Access Protocol.

If you want to link your SAP system to your LDAP, you need to use transaction LDAP. You can also connect your portal to ldap to use it as your user persistance so that when someone logs on to the portal they are authenticated against your ldap (MS AD in your case).


Former Member
0 Kudos

Thk u paul.

I hope , if i create a new user in R/3 , i have to export that user to directory thrugh LDAP transaction .

and it can be imported from other servers .is it ?

if so , it's fine for new user creation .

Plz clarify the foll doubts.

1. How to sync the existing ids ?

ex) i am an SAP user and my id is 'Jbp' my windows login id is 'SGG01831'

how to do this ?

2. If i change the password from R/3 will it affects password of windows login.

Awaiting for ur reply.



Active Contributor
0 Kudos

Hi J,

You are correct that if you create a user in R/3 you can push it into the LDAP using transcation LDAP. The uid will probably be the same though.


In answer to question 1, I'm assuming you are talking about logging on to R/3 through the portal. If you want your user ids to be different in the ldap/portal and R/3, then you have to use something called user mapping to map the user id's. With this, in the portal, the users have to enter what their sap uid / pwd is and then it saves that in the database and then automatically uses that uid / pwd when they connect to R/3. So there is no real syncronisation. However it is advisable to make the uid's the same (pwds can be different) as then you can log on to SAP through the portal and the user doesn't need to enter their uid / pwd, it will log them on automatically using something called SAPLOGONTICKET.

In answer to question 2, the answer is no.. well it depends what you set in transaction LDAP (you can set what it pushes across).

Hope that helps