SAP Knowledge Base Article - Preview

2243812 - How to check if your LDAP properly configured on GRC? Simple! Use LADT

Symptom

LDAP Advanced Diagnostic Tool (LADT)

The main goal of this report is to provide the GRC Access Control administrator with diagnostic of LDAP connection and configuration. The report collects LDAP configuration data and compares to the expected value for a correct behavior. This comparison results into a detailed log to assist GRC administrators with a root cause analysis.

How to Install LADT:
 1- In transaction se38 create a new z report named ZLADT type executable program.
 2- Copy the file ZLADT.txt source code, paste it into the report, save and activate.

How to operate LADT:
 1- In transaction se38 choose report ZLADT and execute.
 2- In the field Ldap Connector, insert the LDAP connector that want to test and run the report.

The result log shows 3 types of messages:

1)    A success message will show status “OK” and it means that the step is correctly configured.

2)    A warning message will show status “Attention” and it means that one or more optional steps are not configured correctly. This message shows a return code, which can be interpreted in the next section of this note to implement the optional steps.

3)    An error message will show status “Error” and it means that one or more mandatory steps are not configured correctly. This message shows a return code, which must be interpreted in the next section of this note to implement the optional steps.

Please refer to the following procedures to correct the error.

 CODE 00000 - Check your LDAP configuration according the error message.

 CODE 00001 - Set program id equal to RFC ID in SM59 as below:
 
00001.jpg
 
 Code 00002 - Maintain a server for the LDAP Transaction:
 
00002.jpg
 
 CODE 00003 - Assign the LDAP Connector to a connector group:
 
00003.jpg
 
 CODE 00004 - Assign integration scenario AUTH in SPRO for LDAP connector:
 
00004.jpg
 
 CODE 00005 - Assign integration scenario PROV in SPRO for LDAP connector:
 
 00004b.jpg
 
 CODE 00006 - Assign integration scenario AUTH in SPRO for LDAP connection type:
 
000006.jpg


 CODE 00007 - Set application type 12 to LDAP connector:
 
 CODE 00009 - Change the application type of LDAP connector to 12:

7 8 9.jpg


 
 
 CODE 00010 - Set application type 12 to LDAP connector group:
 
 CODE 00011 - Active LDAP connector group:

 CODE 00012 - Change the application type of LDAP connector group to 12:

10 11 12 .jpg


 CODE 00014 - Check the ldap field mapping for action 0003, make sure that all fields are set for LDAP connector and SAP:
 
 CODE 00016 - Check the ldap field mapping for action 0004, make sure that all fields are set for LDAP connector and SAP:

14 15 16 17.jpg

 CODE 00015 - Maintain field mapping for LDAP connector action 0003
 

15.jpg

 CODE 00017 - Maintain field mapping for LDAP connector action 0004
 
17.jpg
 
 CODE 00018 - Maintain connector type as LDAP 
 
18.jpg 
 CODE 00019 - Maintain attributes for LDAP connector
 
 19.jpg
 
 CODE 00020 - Maintain LDAP connector as a user search data source (not mandatory).
 
000020.jpg


 
 CODE 00021 - Maintain LDAP connector as a user detail data source (not mandatory).
 
21.jpg


 CODE 00022 - Maintain LDAP connector as user authentication (not mandatory).
 22.jpg

 
 CODE 00023 - Maintain LDAP connector as end-user authentication (not mandatory).

23.jpg


Read more...

Environment

  1. GRC - 10.0
  2. GRC - 10.1
  3. GRC - 12.0

Product

SAP Access Control 10.0 ; SAP Access Control 10.1

Keywords

KBA , ldap , grc , ladt , GRC-SAC-ARQ , Access Request , GRC-SAC-ARA , Access Risk Analysis , GRC-SAC-REP , Repository , GRC-SAC-UPG , Installation & Upgrade , How To

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.