Symptom
LDAP Advanced Diagnostic Tool (LADT)
The main goal of this report is to provide the GRC Access Control administrator with diagnostic of LDAP connection and configuration. The report collects LDAP configuration data and compares to the expected value for a correct behavior. This comparison results into a detailed log to assist GRC administrators with a root cause analysis.
How to Install LADT:
1- In transaction se38 create a new z report named ZLADT type executable program.
2- Copy the file ZLADT.txt source code, paste it into the report, save and activate.
How to operate LADT:
1- In transaction se38 choose report ZLADT and execute.
2- In the field Ldap Connector, insert the LDAP connector that want to test and run the report.
The result log shows 3 types of messages:
1) A success message will show status “OK” and it means that the step is correctly configured.
2) A warning message will show status “Attention” and it means that one or more optional steps are not configured correctly. This message shows a return code, which can be interpreted in the next section of this note to implement the optional steps.
3) An error message will show status “Error” and it means that one or more mandatory steps are not configured correctly. This message shows a return code, which must be interpreted in the next section of this note to implement the optional steps.
Please refer to the following procedures to correct the error.
CODE 00000 - Check your LDAP configuration according the error message.
CODE 00001 - Set program id equal to RFC ID in SM59 as below:
Code 00002 - Maintain a server for the LDAP Transaction:
CODE 00003 - Assign the LDAP Connector to a connector group:
CODE 00004 - Assign integration scenario AUTH in SPRO for LDAP connector:
CODE 00005 - Assign integration scenario PROV in SPRO for LDAP connector:
CODE 00006 - Assign integration scenario AUTH in SPRO for LDAP connection type:
CODE 00007 - Set application type 12 to LDAP connector:
CODE 00009 - Change the application type of LDAP connector to 12:
CODE 00010 - Set application type 12 to LDAP connector group:
CODE 00011 - Active LDAP connector group:
CODE 00012 - Change the application type of LDAP connector group to 12:
CODE 00014 - Check the ldap field mapping for action 0003, make sure that all fields are set for LDAP connector and SAP:
CODE 00016 - Check the ldap field mapping for action 0004, make sure that all fields are set for LDAP connector and SAP:
CODE 00015 - Maintain field mapping for LDAP connector action 0003
CODE 00017 - Maintain field mapping for LDAP connector action 0004
CODE 00018 - Maintain connector type as LDAP
CODE 00019 - Maintain attributes for LDAP connector
CODE 00020 - Maintain LDAP connector as a user search data source (not mandatory).
CODE 00021 - Maintain LDAP connector as a user detail data source (not mandatory).
CODE 00022 - Maintain LDAP connector as user authentication (not mandatory).
CODE 00023 - Maintain LDAP connector as end-user authentication (not mandatory).
Read more...
Environment
- GRC - 10.0
- GRC - 10.1
- GRC - 12.0
Product
Keywords
KBA , ldap , grc , ladt , GRC-SAC-ARQ , Access Request , GRC-SAC-ARA , Access Risk Analysis , GRC-SAC-REP , Repository , GRC-SAC-UPG , Installation & Upgrade , How To
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.