3273863 - How to configure / set up LDAP in SAP IQ -- SAP IQ

This KBA is to introduce not only how to configure LDAP in SAP IQ, also show links of other documents or KBAs that are related to LDAP in IQ.

• What is LDAP ?

LDAP (Lightweight Directory Access Protocol) is the protocol that defines how users, devices, and clients can communicate with a directory server. It also provides a framework for how information can be organized and represented within a directory.

With LDAP, users access IT resources by inputting credentials. The protocol searches and compares the credentials to what the LDAP server has stored for the authenticating user's, if the username and password match what’s listed in the directory, LDAP authenticates the user. By using LDAP, you can centralize authentication services while providing users with quick access to many of their resources on the network.

The LDAP protocol is not software, but software packages have emerged to streamline LDAP directory creation, implementation, and management. One of the first implementations of this was OpenLDAP.

- OpenLDAP that is one of the first implementations, is a free and open-source implementation of the LDAP protocol.
- Microsoft Active Directory (AD) is a directory service that stores user and device account data in a central location for Windows-based network, device, application, and file access.

• LDAP in SAP IQ

The SAP IQ LDAP server configuration object allows LDAP user authentication with SAP IQ. SAP IQ LDAP user authentication is only supported with SAP IQ 16.1.

SAP IQ uses a configuration object called LDAP server to provide connections between the SAP IQ server and external LDAP servers. Despite its name, the SAP IQ LDAP server is an object that resides on the SAP IQ server and is NOT an actual server. The LDAP server configuration object's sole function is to provide a connection to a physical LDAP server to allow LDAP user authentication. Any settings of the LDAP server database configuration object apply solely to the SAP IQ side of the LDAP user authentication equation. No LDAP server configuration object settings are written to the physical LDAP server.

      The LDAP server is a 3rd-party product that the database server communicates with to perform username and password lookup. The communication with the LDAP server can be        unsecure (plain text exchanges) or it can be secure (encrypted using Transport Layer Security or TLS).
      Secure communication via TLS requires the use of a certificate. The certificate is a trusted root certificate that was used to sign the LDAP server’s identity certificate.

SAP IQ 16.1 SP05(04)+

LDAP, Transport Layer Security (TLS), TLS, Secure,
, KBA , BC-SYB-IQ , Sybase IQ , How To