12/15/2017 How to Configure LDAP connector - Governance, Risk and Compliance - SCN Wiki

Getting Started Store

Community WIKI SAP Community Welcome, Guest Login Register Search the Community

Governance, Risk and Compliance / … / Access Request (ARQ)

How to Configure LDAP connector

Created by Shaily Kulshreshtha, last modified by Rafael Guimbala on Oct 16, 2014

Configuring LDAP Connector, User Data Source and its End User Verification.
This Wiki will provide you detailed steps to configure LDAP connector, its Data Source and End User Verification.

Create LDAP Connector

Go to transaction SM59 and create a connector for LDAP by selecting connection type TCIP/IP.

https://wiki.scn.sap.com/wiki/display/GRC/How+to+Configure+LDAP+connector?preview=/359564299/359923892/14.jpg 1/9
12/15/2017 How to Configure LDAP connector - Governance, Risk and Compliance - SCN Wiki

Maintain also the Gateway Host and Gateway Server in this tab. When you successfully started the connector in the next step do a Unicode test (Utilities -> Test -> Unicode Test) and according to it's
result set the Unicode flag.

LDAP Transaction Setup

Click on LDAP Connector button and enter following details. Click on Activate Button to activate the LDAP Connector.

Please note CONNECTOR NAME is same as RFC Program ID and APPLICATION SERVER will be the GRC server hostname with SID and Instance number (this can

be selected by pressing F4 in Application Server field)

https://wiki.scn.sap.com/wiki/display/GRC/How+to+Configure+LDAP+connector?preview=/359564299/359923892/14.jpg 2/9
12/15/2017 How to Configure LDAP connector - Governance, Risk and Compliance - SCN Wiki

Configure LDAP Server Setup using following values

Use Transaction LDAPMAP and go to change mode and press F6 (Proposal) to get default mapping.

IMG5

Go to SPRO transaction and GRC node

https://wiki.scn.sap.com/wiki/display/GRC/How+to+Configure+LDAP+connector?preview=/359564299/359923892/14.jpg 3/9
12/15/2017 How to Configure LDAP connector - Governance, Risk and Compliance - SCN Wiki

And define a connector for LDAP

and a logical group for ALL LDAP connectors:

Assign all LDAP connectors to this connection group

Assign the LDAP connection to all the scenarios: At least AUTH and PROV:

https://wiki.scn.sap.com/wiki/display/GRC/How+to+Configure+LDAP+connector?preview=/359564299/359923892/14.jpg 4/9
12/15/2017 How to Configure LDAP connector - Governance, Risk and Compliance - SCN Wiki

Assign the adaptor LDAP implementation class for both AUTH and PROV scenarios

Now maintain the Mappings of LDAP attributes:

Go to IMG node

First add LDAP connection group with app type as LDAP and active

Now assign the default connector for Provisioning and Authorization for that connection group:

https://wiki.scn.sap.com/wiki/display/GRC/How+to+Configure+LDAP+connector?preview=/359564299/359923892/14.jpg 5/9
12/15/2017 How to Configure LDAP connector - Governance, Risk and Compliance - SCN Wiki

Now maintain the group field mapping for PROV and AUTH actions one by one:
PROV Action Mapping:

AUTH Action Mapping:

NOTE: Please make sure field mapping is in upper case

https://wiki.scn.sap.com/wiki/display/GRC/How+to+Configure+LDAP+connector?preview=/359564299/359923892/14.jpg 6/9
12/15/2017 How to Configure LDAP connector - Governance, Risk and Compliance - SCN Wiki
And also maintain the group parameter mapping for PROV and AUTH actions one by one:
PROV Action Mapping:

AUTH Action Mapping:

Now maintain connector settings:

Assign Attribute to LDAP connection:

Group path can also be maintained here with GROUP PATH parameter

Maintain search data source:

https://wiki.scn.sap.com/wiki/display/GRC/How+to+Configure+LDAP+connector?preview=/359564299/359923892/14.jpg 7/9
12/15/2017 How to Configure LDAP connector - Governance, Risk and Compliance - SCN Wiki

Add the LDAP connector and sequence as search data source

Setting LDAP user search as realtime:

Under SPRO go to Maintain Configuration Settings as shown below:

Set the realtime LDAP search parameter to YES

NOTE: If LDAP realtime search is kept to YES then multiple user search data source will only search in LDAP systems only.

Setting LDAP as end user authentication system:

https://wiki.scn.sap.com/wiki/display/GRC/How+to+Configure+LDAP+connector?preview=/359564299/359923892/14.jpg 8/9
12/15/2017 How to Configure LDAP connector - Governance, Risk and Compliance - SCN Wiki

Set the setting “End User Verification” required to YES/NO

Related Content
This is just a title for the following 2 sections

Related Issues
The job user_repository_sync it is giving “Invalid access with negative length to a string dump” with exception CX_SY_RANGE_OUT_OF_BOUNDS.

CAUSE : Missing parameter USER:OC in Assign Group Parameter Mapping, especcialy after install sp09 with SAP Note 1698372 - UAM:LDAP Group Parameter Setup is Case Sensitive

Related Documents (Size: Heading 2)

Insert SAP Help links or other WIKI content link.
Please hyperlink the title of the related document

Related Notes Size: Heading 2)

Insert links to any related notes/KBAs that support your topic or are related. Please hyperlink ONLY Note or KBA number.

Example:
SAP Note: 83020 What is consulting, what is support
No labels

1 Comment
Rafael Guimbala
Really helpful !

Contact Us SAP Help Portal

Privacy Terms of Use Legal Disclosure Copyright Follow SCN

https://wiki.scn.sap.com/wiki/display/GRC/How+to+Configure+LDAP+connector?preview=/359564299/359923892/14.jpg 9/9