Configuring LDAP Connector, User Data source and End User Authentication

Create LDAP Connector: Go to transaction SM59 and create a connector for LDAP by selecting
connection type TCIP/IP:
Detailed information on how to configure the connector and fields like Gateway host, Gateway service
etc. can be found on:

http://help.sap.com/saphelp_nw70/helpdata/en/10/1a063a15c611d4b61f0000e835363f/
content.htm

LDAP – Transaction Setup:

Click on LDAP Connectors button and enter following details. Click on Activate Button to
activate the LDAP Connector.

Please note CONNECTOR NAME is same as RFC Program ID and APPLICATION

SERVER will be the GRC server hostname with SID and Instance number (this can
be selected by pressing F4 in Application Server field)
Configure LDAP Server Setup using following values:

For more information see:

http://help.sap.com/saphelp_nw70/helpdata/en/10/1a063a15c611d4b61f0000e835363f/f
rameset.htm
Use Transaction LDAPMAP and go to change mode and press F6 (Proposal) to get
default mapping.

Go to SPRO transaction and GRC node:

And define a connector for LDAP:

and a logical group for ALL LDAP connectors:

Assign all LDAP connectors to this connection group

Assign the LDAP connection to all the scenarios: At least AUTH and PROV:
Assign the adaptor LDAP implementation class for both AUTH and PROV scenarios

Now maintain the Mappings of LDAP attributes:

Go to IMG node

First add LDAP connection group with app type as LDAP and active:

Now assign the default connector for Provisioning and Authorization for that connection group:
Now maintain the group field mapping for PROV and AUTH actions one by one:

PROV Action Mapping:

AUTH Action Mapping:

NOTE: Please make sure field mapping is in upper case

And also maintain the group parameter mapping for PROV and AUTH actions one by one:

PROV Action Mapping:

AUTH Action Mapping:

Now maintain connector settings:

Assign Attribute to LDAP connection:

Group path can also be maintained here with GROUP PATH parameter

Maintain search data source:

Add the LDAP connector and sequence as search data source

Setting LDAP user search as realtime:

Under SPRO go to Maintain Configuration Settings as shown below:

Set the realtime LDAP search parameter to YES

NOTE: If LDAP realtime search is kept to YES then multiple user search data source will only search in
LDAP systems only.

Setting LDAP as end user authentication system:

Set the setting “End User Verification” required to YES/NO