For an overview of Duet Enterprise 1.0 User Mapper, refer to the following post:
[User Mapping in Duet Enterprise 1.0 | User Mapping in Duet Enterprise 1.0]
For a production installation of Duet Enterprise, it is recommended that user mapping be done using an LDAP. This ensures that valid sap ids are mapped to valid Sharepoint User ids.
Usernames in SharePoint and Duet Enterprise are usually different (for example, in SharePoint: DOMAINADS-User; in SAP: SAPUSER).
This technique can be used if your company is using an LDAP field to map the SAP user id. This method can also be used if Sharepoint and SAP user ids are the same. In the latter case, you can use the ADS attribute sAMAccountName.
A connection to the LDAP is required. Before configuration, you will need to know the following information
The steps are also outlined in the Duet Enterprise SAP Deployment Guide as well as the Duet Enterprise Security Guide found on the SAP service marketplace.
To create the connection, follow these steps:
h3. 1) Create a type T (TCP/IP connection) RFC destination in the SCL in transaction SM59.On the SCL, go to transaction LDAP and click System Users
Click edit, then New Entries
Enter the details of the new user
*User ID: Make up the name of a system user </p><p>Distinguished Name:* Service user to connect to the ADS to read user entries (include domain)Click on the edit icon next to credentials and add the password. Click Green check, then save the user.
h3. 3) Maintain an LDAP server (via transaction LDAP)In the SCL, go to transaction LDAP
Click Edit and then New Entries and enter the following information:
*Server Name: Make up a name for the server for example, SRV-<ADS system name></p><p>Host Name: ADS Host Name</p><p>Port Number:* Default is 389Active Directory (Domain Model) even if you have ADS 2008 (see note 983808)
Product Version: Choose Version of your ADS - LDAP Version 3Save the configuration.
h3. 4) To activate the LDAP connection:In the SCL, navigate to transaction LDAP and click LDAP Connectors
Click Edit and click New Entries.*Page Size: *Enter a page size (entries per page) if your ADS has more than 1000 entries, for example, 200
Click Save and start the connector by clicking on the activate button . The *Current Status *icon should change to yellow.
Click Save and then the *Current Status *icon should change to green.
h3. 5) Determine which LDAP attribute contains the SAP User ID.In this example, we are using the ADS attribute extensionAttribute1.
h3. 6) To configure the user mapping types.Navigate to transaction SIMGH and select *Service Consumption layer Administration *
Choose Consumer Settings and Select User Mapping typeAdd a new entry and enter LDAP based user mapping, LDAP server you created in the previous steps and the LDAP attribute to be used for mapping. If the Sharepoint and SAP user ids are the same, enter the attribute sAMAccountName. Otherwise, enter the attribute from step 5.
h3. 6) Run the user mapping tool.Navigate to the Service Consumption Layer Administration IMG and select Map SAP User Names to Consumer
Enter the following information
It is recommended to run this tool in test mode first to ensure mapping is found for users and to also delete all other entries for the SAP user id as there should only be one SharePoint User mapped per SAP user id.
Check the results of the tool to ensure the user ids are mapped correctly.
h3. 7) Check the mapping entries in transaction SM30 for table VUSREXTIDUser Mapping is complete. This tool can be run multiple times to map new users as required.