Electronic Signatures in SAP using LDAP authentication

In ECC, there are few transactions where electronic signatures can be implemented. One standard application is in LMS, a course can be configured to be prompted for signature after completion. BSP that standard is FDS CHECK in HCM_LEARNING application.

However, the business process requires authentication against an outside authentication source and not via authenticating against R/3 credentials (UserID and Password check) – example Active Directory.

Here is a simple way to get this accomplished.

#1 – Configure the LDAP. This is to have connection against Active Directory. SCN has documents that show you in detail how to complete this configurations.

#2 – Implement BADI SSFT_SYSTEM_SIGNATURE.

#3 – Add code in method CHECK_PASSWORD to achieve the credential check against Active Directory or your LDAP.

Sample Code in the Method.

*** SSF return code

   data: user_name  type usr02–bname,

         lockstate  type uslock,

         username   type bapibname–bapibname,

         crc        type ssfparms–ssfcrc,

         srrc       type ssfinfo–result,

         sysubrc    type sy–subrc,

         r3password type rsyst–bcode.           >>>>>>>>. this is the password of the source

     data: lv_snc_id type string,

           l_ldaprc  type ldapdefs–ldrc,

           l_ldappwd type ldapdefs–pwd,

           l_ldapusr type ldapdefs–usr.

   r3password = if_password.

*  CLEAR if_password.

*     set locale language space.

*     translate r3password to upper case. “password now case sensitive

   if r3password is initial.

     sy–subrc = 5.

   else.

     l_ldappwd = r3password.

       l_ldapusr = lv_snc_id.

       call function ‘LDAP_SIMPLEBIND’

        exporting

          serverid           = ‘CORPDC_LDAP’

          usr                = l_ldapusr

          pwd                = l_ldappwd

*     USR_STRING         = USR_STRING

*     PWD_STRING         = PWD_STRING

*     WAIT_TIME          = 0

        importing

          ldaprc             = l_ldaprc

*   CHANGING

*     HOLDSESS           = 0

        exceptions

          no_authoriz        = 1

          config_error       = 2

          nomore_conns       = 3

          ldap_failure       = 4

          not_alive          = 5

          other_error        = 6

          others             = 7            .

       if sy–subrc = 0 and l_ldaprc = 0

         and not r3password is initial.

       else.

         sy–subrc = 2.

       endif.

     endif.

.

There are many ways you can implement eSignatures within a transaction like in a quality notes or your own custom transactions or in workflow.