Additional Blogs by SAP
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

LDAP Advanced Diagnostic Tool (LADT)

former_member73766
Advisor
Advisor
‎11-24-2015 6:17 PM

The main goal of this report is to provide the GRC Access Control administrator with diagnostic of LDAP
connection and configuration. The report collects LDAP configuration data and compares to expected value
for a correct behavior. This comparison result into a detailed log to assist GRC administrators with a root cause analysis.

*This is only a diagnostic tool, the LDAP on GRC can still present other issues even if all the items are checked*

  1. How to Install LADT:
    In transaction se38 create a new Z report named ZLADT_LOG type include.
  2. Copy the file log.txt source code into the report, save and activate.
  3. In transaction se38 create a new z report named ZLADT type executable program.
  4. Copy the file main.txt source code into the report, save and activate.

How to operate LADT:

  1. In transaction se38 choose report ZLADT and execute.
  2. In the field Ldap Connector, insert the LDAP connector that want to test and run the report.

The result log shows 3 types of messages:

1)    A success message will show status “OK” and it means that the step is
correctly configured.

2)    A warning message will show status “Attention” and it means that one or
more optional steps are not configured correctly. This message shows a return
code, which can be interpreted in the next section of this note to implement the
optional steps.

3)    An error message will show status “Error” and it means that one or more
mandatory steps are not configured correctly. This message shows a return code,
which must be interpreted in the next section of this note to implement the
optional steps.

Please refer to the following procedures to correct the error.

CODE 00000 - Check your LDAP configuration according the error message.

CODE 00001 - Set program id equal to RFC ID in SM59 as below:



Code 00002 - Maintain a server for the LDAP Transaction:



CODE 00003 - Assign the LDAP Connector to a connector group:



CODE 00004 - Assign integration scenario AUTH in SPRO for LDAP connector:



CODE 00005 - Assign integration scenario PROV in SPRO for LDAP connector:



CODE 00006 - Assign integration scenario AUTH in SPRO for LDAP connection type:


CODE 00007 - Set application type 12 to LDAP connector:

CODE 00009 - Change the application type of LDAP connector to 12:




CODE 00010 - Set application type 12 to LDAP connector group:

CODE 00011 - Active LDAP connector group:

CODE 00012 - Change the application type of LDAP connector group to 12:


CODE 00014 - Check the ldap field mapping for action 0003, make sure that all fields are set for LDAP connector and SAP:

CODE 00016 - Check the ldap field mapping for action 0004, make sure that all fields are set for LDAP connector and SAP:

CODE 00015 - Maintain field mapping for LDAP connector action 0003

CODE 00017 - Maintain field mapping for LDAP connector action 0004



CODE 00018 - Maintain connector type as LDAP


CODE 00019 - Maintain attributes for LDAP connector

(*This image is only illustrative, please check with your basis team your user path)

CODE 00020 - Maintain LDAP connector as a user search data source (not mandatory).



CODE 00021 - Maintain LDAP connector as a user detail data source (not mandatory).


CODE 00022 - Maintain LDAP connector as user authentication (not mandatory).


CODE  00023 - Maintain LDAP connector as end-user authentication (not mandatory).

Your feedback is welcome! Feel free to share your impressions of the program in the comments box.

5 Comments
Popular Blog Posts