Technology Blogs by SAP
Learn how to extend and personalize SAP applications. Follow the SAP technology blog for insights into SAP BTP, ABAP, SAP Analytics Cloud, SAP HANA, and more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

LDAP-based Authentication and User Provisioning for SAP HANA - by the SAP HANA Academy

dvankempen
Product and Topic Expert
Product and Topic Expert
‎11-23-2018 10:11 AM

Introduction


SAP HANA 2.0 SPS 03 introduced LDAP-based user provisioning, that is, the capability to automatically create database accounts for LDAP users and map their LDAP roles. This significantly reduces both complexity and cost for maintaining users and authorizations in larger system landscapes.

To explain how you can set this up, we have created a playlist on our SAP HANA Academy YouTube channel with sample code on the associated GitHub repository with links to the documentation.



 

YouTube Playlist


All the video tutorials on the client-side data encryption topic are bundled in a single playlist on our channel:

 


What's New?


In the first video, what's new on the security topic for SAP HANA 2.0 SPS 03 concerning LDAP is discussed.

Tutorial Video


https://youtu.be/9OGphP_1npY?list=PLkzo92owKnVy851u716gxj4jRiSi7gZkY

Create LDAP Provider


To configure a connection to an LDAP server in SAP HANA, you need to create an LDAP provider in the (tenant) database with the CREATE LDAP PROVIDER or ALTER LDAP PROVIDER statements.

Access to the LDAP server takes place using an LDAP server user with permission to perform searches as specified by the user look-up URL. The credential of this user is stored in the secure internal credential store.

Communication between SAP HANA and the LDAP server can be secured using the TLS/SSL protocol or Secure LDAP protocol (LDAPS).

For the code, see

For the documentation, see

Tutorial Video


https://www.youtube.com/watch?v=e4beKQRhPQg

LDAP Group Authorizations


You can use LDAP group membership to authorize existing SAP HANA database users. To implement LDAP group authorization, you need to

  • Map LDAP groups to SAP HANA catalog roles using the CREATE ROLE or ALTER ROLE statements

  • Configure SAP HANA users for LDAP group authorization


For the code, see

For the documentation, see

Tutorial Video


https://www.youtube.com/watch?v=2PiYh63RYM8

LDAP User Authentication - Automatic User Provisioning


LDAP authentication can be implemented for users accessing SAP HANA directly via JDBC/ODBC database clients. Using LDAP user passwords for authentication eliminates the need to manage user passwords and password policies in the SAP HANA database.

For the code, see

For the documentation, see

Tutorial Video


https://www.youtube.com/watch?v=IpIvOV1HKzs

Thank you for watching


The SAP HANA Academy provides free online video tutorials for the developers, consultants, partners and customers of SAP HANA.

Topics range from practical how-to instructions on administration, data loading and modeling, and integration with other SAP solutions, to more conceptual projects to help build out new solutions using mobile applications or predictive analysis.

For the full library, see SAP HANA Academy Library - by the SAP HANA Academy.

For the full list of blogs, see Blog Posts - by the SAP HANA Academy.
Labels:
13 Comments
Labels in this area
Popular Blog Posts