As of the QRC 01/2021 release of SAP HANA Cloud, SAP HANA database, you can leverage LDAP authentication and authorization for your SAP HANA database users.
You already knew that the Lightweight Directory Access Protocol (LDAP) is an open standard protocol that facilitates authorization between client applications and the data resources they connect to (for example, an SAP HANA Cloud database).
Integrate LDAP authentication and authorization when you want to strengthen and simplify user administration, especially in a large-scale SAP HANA system.
There is nothing to enable for this feature, you just need to be running QRC 01/2021 of SAP HANA Cloud, SAP HANA database, and have an LDAP-compliant directory server that manages users and their access to network resources.
If both of these conditions are true, then you can begin implementing LDAP user authentication to access the SAP HANA database and LDAP group membership to authorize your SAP HANA database users.
Visit the following three topics to do this:
An LDAP ADMIN privilege (GRANT statement) allows you to create LDAP providers and administer their settings using the { CREATE | ALTER | VALIDATE } LDAP PROVIDER statements.
Other SQL statements you might expect to use to configure users for LDAP authentication include:
After you've configured LDAP, you can peruse the LDAP-related configuration information by querying these system views:
~ Happy simplified user administration!
When and why would I use this feature?
You already knew that the Lightweight Directory Access Protocol (LDAP) is an open standard protocol that facilitates authorization between client applications and the data resources they connect to (for example, an SAP HANA Cloud database).
Integrate LDAP authentication and authorization when you want to strengthen and simplify user administration, especially in a large-scale SAP HANA system.
How do I enable the LDAP feature?
There is nothing to enable for this feature, you just need to be running QRC 01/2021 of SAP HANA Cloud, SAP HANA database, and have an LDAP-compliant directory server that manages users and their access to network resources.
If both of these conditions are true, then you can begin implementing LDAP user authentication to access the SAP HANA database and LDAP group membership to authorize your SAP HANA database users.
Visit the following three topics to do this:
- LDAP User Authentication
- LDAP Group Authorization
- Secure Communication Between SAP HANA and an LDAP Directory Server
What SQL and catalog objects support this feature?
An LDAP ADMIN privilege (GRANT statement) allows you to create LDAP providers and administer their settings using the { CREATE | ALTER | VALIDATE } LDAP PROVIDER statements.
Other SQL statements you might expect to use to configure users for LDAP authentication include:
- SET PSE statement - Sets the purpose of a Personal Security Environment (PSE) to LDAP.
- CREATE USER / ALTER USER - Sets the LDAP group authorization for a user.
- CREATE ROLE / ALTER ROLE - Maps a local role to the Distinguished Name (DN) of one or more LDAP groups.
After you've configured LDAP, you can peruse the LDAP-related configuration information by querying these system views:
- LDAP_PROVIDERS System View
- LDAP_PROVIDER_URLS System View
- LDAP_USERS System View
- ROLE_LDAP_GROUPS System View
What other types of learning are available for this feature?
- Blog: LDAP-based Authentication and User Provisioning for SAP HANA – by the SAP HANA Academy
- Video: Create an LDAP Provider
- Video: LDAP Group Authorizations
- Video: LDAP User Authentication Automatic User Provisioning
~ Happy simplified user administration!
- SAP Managed Tags:
3 Comments
