Skip to Content
Product Information
Author's profile photo Laura Nevin

Spotlight: LDAP Support in SAP HANA Cloud

As of the QRC 01/2021 release of SAP HANA Cloud, SAP HANA database, you can leverage LDAP authentication and authorization for your SAP HANA database users.

When and why would I use this feature?

You already knew that the Lightweight Directory Access Protocol (LDAP) is an open standard protocol that facilitates authorization between client applications and the data resources they connect to (for example, an SAP HANA Cloud database).

Integrate LDAP authentication and authorization when you want to strengthen and simplify user administration, especially in a large-scale SAP HANA system.

 

 

How do I enable the LDAP feature?

There is nothing to enable for this feature, you just need to be running QRC 01/2021 of SAP HANA Cloud, SAP HANA database, and have an LDAP-compliant directory server that manages users and their access to network resources.

If both of these conditions are true, then you can begin implementing LDAP user authentication to access the SAP HANA database and LDAP group membership to authorize your SAP HANA database users.

Visit the following three topics to do this:

What SQL and catalog objects support this feature?

An LDAP ADMIN privilege (GRANT statement) allows you to create LDAP providers and administer their settings using the { CREATE | ALTER | VALIDATE } LDAP PROVIDER statements.

Other SQL statements you might expect to use to configure users for LDAP authentication include:

After you’ve configured LDAP, you can peruse the LDAP-related configuration information by querying these system views:

What other types of learning are available for this feature?

 

~ Happy simplified user administration!

Assigned tags

      3 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Diego Yaryura
      Diego Yaryura

      Hello Laura

       

      Is this configuration only available using a public LDAP server or a configuration using SAP Cloud Connector is also possible to integrate with an on-prem LDAP?

      In such scenario, how the LDAP URL has to be set in the CREATE/ALTER LDAP provider statement? I don't see any details on how to specify that the URL has to point to the SAP Cloud Connector.

       

      Thanks

      Diego

      Author's profile photo Laura Nevin
      Laura Nevin
      Blog Post Author

      Hi Diego, those are great question(s), and unfortunately I am not positive of the answer to the scenario question. I suggest you also post it here, Ask a Question, since this is an area that is monitored by folks who can reply (and more rapidly), and provide syntax guidance if required.

      Author's profile photo Martin Kittel
      Martin Kittel

      Hi Diego,

      currently an LDAP server must be directly reachable from HANA. An integration via SAP Cloud Connector is not possible at this time.

      Best wishes,

      Martin.