Show TOC

Configuring the LDAP ConnectorLocate this document in the navigation structure

Prerequisites

The administrator that starts the LDAP Connector requires authorization S_RZL_ADM with value 01.

Procedure


  1. Create an RFC destination of connection type T in transaction SM59.

    Recommendation

    We recommend that you use the following naming convention: LDAP_<server_name>. If you want to start multiple LDAP Connectors on one server, extend the name as follows: -<sequence_number>, that is LDAP_MYSERVERNAME-01

    Caution

    You must specify the name of the RFC destination in capital letters.

  2. Select Registered server program as activation type.

  3. Use the name of the RFC destination as the program ID.

  4. Under Gateway Options, enter the gateway with which the LDAP Connector is to register.

    Recommendation

    We recommend that you use the gateway of the application server on which the LDAP Connector is to be started, where the Gateway Host = <application_server> and the Gateway Service = sapgw<system_number> .

  5. Save your entries.

  6. In the initial screen of the directory service maintenance (transaction LDAP), choose Start of the navigation path LDAP Administration Next navigation step Connector Next navigation step Connector End of the navigation path pushbutton.

    The system displays the Display LDAP Connector (Maintenance View) View: Overview screen.

  7. Switch to change mode and choose New Entries .

    The system displays the New Entries: Details of Added Entries screen.

  8. Enter the following data for the LDAP Connector:

    Data for the LDAP Connector

    Field

    Meaning

    Connector Name

    Name of the RFC destination defined for the LDAP Connector.

    Application Server

    Name of the application server on which the LDAP Connector is to be started.

    Caution

    Enter the name in the format (for example, using entry help) that the server has in the rdisp/myname profile parameter (Note that this is case-sensitive). You can find this name in transaction SM51.

    Status

    Target status of the CCMS monitoring, for example:

    • Connector active

      Only in this status can the connector be automatically selected by applications that cannot explicitly select an LDAP Connector, such as SAPoffice and the user master records synchronization.

    • Connector inactive

    • No CCCMS monitoring

    Trace Level

    Possible Trace Levels:

    • Trace deactivated

      The program start and all error messages are nevertheless always logged.

    • Display function calls

    • Function calls + flat parameters

    • Maximum

    Maximum Retention Period

    You can specify the maximum idle time for an LDAP connection in minutes with this parameter. The connection is terminated after this time expires.

    If you do not make an entry (value 0), the LDAP Connector default (60 minutes) applies.

    Code page

    Enter the code page that is to apply fort he LDAP Connector here. This should be the code page of the application server that is communicating with the LDAP Connector:

    • If you are only using one code page in your application servers, enter this code page.

    • If you have application servers with different code pages (such as English and Japanese), set up an LDAP Connector on each application server, and specify the valid code page in each case.

    • If you do not make an entry (value 0), the LDAP Connector default code page 1100 (non-Unicode) is used.

    • If your system uses UNICODE, do not enter anything.

    Page Size

    If you set this parameter to a value other than zero, the search in the directory uses the "LDAP Control Extension for Simple Paged Results" (RFC 2696, OID 1.2.840.113556.1.4.319). This allows you to avoid restrictions that exist in some directory servers with regard to the maximum set of hits for search results.

    This option is supported as of LDAP Connector Version 2.8.6 for all platforms (for exceptions, refer to SAP Note 1000644).

    If the directory does not support this function, setting this parameter has no effect.

    If you use the page-based search, you need to use the protocol version "LDAP v3" in the Customizing of the LDAP server.

  9. Save your entries.

  10. To start the Connector, choose Start Connector .

Results

The LDAP Connector is available and can be selected in the Connector field in the Directory Service Maintenance screen.

Additional Configuration Options

You can create additional command line parameters for the LDAP Connector using a configuration file, such as

  • -m <number of connections>

    With this parameter, you can specify the maximum number of connections that the LDAP Connector can create.

Name and Storage Location of the Configuration File

When starting, the LDAP Connector checks whether the file "ldap_rfc.cfg" is in its working directory.

You can specify another file name (and if necessary, also another storage location) with the command line parameter "-cfg <filename>". If you have specified the configuration file explicitly in this way and cannot find the LDAP Connector, the LDAP Connector is terminated with an error message.

Format of the Configuration File

The configuration file contains the parameter names (without the initial hyphen) and optionally an initial value specified with an equal sign (=).

The LDAP Connector ignores empty lines and lines beginning with a number sign (#).

If the value contains spaces (for example, in the case of path specifications), enclose the entire value in double quotation marks (").

End the last line of the configuration file with a line feed.

Configuration Example

The following example shows a configuration file that sets the option "-o" to the value 10 and configures the RFC option "-L" (path to the SNC library) with the specification of a filename:

          
# File: ldap_rfc.cfg # Configuration file for the LDAP Connector (ldap_rfc[.exe])
          
# Connection outdate time (equivalent to command line option "-o") o = 10
          
# Path to SNC library (option "-L") L = "C:\Program Files\mysnclibrary.dll"
            

Verification

To check the activation of the LDAP Connector, view the logs in the trace files dev_<Name of the RFC destination>.trc using transaction ST11.