Prerequisites for Using an LDAP Bind to a Directory Server (SAP Library

Prerequisites for Using an LDAP Bind to a Directory Server

When using an LDAP bind to a directory server as the external authentication mechanism with PAS, your system must meet the following requirements:

If the user’s ID for the SAP system is stored in the directory and passed directly to the PAS, then the ticket-issuing application server must be at least Release 4.6D, patch level 317. If you maintain the user’s ID for the directory in the user external ID mapping table USREXTID, the ticket-issuing application server must be at least Release 6.10.

The ticket-issuing system’s ITS must be at least Release 6.10 C1, patch level 14.

The AGate must have access to the LDAP client library to perform the LDAP bind. For Windows NT/2000/XP systems the PAS uses the LDAP library wldap32.dll. On LINUX systems you must have installed the openldap2-client package.

SNC is required for the connection between the AGate and the ticket-issuing application server.

Recommendation

We also recommend using SNC for the connections to systems that accept logon tickets.

The user must have a user ID for the directory that he or she can use to connect to the directory using an LDAP bind.
You must provide a login screen so that the user can enter his or her user information for the directory.

Example

For a sample template file, see the PAS installation package.