Synchronizing the ABAP User Store and the LDAP Directory 
Procedure
Schedule the report to ensure periodic synchronization as described in Scheduling Background Jobs in the SAP NetWeaver documentation.
NoteIf not requested otherwise by the customer, we recommend that you run the synchronization report once a day to keep the users up-to-date.
End of the note.Assign the imported users to the SAP NetWeaver Enterprise Search roles:
Assign the users who you want allow to use the Enterprise Search search function to the composite role SAP_ESH_SEARCH.
Assign the users you want to grant administrator access to SAP NetWeaver Enterprise Search to the composite roles SAP_ESH_SEARCH and SAP_ESH_ADMIN.
Proceed as described in the Assigning Users section (SAP NetWeaver documentation).
NoteYou can ignore the warning that you are changing the SAP role, as the user assignment is retained even if the role is updated later.
End of the note.
CautionIf you import users that are already contained in the ABAP user store from an earlier synchronization, these users lose their role assignment.
Therefore we strongly recommend using role assignments to groups as described above because the role to group assignment is retained.
End of the caution.Run transaction PFUD for generating the profiles for the assigned roles.
Setting Synchronization Indicators
In transaction LDAP, choose LDAP Servers.
The system displays the Display View "Server Names": Overview screen.
Switch to change mode.
Select the directory server for which you want to set the synchronization indicators.
Choose the Synchronization option from the Dialog Structure tree by double-clicking it. The system displays the Mapping Overview screen (transaction LDAPMAP). The name of the selected logical directory server automatically appears in the Server Name field.
Set the Import indicator to define, from the point of view of the ABAP system, that the objects are imported during synchronization.
Choose Back and Save.
Starting the Synchronization
You synchronize the data using the RSLDAPSYNC_USER report.
Execute the RSLDAPSYNC_USER report with a background job for delta synchronization (for example, using transaction SA38).
CautionThe users SAP*, DDIC and EARLYWATCH are excluded from the synchronization, so you do not need to exclude them explicitly. On the other hand, other communication users, such as those for RFC connections, are treated like normal users.
End of the caution.Specify the logical LDAP server.
Choose the LDAP Connector you have configured for Enterprise Search.
Define how the synchronization report should process the entries of the objects that are found during the search. Run the synchronization, using the following parameters:
User section: Do not enter any values unless you want to restrict the imported users.
Objects that Exist Both in the Directory and in the Database: Select Compare Time Stamp.
Objects that Only Exist in the Directory: Select Create in Database.
Objects that Only Exist in the Database: Select Ignore Objects.
Save your entries.
Choose Execute.