Configuring LDAP Connector in Compliant User Provisioning of GRC Access Control
Configuring LDAP Connector in Compliant User Provisioning of GRC Access Control
Applies to:
SAP GRC Access Control, release 5.x
Summary
When implementing compliant user provisioning in GRC Access Control the system is typically linked to a
LDAP repository. This paper outlines the configuration of LDAP connector and provides sample mappings for
Active Directory, SunOne, E-Directory, and Tivoli.
Authors: Alpesh Parmar, Aman Chuttani
Company: SAP
Created on: 21 January 2008
Author Bio
Alpesh Parmar is a principal consultant at Regional Implementation Group (RIG) SAP GRC. He is an expert
in GRC Access Control and was instrumental in many successful Access Control ramp-up implementations.
Prior to joining RIG he was part of the Access Control development team.
Aman Chuttani works as a consultant in SAP’s GRC RIG. He has gained extensive experience supporting
SAP's customers in the implementation of SAP GRC Access Control.
Table of Contents
Configuring LDAP System for Compliant User Provisioning in GRC Access Control........................................3
Configuring LDAP Connector..........................................................................................................................3
Sample Connector Configuration for Different LDAP Types...........................................................................4
Active Directory:...........................................................................................................................................................4
SunOne:.......................................................................................................................................................................4
Novell’s E-Directory: ....................................................................................................................................................5
IBM Tivoli: ....................................................................................................................................................................5
Mapping LDAP Fields .....................................................................................................................................6
Sample LDAP Mapping Screenshots for Different Directory Types ...............................................................7
LDAP Mapping for Microsoft Active Directory ..............................................................................................................7
LDAP MAPPING for SUNONE.....................................................................................................................................8
LDAP Mapping for Novell’s E-Directory .......................................................................................................................9
LDAP Mapping for IBM Tivoli .....................................................................................................................................10
Copyright...........................................................................................................................................................11
Configuring LDAP System for Compliant User Provisioning in GRC Access Control
Connectors facilitate the transfer of data between Compliant User Provisioning (formerly Virsa Access
Enforcer) and LDAP systems. Compliant User Provisioning (formerly Virsa Access Enforcer) supports
different LDAP types. They include:
• Microsoft Active Directory
• SunOne
• Novell E-Directory
• IBM Tivoli
There are two important tasks which are required in order to have a successful communication between the
Compliant User Provisioning (formerly Virsa Access Enforcer) and the LDAP systems. These include:
• Configuring an LDAP connector
• Mapping the LDAP fields to Compliant User Provisioning fields
Active Directory:
SunOne:
Novell’s E-Directory:
IBM Tivoli:
Copyright
© Copyright 2008 SAP AG. All rights reserved.
No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG.
The information contained herein may be changed without prior notice.
Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors.
Microsoft, Windows, Outlook, and PowerPoint are registered trademarks of Microsoft Corporation.
IBM, DB2, DB2 Universal Database, OS/2, Parallel Sysplex, MVS/ESA, AIX, S/390, AS/400, OS/390, OS/400, iSeries, pSeries, xSeries,
zSeries, z/OS, AFP, Intelligent Miner, WebSphere, Netfinity, Tivoli, Informix, i5/OS, POWER, POWER5, OpenPower and PowerPC are
trademarks or registered trademarks of IBM Corporation.
Adobe, the Adobe logo, Acrobat, PostScript, and Reader are either trademarks or registered trademarks of Adobe Systems
Incorporated in the United States and/or other countries.
Oracle is a registered trademark of Oracle Corporation.
UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group.
Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, and MultiWin are trademarks or registered trademarks of
Citrix Systems, Inc.
HTML, XML, XHTML and W3C are trademarks or registered trademarks of W3C®, World Wide Web Consortium, Massachusetts
Institute of Technology.
Java is a registered trademark of Sun Microsystems, Inc.
JavaScript is a registered trademark of Sun Microsystems, Inc., used under license for technology invented and implemented by
Netscape.
MaxDB is a trademark of MySQL AB, Sweden.
SAP, R/3, mySAP, mySAP.com, xApps, xApp, SAP NetWeaver, and other SAP products and services mentioned herein as well as their
respective logos are trademarks or registered trademarks of SAP AG in Germany and in several other countries all over the world. All
other product and service names mentioned are the trademarks of their respective companies. Data contained in this document serves
informational purposes only. National product specifications may vary.
These materials are subject to change without notice. These materials are provided by SAP AG and its affiliated companies ("SAP
Group") for informational purposes only, without representation or warranty of any kind, and SAP Group shall not be liable for errors or
omissions with respect to the materials. The only warranties for SAP Group products and services are those that are set forth in the
express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an
additional warranty.
These materials are provided “as is” without a warranty of any kind, either express or implied, including but not limited to, the implied
warranties of merchantability, fitness for a particular purpose, or non-infringement.
SAP shall not be liable for damages of any kind including without limitation direct, special, indirect, or consequential damages that may
result from the use of these materials.
SAP does not warrant the accuracy or completeness of the information, text, graphics, links or other items contained within these
materials. SAP has no control over the information that you may access through the use of hot links contained in these materials and
does not endorse your use of third party web pages nor provide any warranty whatsoever relating to third party web pages.
Any software coding and/or code lines/strings (“Code”) included in this documentation are only examples and are not intended to be
used in a productive system environment. The Code is only intended better explain and visualize the syntax and phrasing rules of
certain coding. SAP does not warrant the correctness and completeness of the Code given herein, and SAP shall not be liable for errors
or damages caused by the usage of the Code, except if such damages were caused by SAP intentionally or grossly negligent.