The main goal of this report is to provide the GRC Access Control administrator with diagnostic of LDAP
connection and configuration. The report collects LDAP configuration data and compares to expected value
for a correct behavior. This comparison result into a detailed log to assist GRC administrators with a root cause analysis.
- How to Install LADT:
In transaction se38 create a new Z report named ZLADT_LOG type include. - Copy the file log.txt source code into the report, save and activate.
- In transaction se38 create a new z report named ZLADT type executable program.
- Copy the file main.txt source code into the report, save and activate.
How to operate LADT:
- In transaction se38 choose report ZLADT and execute.
- In the field Ldap Connector, insert the LDAP connector that want to test and run the report.
The result log shows 3 types of messages:
1) A success message will show status “OK” and it means that the step is
correctly configured.
2) A warning message will show status “Attention” and it means that one or
more optional steps are not configured correctly. This message shows a return
code, which can be interpreted in the next section of this note to implement the
optional steps.
3) An error message will show status “Error” and it means that one or more
mandatory steps are not configured correctly. This message shows a return code,
which must be interpreted in the next section of this note to implement the
optional steps.
Please refer to the following procedures to correct the error.
CODE 00000 - Check your LDAP configuration according the error message.
CODE 00001 - Set program id equal to RFC ID in SM59 as below:
Code 00002 - Maintain a server for the LDAP Transaction:
CODE 00003 - Assign the LDAP Connector to a connector group:
CODE 00004 - Assign integration scenario AUTH in SPRO for LDAP connector:
CODE 00005 - Assign integration scenario PROV in SPRO for LDAP connector:
CODE 00006 - Assign integration scenario AUTH in SPRO for LDAP connection type:
CODE 00007 - Set application type 12 to LDAP connector:
CODE 00009 - Change the application type of LDAP connector to 12:
CODE 00010 - Set application type 12 to LDAP connector group:
CODE 00011 - Active LDAP connector group:
CODE 00012 - Change the application type of LDAP connector group to 12:
CODE 00014 - Check the ldap field mapping for action 0003, make sure that all fields are set for LDAP connector and SAP:
CODE 00016 - Check the ldap field mapping for action 0004, make sure that all fields are set for LDAP connector and SAP:
CODE 00015 - Maintain field mapping for LDAP connector action 0003
CODE 00017 - Maintain field mapping for LDAP connector action 0004
CODE 00018 - Maintain connector type as LDAP
CODE 00019 - Maintain attributes for LDAP connector
(*This image is only illustrative, please check with your basis team your user path)
CODE 00020 - Maintain LDAP connector as a user search data source (not mandatory).
CODE 00021 - Maintain LDAP connector as a user detail data source (not mandatory).
CODE 00022 - Maintain LDAP connector as user authentication (not mandatory).
CODE 00023 - Maintain LDAP connector as end-user authentication (not mandatory).
Your feedback is welcome! Feel free to share your impressions of the program in the comments box.