Question:
Sorry Snowy..
I have been charged (big surprise) with implementing SSO for our SAP Boxes here. We currently already have it setup for our 6.2 Portal, which uses an LDAP logon for authentication.
I plan on using LDAP as more of our "CUA but not CUA".. lol In a nutshell, I want to use our LDAP for our SNC connection through the SAPGUI, and also to do roles and user assignments in SAP.
Is this a commonplace approach, and do-able? I'm starting a proof of concept, and don't want to start getting a project plan in-line if we aren't headed in the right direction. Our resident basis expert seems to think we are going the right route.
Any thoughts?
_________________
"SOX.. hmm .. Aren't they the baseball teams in Boston and Chicago?"
Kind Regards,
IamEvilHomer
(Wayne)
Answer:
THe "overview" of LDAP "authentification " ( unless the product has matured substantially) is to authenticate the user and give the "access" to the application, in effect the launch pad. Id does not replace CUA as you may expect but to ensure you are "authorized" to use the application , your ID is still SAP r/3 controlled by SAP r/3 run in SAP r/3 and setup in SAP r/3. That is not to say you cannot or there has not been provided RFC or BAPI calls from the LDAP to SAP to Add access or add Ids, it is generally setup for the LDAP to read or be fed the info. With Single signon and the LDAP, the authrntication and validation occurs at the LDAP level and your access "key" is sent to SAP where you physically logon, though you never see it.
So the LDAP to replace CUA, kind of but not really unless the product you have has the BAPI or RFC connections to feed to SAP to replace CUA.