Synchronization of SAP User Administration with an LDAP-Compatible Directory Service

Increasing numbers of customers are using LDAP-compatible directories to administer objects (such as users) centrally. This means that data (in part, redundantly stored) from different data administrations in one system landscape can be kept consistent. The synchronization function of the SAP system has the advantage that the LDAP-compatible directory schema is not prescribed by the SAP system. The synchronization process is, in fact, adjusted to the corresponding vendor-dependent directory schema using Customizing settings.

If several systems are synchronized with the directory service, a data flow from and to external systems is also possible. Predefined SAP data fields can therefore be filled with data from other systems (for example, an employee’s personnel number can be copied from the HR system).

Every SAP system synchronizes its own database with the directory service in accordance with the Customizing settings. The communication is performed using the standard protocol LDAP. Other systems can also profit from the directory and synchronize their data with it or access it as a primary data source.

Example Scenario of a System Landscape



An HR system has created a user name for a new employee in its own database. It exports this name to the directory.

The SAP Portal retrieves the user names from the directory and synchronizes it with its database. The SAP Portal then assigns the users one or more roles.