Registration

Dear SAP Community Member,
In order to fully benefit from what the SAP Community has to offer, please register at:
http://scn.sap.com
Thank you,
The SAP Community team.
Skip to end of metadata
Go to start of metadata

This tip is relevant for SAP NetWeaver Identity Management 7.0 and to SAP NetWeaver Identity Management 7.1.

The document Identity Management for SAP System Landscapes: Configuration Guide (Rev 1.2, PDF 524 KB) for IdM 7.0  respective Identity Management for SAP System Landscapes: Configuration Guide (Version 7.1, Rev 2, PDF 508KB)  for IdM 7.1 describes how to connect an HCM system to SAP NetWeaver Identity Management for exporting empoyee data. You have to perform several configuration steps. Here is the ABAP code of a wizard which automates the configuration steps 2-5 as described in appendix D respective E of these documents.

Notes:

  • The reports checks the same authorizations which would be checked if you run the steps manually. Therefore, only a user with strong authorizations is able to execute the report.
  • The password of the LDAP system user will be stored into the "Simple Store" instead of the "Secure Store". You may want to change this later on using transaction LDAP.
  • The report does not record the customizing changes on a transport request. Therefore, you have to execute the report in the production system.
  • The report adds the infotype number to all LDAP attributes. In IdM 7.0 You have to adjust the mapping in the Identity Center accordingly.

Texts


#Text symbols
T01 Query
T02 RFC Destination and LDAP Connector
T03 LDAP System User
T04 LDAP Server
#Selection texts
BINDDN Distinguished Name for bind
LDAPBASE Base entry
LDAPHOST Host name of LDAP server
LDAPPORT Port number of LDAP server
OBJCL Object Class
PWD Password for System Logon
PWD2 Repeat Password
QUERY Query
REMOVE Remove only
RFCDEST RFC Destination
SERVERID LDAP server
SRFC Generate RFC Dest & Connector
SSRV Generate LDAP Server
SUSR Generate LDAP System User
UGROUP User Group
UNAME User ID for System Logon
WSPACE Work Area

Report Code

\*&---------------------------------------------------------------------\*
\*& Report ZRSLDAP_VD_WIZARD
\*&
\*&---------------------------------------------------------------------\*
\*& Version 22.11.2007
\*& Frank Buchholz
\*&---------------------------------------------------------------------\*

REPORT ZRSLDAP_VD_WIZARD.
selection-screen begin of block query WITH FRAME TITLE text-t01.
parameters: WSPACE type LDA_TYPES-WORKSPACE default 'X' obligatory,
            UGROUP type LDA_TYPES-USERGROUP default '/SAPQUERY/L1' obligatory,
            QUERY  type LDA_TYPES-QUERYNAME default 'LDAP_VD' obligatory.
selection-screen end of block query.
selection-screen begin of block connect WITH FRAME TITLE text-t02.
parameters: srfc as checkbox default 'X',
            RFCDEST type RFCDES-RFCDEST   default 'LDAP_VD' obligatory.
selection-screen end of block connect.
selection-screen begin of block user WITH FRAME TITLE text-t03.
parameters: susr as checkbox default 'X',
            UNAME  type LDAPUSER-Uname    default 'LDAP_VD_IDM' obligatory,
            BINDDN type LDAPUSER-BINDDN   default 'HR_USER' obligatory.
selection-screen begin of block pwd.
parameters: pwd    type ldapuser-pwdsec   default 'welcome',
            pwd2   type ldapuser-pwdsec   default 'welcome'.
selection-screen end of block pwd.
selection-screen end of block user.
selection-screen begin of block server WITH FRAME TITLE text-t04.
parameters: ssrv as checkbox default 'X',
            SERVERID type LDAPSERVER-SERVERID default 'LDAP_VD_IDM' obligatory,
            LDAPhost type LDAPSERVER-HOST default 'nwdemoidm.wdf.sap.corp' obligatory,
            LDAPport type LDAPSERVER-PORT default '1389' obligatory,
            LDAPBASE type LDAPSERVER-BASE default 'o=hcm' obligatory,
            OBJCL    type LDAPMAP5-OBJCL  default 'sapIdentity' obligatory.
selection-screen end of block server.
parameters: remove as checkbox.
data: lt_dbop          type table of AQDBOP.
*----------------------------------------------------------------------*
* AT SELECTION-SCREEN
*----------------------------------------------------------------------*
AT SELECTION-SCREEN OUTPUT.
  LOOP AT SCREEN.
    IF screen-name(3) = 'PWD'.
      screen-invisible = '1'.
      MODIFY SCREEN.
    ENDIF.
  ENDLOOP.
at selection-screen on block pwd.
  if remove is initial.
    if susr = 'X'.
      if pwd is initial.
        message e153(00). "Enter a new password
      endif.
    endif.
    if pwd ne pwd2.
      message e293(00). "Both passwords must be identical
    endif.
  endif.
*----------------------------------------------------------------------*
* start-of-selection
*----------------------------------------------------------------------*
start-of-selection.
* Authorization checks
* 1. Transaction LDAP
  if ssrv = 'X'.
    CALL FUNCTION 'AUTHORITY_CHECK_TCODE'
      EXPORTING
        TCODE  = 'LDAP'
      EXCEPTIONS
        OK     = 0
        NOT_OK = 2
        OTHERS = 3.
    IF SY-SUBRC <> 0.
      MESSAGE ID SY-MSGID TYPE SY-MSGTY NUMBER SY-MSGNO
              WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4.
    ENDIF.
  endif.
* 2. Maintain LDAP settings
  if ssrv = 'X'.
    CALL FUNCTION 'VIEW_AUTHORITY_CHECK'
      EXPORTING
        VIEW_ACTION                          = 'U' "Update
        VIEW_NAME                            = 'LDAPSERVER'
        NO_WARNING_FOR_CLIENTINDEP           = 'N'
*   CHANGING
*     ORG_CRIT_INST                        =
     EXCEPTIONS
       INVALID_ACTION                       = 1
       NO_AUTHORITY                         = 2
       NO_CLIENTINDEPENDENT_AUTHORITY       = 3
       TABLE_NOT_FOUND                      = 4
       NO_LINEDEPENDENT_AUTHORITY           = 5
       OTHERS                               = 6
              .
    IF SY-SUBRC <> 0.
*   No data maintenance authorization; display only
      message e051(sv).
    ENDIF.
  endif.
* 3. Create RFC destination
  if srfc = 'X'.
    CALL FUNCTION 'AUTHORITY_CHECK_TCODE'
      EXPORTING
        TCODE  = 'SM59'
      EXCEPTIONS
        OK     = 0
        NOT_OK = 2
        OTHERS = 3.
    IF SY-SUBRC <> 0.
      MESSAGE ID SY-MSGID TYPE SY-MSGTY NUMBER SY-MSGNO
              WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4.
    ENDIF.
  endif.
* 4. Start LDAP connector
  AUTHORITY-CHECK OBJECT 'S_RZL_ADM'
           ID 'ACTVT' FIELD '01'.
  if sy-subrc ne 0.
*   No authorization to start the LDAP Connector (S_RZL_ADM, 01)
    message e063(LDAP).
  endif.
* End of authorization checks
  format reset.
  if remove is initial.
    perform set_user_parameter.    "Parameters: wspace ugroup query
    if ssrv = 'X'.
      perform activate_query.        "Parameters: wspace ugroup query
      perform read_query.            "Parameters: wspace ugroup query -> lt_dbop
      perform create_hr_mapping.     "Parameters: wspace ugroup query lt_dbop
    endif.
    if srfc = 'X'.
      perform create_rfc_destination."Parameters: rfcdest
      perform create_ldap_connector. "Parameters: rfcdest
    endif.
    if susr = 'X'.
      perform create_system_user.    "Parameters: uname binddn pwd
    endif.
    if ssrv = 'X'.
      perform create_ldap_server.    "Parameters: serverid ldaphost ldapport ldapbase
    endif.                           "            objcl uname lt_dbop
  else.
    perform remove_settings.
  endif.
*----------------------------------------------------------------------*
* Remove settings
*----------------------------------------------------------------------*
form remove_settings.
* Remove HR LDAP Mapping
  if ssrv = 'X'.
    write: / 'Remove HR LDAP Mapping'.
    DELETE FROM LDA_QUERY_MAP
          WHERE WORKSPACE = WSPACE
            AND USERGROUP = UGROUP
            AND QUERYNAME = QUERY.
    write: / sy-dbcnt, 'entries dereled from table LDA_QUERY_MAP'.
  endif.
* Remove RFC Destination and LDAP Connector
  if srfc = 'X'.
    write: / 'Remove RFC Destination and LDAP Connector'.
    delete from RFCDES where RFCDEST = RFCDEST.
    write: / sy-dbcnt, 'entries dereled from table RFCDES'.
    delete from LDAPGATEW where RFCDEST = RFCDEST.
    write: / sy-dbcnt, 'entries dereled from table LDAPGATEW'.
  endif.
* Remove System user
  if susr = 'X'.
    write: / 'Remove System user'.
    delete from LDAPUSER where uname = uname.
    write: / sy-dbcnt, 'entries dereled from table LDAPUSER'.
  endif.
* Remove LDAP Server
  if ssrv = 'X'.
    write: / 'Remove LDAP Server'.
    delete from LDAPSERVER where SERVERID = SERVERID.
    write: / sy-dbcnt, 'entries dereled from table LDAPSERVER'.
    delete from LDAPMAP1 where SERVERID = SERVERID.
    write: / sy-dbcnt, 'entries dereled from table LDAPMAP1'.
    delete from LDAPMAP2 where SERVERID = SERVERID.
    write: / sy-dbcnt, 'entries dereled from table LDAPMAP2'.
    delete from LDAPMAP3 where SERVERID = SERVERID.
    write: / sy-dbcnt, 'entries dereled from table LDAPMAP3'.
    delete from LDAPMAP4 where SERVERID = SERVERID.
    write: / sy-dbcnt, 'entries dereled from table LDAPMAP4'.
    delete from LDAPMAP5 where SERVERID = SERVERID.
    write: / sy-dbcnt, 'entries dereled from table LDAPMAP5'.
    delete from LDAPMAP6 where SERVERID = SERVERID.
    write: / sy-dbcnt, 'entries dereled from table LDAPMAP6'.
  endif.
endform.                    "remove_settings
*----------------------------------------------------------------------*
* Set User Parameters
*----------------------------------------------------------------------*
form set_user_parameter.
  data: ls_USR05 type USR05.
  ls_USR05-bname = sy-uname.
  ls_USR05-PARID = 'AQW'. ls_USR05-PARVA = wspace.
  modify USR05 from ls_USR05. set parameter id ls_USR05-PARID field ls_USR05-PARVA.
  ls_USR05-PARID = 'AQB'. ls_USR05-PARVA = ugroup.
  modify USR05 from ls_USR05. set parameter id ls_USR05-PARID field ls_USR05-PARVA.
  ls_USR05-PARID = 'AQQ'. ls_USR05-PARVA = query.
  modify USR05 from ls_USR05. set parameter id ls_USR05-PARID field ls_USR05-PARVA.
  write: / 'User parameters AQW, AQB, AQQ updated for user', sy-uname.
endform.                    "set_user_parameter

*----------------------------------------------------------------------*
* Activate query
*----------------------------------------------------------------------*
form activate_query.
* Authorizations
* S_TCODE    TCD=SQ01;
* S_QUERY    ACTVT=23;
  DATA: bdcdata_wa  TYPE bdcdata,
        bdcdata_tab TYPE TABLE OF bdcdata,
        opt         TYPE ctu_params,
        ls_msg      type BDCMSGCOLL,
        lt_msg      type table of BDCMSGCOLL,
        MESSG       type MESSAGE,
        MSGID       like sy-msgid,
        MSGNO       like sy-msgno,
        MSGTYP      like sy-MSGTY.
  CLEAR bdcdata_wa.
  bdcdata_wa-program  = 'SAPMS38R'.
  bdcdata_wa-dynpro   = 50.
  bdcdata_wa-dynbegin = 'X'.
  APPEND bdcdata_wa TO bdcdata_tab.
  CLEAR bdcdata_wa.
  bdcdata_wa-fnam = 'BDC_OKCODE'.
  bdcdata_wa-fval = '=QGEN'.
  APPEND bdcdata_wa TO bdcdata_tab.
  CLEAR bdcdata_wa.
  bdcdata_wa-program  = 'SAPMS38R'.
  bdcdata_wa-dynpro   = 50.
  bdcdata_wa-dynbegin = 'X'.
  APPEND bdcdata_wa TO bdcdata_tab.
  CLEAR bdcdata_wa.
  bdcdata_wa-fnam = 'BDC_OKCODE'.
  bdcdata_wa-fval = '=RETN'.
  APPEND bdcdata_wa TO bdcdata_tab.
  opt-dismode = 'E'. "" A visible, E only errors, N no display
  opt-defsize = 'X'.
  call transaction 'SQ01'
    USING bdcdata_tab
    OPTIONS FROM opt
    MESSAGES INTO lt_msg
    .
  loop at lt_msg into ls_msg.
    msgid  = ls_msg-MSGID.
    msgno  = ls_msg-MSGNR.
    msgtyp = ls_msg-MSGTYP.
    CALL FUNCTION 'WRITE_MESSAGE'
      EXPORTING
        MSGID         = MSGID
        MSGNO         = MSGNO
        MSGTY         = MSGTYP
        MSGV1         = ls_msg-MSGV1
        MSGV2         = ls_msg-MSGV2
        MSGV3         = ls_msg-MSGV3
        MSGV4         = ls_msg-MSGV4
*       MSGV5         = ' '
      IMPORTING
*       ERROR         =
        MESSG         = messg
*       MSGLN         =
              .
    write / messg.
  endloop.
  write: / 'Query generated', wspace, ugroup, query.
endform.                    "activate_query

*----------------------------------------------------------------------*
* read query
*----------------------------------------------------------------------*
form read_query.
  data: ls_dbop          type AQDBOP.
  call function 'RSAQ_IMPORT_QUERY'
       exporting  i_wspace      = wspace
                  i_usergroup   = UGROUP
                  i_query       = query
*      importing  o_headqu      = headqu          "TYPE  AQHDQU
*                 o_maxqu_tindx = maxqu_tindx     "TYPE  AQADEF-TINDX
       tables
*               o_clogqu      = lt_clogqu       "TYPE TABLE OF AQCLQU
                  o_dbop        = lt_dbop         "TYPE TABLE OF AQDBOP
*               o_dbsn        = lt_dbsn         "TYPE TABLE OF AQDBSN
*               o_dbfr        = lt_dbfr         "TYPE TABLE OF AQDBFR
*               o_dblf        = lt_dblf         "TYPE TABLE OF AQDBLF
*               o_dblc        = lt_dblc         "TYPE TABLE OF AQDBLC
*               o_dbld        = lt_dbld         "TYPE TABLE OF AQDBLD
*               o_dbse        = lt_dbse         "TYPE TABLE OF AQDBSE
*               o_dbsq        = lt_dbsq         "TYPE TABLE OF AQDBSQ
*               o_dbgr        = lt_dbgr         "TYPE TABLE OF AQDBGR
*               o_dbli        = lt_dbli         "TYPE TABLE OF AQDBLI
*               o_dbff        = lt_dbff         "TYPE TABLE OF AQDBFF
*               o_dbfm        = lt_dbfm         "TYPE TABLE OF AQDBFM
*               o_dbvh        = lt_dbvh         "TYPE TABLE OF AQDBVH
*               o_dbvs        = lt_dbvs         "TYPE TABLE OF AQDBVS
*               o_dbrh        = lt_dbrh         "TYPE TABLE OF AQDBRH
*               o_dbrl        = lt_dbrl         "TYPE TABLE OF AQDBRL
*               o_dbpt        = lt_dbpt         "TYPE TABLE OF AQDBPT
*               o_dbct        = lt_dbct         "TYPE TABLE OF AQDBCT
*               o_qutext      = lt_qutext       "TYPE TABLE OF AQTXQU
       EXCEPTIONS
                  NO_QUERY            = 1
                  OTHERS              = 2
                  .
  IF SY-SUBRC <> 0.
*  MESSAGE ID SY-MSGID TYPE SY-MSGTY NUMBER SY-MSGNO
*          WITH SY-MSGV1 SY-MSGV2 SY-MSGV3 SY-MSGV4.
    raise no_query.
  ENDIF.
* check if query contains P0000-PERNR field as output field
  READ TABLE lt_DBOP into ls_DBOP
    WITH KEY NAME = 'P0000-PERNR'.
  IF SY-SUBRC <> 0.
    RAISE PERNR_MISSING.
  ENDIF.
  IF ls_DBOP-OUT = '00' OR ls_DBOP-POS = '00'.
    RAISE PERNR_MISSING.
  ENDIF.
endform.                    "activate_query

*----------------------------------------------------------------------*
* Create HR LDAP Mapping (see transaction HRLDAP_MAP)
*----------------------------------------------------------------------*
form create_hr_mapping.
* Authorizations:
* S_TCODE    TCD=HRLDAP_MAP;
  data: ls_dbop          type AQDBOP,
        ls_LDA_QUERY_MAP type LDA_QUERY_MAP,
        lt_LDA_QUERY_MAP type table of LDA_QUERY_MAP.
  clear ls_LDA_QUERY_MAP.
  ls_LDA_QUERY_MAP-WORKSPACE   = WSPACE.
  ls_LDA_QUERY_MAP-USERGROUP   = UGROUP.
  ls_LDA_QUERY_MAP-QUERYNAME   = QUERY.
  loop at lt_DBOP into ls_DBOP
  WHERE OUT <> '00'
    AND POS <> '00'.
    ls_LDA_QUERY_MAP-QUERY_FIELD    = ls_DBOP-name.
    ls_LDA_QUERY_MAP-ATTR_TABNAME   = ls_DBOP-sgna.
    ls_LDA_QUERY_MAP-ATTR_FIELDNAME = ls_DBOP-name.
    append ls_LDA_QUERY_MAP to lt_LDA_QUERY_MAP.
  endloop.
  DELETE FROM LDA_QUERY_MAP
        WHERE WORKSPACE = WSPACE
          AND USERGROUP = UGROUP
          AND QUERYNAME = QUERY.
  insert LDA_QUERY_MAP from table lt_LDA_QUERY_MAP.
  write: / sy-dbcnt, 'entries for HR LDAP Mapping created (see transaction HRLDAP_MAP)'.
endform.                    "create_hr_mapping

*----------------------------------------------------------------------*
* Create RFC Destination (see transaction SM59)
*----------------------------------------------------------------------*
form create_rfc_destination.
* Authorizations:
* S_TCODE    TCD=SM59;
* S_RFC_ADM  RC=0  ACTVT=01;RFCTYPE=T ;RFCDEST=<rfcdest> ;ICF_VALUE= ;
* S_RFC_ADM  RC=0  ACTVT=02;RFCTYPE=T ;RFCDEST=<rfcdest> ;ICF_VALUE= ;
  data: ls_rfcdes type rfcdes,
        servername LIKE msxxlist-name,
        host  LIKE msxxlist-name,
        sysid like sy-sysid,
        snr   LIKE msxxlist-name.
  call 'C_SAPGPARAM'
     id 'NAME'  field 'rdisp/myname'
     id 'VALUE' field servername.
  split servername at '_' into host sysid snr.
  ls_rfcdes-RFCDEST = RFCDEST.
  ls_rfcdes-rfctype = 'T'.
  concatenate 'H=%%RFCSERVER%%,G=' host
              ',g=sapgw' snr
              ',N=LDAP_LOCALHOST,Y=2,'
    into ls_rfcdes-rfcoptions.
  modify rfcdes from ls_rfcdes.
  write: / 'RFC Destination created (see transaction SM59)', RFCDEST.
endform.                    "create_rfc_destination

*----------------------------------------------------------------------*
* Create LDAP Connector (see transaction LDAP)
*----------------------------------------------------------------------*
form create_ldap_connector.
* Authorizations:
* S_TCODE    TCD=LDAP;
* S_TABU_DIS ACTVT=02;DICBERCLS=SCUS;
* S_TABU_CLI CLIIDMAINT=X;
* CALL FUNCTION 'VIEW_AUTHORITY_CHECK' VIEW_NAME = 'LDAPGATEW'
  data: ls_LDAPGATEW type LDAPGATEW,
        lf_command(255),
        lf_msg_text(200),
        MESSG       type MESSAGE.
  data: servername LIKE msxxlist-name.
  call 'C_SAPGPARAM'
     id 'NAME'  field 'rdisp/myname'
     id 'VALUE' field servername.
  ls_LDAPGATEW-RFCDEST    = RFCDEST.
  ls_LDAPGATEW-APPLSERVER = servername.
  ls_LDAPGATEW-STAT       = 'UP'.
  modify LDAPGATEW from ls_LDAPGATEW.
  write: / 'LDAP Connector created (see transaction LDAP)', RFCDEST.
  CALL FUNCTION 'LDAP_STARTRFC_LOCAL'
    DESTINATION
    ls_ldapgatew-applserver
    EXPORTING
      rfcdest               = ls_ldapgatew-rfcdest
    IMPORTING
      ef_command            = lf_command
    EXCEPTIONS
      no_authoriz           = 1
      no_connector          = 2
      no_rfcdest            = 3
      not_local             = 4
      config_error          = 5
      multiple_reg          = 6
      gateway_failure       = 7
      communication_failure = 8  MESSAGE lf_msg_text
      system_failure        = 9  MESSAGE lf_msg_text
      OTHERS                = 10.
  CASE sy-subrc.
    WHEN 0.
      write: /    'LDAP Connector started',
             (60) lf_command.
    WHEN 8 OR 9.
      write: /    'LDAP Connector not started' color col_negative,
             (60) lf_msg_text.
    WHEN OTHERS.
*     Check for message 069(LDAP) Multiple registrations for LDAP Connector
      if sy-MSGID = 'LDAP' and sy-MSGNO = '069'.
        write: /    'LDAP Connector already started',
             (60) lf_command.
      else.
*       other error
        CALL FUNCTION 'WRITE_MESSAGE'
          EXPORTING
            MSGID = sy-MSGID
            MSGNO = sy-MSGNO
            MSGTY = sy-MSGTY
            MSGV1 = sy-MSGV1
            MSGV2 = sy-MSGV2
            MSGV3 = sy-MSGV3
            MSGV4 = sy-MSGV4
          IMPORTING
            MESSG = messg.
        write: / 'LDAP Connector not started' color col_negative,
               /(80) messg.
      endif.
  ENDCASE.
endform.                    "create_ldap_connector

*----------------------------------------------------------------------*
* Create System user (see transaction LDAP)
*----------------------------------------------------------------------*
form create_system_user.
* Authorizations:
* S_TCODE    TCD=LDAP;
* S_TABU_DIS ACTVT=02;DICBERCLS=SCUS;
* CALL FUNCTION 'VIEW_AUTHORITY_CHECK' VIEW_NAME = 'LDAPUSER'
  data: ls_LDAPUSER type LDAPUSER.
* Simple store
  ls_LDAPUSER-uname  = uname.
  ls_LDAPUSER-binddn = binddn.
  ls_LDAPUSER-pwdsec = pwd.
  ls_LDAPUSER-auth   = 0.
  ls_LDAPUSER-store  = 1.
  modify LDAPUSER from ls_LDAPUSER.
** Secure Storage: see form ldapuser_fcode in include LLDAPCUSTI01
*
*DATA:
*  lf_id              TYPE rsectab-ident,
*  lt_rsectab         TYPE STANDARD TABLE OF rsectab,
*  lf_password        TYPE rsecflds-data,
*  ls_acl             TYPE rsecabac,
*  lt_acl             TYPE STANDARD TABLE OF rsecabac.
*
** Prepare ID for secure store
*CONCATENATE 'BC_LDAP_' uname INTO lf_id.
*lf_password = pwd.
*
** Create a new entry in the secure store
** Which reports are allowed to access the data?
*ls_acl-reportname = sy-repid.
*ls_acl-ab_access  = 6.
*APPEND ls_acl TO lt_acl.
*ls_acl-reportname = 'SAPLLDAPCUST'.
*ls_acl-ab_access  = 6.
*APPEND ls_acl TO lt_acl.
*ls_acl-reportname = 'SAPLSLDAP'.
*ls_acl-ab_access  = 1.
*APPEND ls_acl TO lt_acl.
*CALL FUNCTION 'SECSTORE_INSERT_ITEM'
*  EXPORTING
*    ident               = lf_id
*    data                = lf_password
*    INSERT_FORCED       = 'X'
*  TABLES
*    repaclist           = lt_acl
*  EXCEPTIONS
*    internal_error      = 1
*    invalid_description = 2
*    invalid_auth        = 3
*    OTHERS              = 4.
*IF sy-subrc = 0.
*  CALL FUNCTION 'WRITE_MESSAGE'
*    EXPORTING
*      MSGID = 'LDAP'
*      MSGNO = '052'
*      MSGTY = 'S'
*    IMPORTING
*      MESSG = messg.
*  write: / 'Entry in Secure store created',
*         / messg.
*ELSE.
*  CALL FUNCTION 'WRITE_MESSAGE'
*    EXPORTING
*      MSGID         = sy-MSGID
*      MSGNO         = sy-MSGNO
*      MSGTY         = sy-MSGTY
*      MSGV1         = sy-MSGV1
*      MSGV2         = sy-MSGV2
*      MSGV3         = sy-MSGV3
*      MSGV4         = sy-MSGV4
**      MSGV5         = ' '
*    IMPORTING
**      ERROR         =
*      MESSG         = messg
**      MSGLN         =
*            .
*  write: / 'Entry in Secure store not created',
*         / messg.
*ENDIF.
*
*ls_LDAPUSER-uname  = uname.
*ls_LDAPUSER-binddn = binddn.
*ls_LDAPUSER-pwdsec = space.
*ls_LDAPUSER-auth   = 0.
*ls_LDAPUSER-store  = 0.
*
*modify LDAPUSER from ls_LDAPUSER.
  write: / 'LDAP System user created (see transaction LDAP)', UNAME.
endform.                    "create_system_user

*----------------------------------------------------------------------*
* Create LDAP Server (see transaction LDAP)
*----------------------------------------------------------------------*
form create_ldap_server.
* Authorizations:
* S_TCODE    TCD=LDAP;
* S_TABU_DIS ACTVT=02;DICBERCLS=SCUS;
* CALL FUNCTION 'VIEW_AUTHORITY_CHECK' VIEW_NAME = 'LDAPUSER'
  data: ls_LDAPSERVER type LDAPSERVER,
        ls_dbop          type AQDBOP.
  ls_LDAPSERVER-SERVERID = SERVERID.
  ls_LDAPSERVER-DFAULT  = space.
  ls_LDAPSERVER-HOST    = ldapHOST.
  ls_LDAPSERVER-PORT    = ldapport.
  ls_LDAPSERVER-VERSION = '3'.
  ls_LDAPSERVER-BASE    = ldapbase.
  ls_LDAPSERVER-SYSUSER = uname.
  ls_LDAPSERVER-RANONYM = space.
  ls_LDAPSERVER-PRODUCT = 'SAP'.
  ls_LDAPSERVER-APPL    = 'EMPL'.
  delete from LDAPSERVER where SERVERID = SERVERID.
  insert LDAPSERVER from ls_LDAPSERVER.
  write: / 'LDAP Server created (see transaction LDAP)', SERVERID.
  data: ls_LDAPMAP5 type LDAPMAP5. "Object Classes
  ls_LDAPMAP5-SERVERID = SERVERID.
  ls_LDAPMAP5-OBJCL    = OBJCL.
  delete from LDAPMAP5 where SERVERID = SERVERID.
  modify LDAPMAP5 from ls_LDAPMAP5.
  write: / 'LDAP Server Object Class created (see transaction LDAP)',
           SERVERID, (20) OBJCL.
  data: ls_LDAPMAP1 type LDAPMAP1, "FMs and Indicators
        ls_LDAPMAP2 type LDAPMAP2, "Fields
        ls_LDAPMAP3 type LDAPMAP3, "Attributes
        ls_LDAPMAP4 type LDAPMAP4, "Parameters
        ls_LDAPMAP6 type LDAPMAP6. "Synchronization (not used)
  data: lt_LDAPMAP1 type table of LDAPMAP1, "FMs and Indicators
        lt_LDAPMAP2 type table of LDAPMAP2, "Fields
        lt_LDAPMAP3 type table of LDAPMAP3, "Attributes
        lt_LDAPMAP4 type table of LDAPMAP4, "Parameters
        lt_LDAPMAP6 type table of LDAPMAP6. "Synchronization (not used)
  data: mapkey type LDAPMAP3-mapkey.
  mapkey = 1.
  clear ls_LDAPMAP1.
  ls_LDAPMAP1-serverid = serverid.
  ls_LDAPMAP1-mapkey   = mapkey.
  ls_LDAPMAP1-fflag    = 'X'.
  ls_LDAPMAP1-iflag    = 'X'.
  ls_LDAPMAP1-oflag    = 'X'.
  ls_LDAPMAP1-rflag    = 'X'.
  append ls_LDAPMAP1 to lt_LDAPMAP1.
  ls_LDAPMAP2-serverid = serverid.
  ls_LDAPMAP2-mapkey   = mapkey.
  ls_LDAPMAP2-nr       = 1.
  ls_LDAPMAP2-VAR      = 'EMPLOYEE'.
  ls_LDAPMAP2-FLD      = 'KEY'.
  append ls_LDAPMAP2 to lt_LDAPMAP2.
  ls_LDAPMAP3-serverid = serverid.
  ls_LDAPMAP3-mapkey   = mapkey.
  ls_LDAPMAP3-nr       = 1.
* concatenate ls_LDAPMAP2-VAR '-' ls_LDAPMAP2-FLD into ls_LDAPMAP3-attr.
  move 'cn' to ls_LDAPMAP3-attr.
  append ls_LDAPMAP3 to lt_LDAPMAP3.
  loop at lt_DBOP into ls_DBOP
  WHERE OUT <> '00'
    AND POS <> '00'.
    add 1 to mapkey.
    clear ls_LDAPMAP1.
    ls_LDAPMAP1-serverid = serverid.
    ls_LDAPMAP1-mapkey   = mapkey.
    ls_LDAPMAP1-oflag    = 'X'.
    append ls_LDAPMAP1 to lt_LDAPMAP1.
    ls_LDAPMAP2-serverid = serverid.
    ls_LDAPMAP2-mapkey   = mapkey.
    ls_LDAPMAP2-nr       = 1.
    ls_LDAPMAP2-VAR      = ls_DBOP-sgna.
    ls_LDAPMAP2-FLD      = ls_DBOP-name.
    append ls_LDAPMAP2 to lt_LDAPMAP2.
    ls_LDAPMAP3-serverid = serverid.
    ls_LDAPMAP3-mapkey   = mapkey.
    ls_LDAPMAP3-nr       = 1.
    data l type i.
    l = strlen( ls_DBOP-sgna ).
    if ls_DBOP-sgna = ls_DBOP-name(l) and ls_DBOP-name+l(1) = '-'.
      move ls_DBOP-name to ls_LDAPMAP3-attr.
    else.
      concatenate ls_DBOP-sgna '-' ls_DBOP-name into ls_LDAPMAP3-attr.
    endif.
    append ls_LDAPMAP3 to lt_LDAPMAP3.
*   ls_LDAPMAP4-serverid = serverid.
*   ls_LDAPMAP4-mapkey   = mapkey.
*   append ls_LDAPMAP4 to lt_LDAPMAP4.
*   ls_LDAPMAP6-serverid = serverid.
*   ls_LDAPMAP6-mapkey   = mapkey.
*   append ls_LDAPMAP6 to lt_LDAPMAP6.
  endloop.
  delete from LDAPMAP1 where SERVERID = SERVERID.
  insert LDAPMAP1 from table lt_LDAPMAP1.
  write: / sy-dbcnt, 'entries for LDAP Server FMs and Indicators created'.
  delete from LDAPMAP2 where SERVERID = SERVERID.
  insert LDAPMAP2 from table lt_LDAPMAP2.
  write: / sy-dbcnt, 'entries for LDAP Server Fields created'.
  delete from LDAPMAP3 where SERVERID = SERVERID.
  insert LDAPMAP3 from table lt_LDAPMAP3.
  write: / sy-dbcnt, 'entries for LDAP Server Attributes created'.
  delete from LDAPMAP4 where SERVERID = SERVERID.
  insert LDAPMAP4 from table lt_LDAPMAP4.
  write: / sy-dbcnt, 'entries for LDAP Server Parameters created'.
* delete from LDAPMAP6 where SERVERID = SERVERID.
* insert LDAPMAP6 from table lt_LDAPMAP6.
* write: / sy-dbcnt, 'entries for LDAP Server Synchronization created'.
endform.                    "create_ldap_server