I look for an option to use at the Password check procedure from Active Directory password instead USR02 password.
What is up to date the mostsimple and with BC740 at Win2008 or 2012 option to replace PW check at ABAP with AD PW check to for Business Uses. Are there Standard functions, Customer Exits or methods available to implement
an easy solution.
I found many discussions around the topic at SSO, IDM,GRC but once with much new functionality I do not request
at moment or discussions based on older releases.
What function can be used within BC 740 / ECC 617 running SAP at MS Win Server?
Details:
We started to implement Standard SSO (with Kerberos / SPNEGO for Portal and GUI User) but we have still lots of tickets from users not staying inside our central AD domain with their PC-Client.
We are a “small” organization but have facilities in 150 countries with also local AD domains. So often the uses are logged on with in the regional AD Domain and would like to access one of our new centralized SAP services via Portal or sapgui. Our Business Users have 2 accounts, first within AD for regional IT Services, second for all centralized IT services.
I asked, based on These conditions, our SAP-Basis Team how we can get a solution to check on NW ABAP
Stack server side the password with our central AD domain.
We run five productive functional different SAP instances and expect no benefit on centralized Role and User
administration within this organization. Only the different password per SAP-system-client
causes problems.
Our security team requires at systems with personal employee data a logon procedure with entering a password
(proposal is using AD PW) and for technical support stuff a higher frequent PW
change. All these could be done just by PW check against AD.