|Oracle® Identity Manager Connector Guide for SAP CUA
The connector can reconcile elements present in the SAP CUA master system only.
Creation of a user on the SAP system involves running the Create User and Change Password functions in sequence. This event makes three RFC calls to the SAP system. The Create User RFC and Change Password RFC functions commit the transaction explicitly at the end of the call. This commit is enforced by the SAP architecture. This architecture constraint of SAP makes transactional maintenance between Create User and Change Password infeasible.
When a user is created, the password specified is not allocated to the user. Later, the SAP system requires the user to specify the password again, which is assigned to the user at this stage. To prevent the occurrence of this event, when a user is created, the user is assigned a dummy password. After user creation, the Change Password function is run automatically. The password changes from the dummy password to the one entered by the user in the SAP User form in Oracle Identity Manager. This process is not visible to the user.
When a user is created, the password is set only for the SAP CUA Master system, not the SAP CUA Child system.
Password validation is not done in Oracle Identity Manager because the password rule is configurable on the SAP system.
Suppose a user is created in SAP CUA and then locked. When this user is reconciled for the first time, the user may not get locked because linking in Oracle Identity Manager takes place in an asynchronous manner. This user is successfully locked during the next reconciliation run.
Suppose a user is deleted from SAP CUA. During reconciliation, the user is deleted from Oracle Identity Manager. However, the Delete User function is also run and a message saying that the user does not exist on the target system is displayed. This message can be ignored.
In SAP 4.7 or later, you cannot enter non-English letters in the E-mail Address field.