Previous      Contents      Index      Next
Sun Java[TM] System Identity Manager 7.1 Resources Reference

---

SAP

Identity Manager provides resource adapters for supporting the following versions of SAP:

SAP R/3 v4.5, v4.6
SAP R/3 Enterprise 4.7 (SAP BASIS 6.20)

The following table summarizes the attributes of the SAP adapter:

GUI Name	Class Name
SAP	com.waveset.adapter.SAPResourceAdapter

Resource Configuration Notes

To enable the ability for a user to change his or her own SAP password, perform the following steps:

Set the User Provides Password On Change resource attribute.
Add WS_USER_PASSWORD to both sides of the schema map. You do not need to modify the user form or other forms.

Identity Manager Installation Notes

The SAP resource adapter is a custom adapter. You must perform the following steps to complete the installation process:

Download the JCo (Java Connection) toolkit from http://service.sap.com/connectors. (Access to the SAP JCO download pages require a login and password.) The toolkit will have a name similar to sapjco-ntintel-2.1.6.zip. This name will vary depending on the platform and version selected.

Note	For Solaris x86, only the 64-bit version of the JCO is available. If you are using 64-bit Solaris on Sparc, ensure that the 64-bit version of the JCO is used.

Unzip the toolkit and follow the installation instructions. Be sure to place library files in the correct location and to set the environment variables as directed.
Copy the sapjco.jar file to the InstallDir\WEB-INF\lib directory.
To add an SAP resource to the Identity Manager resources list, you must add the following value in the Custom Resources section of the Configure Managed Resources page.

com.waveset.adapter.SAPResourceAdapter

Usage Notes

This section provides information related to using the SAP resource adapter, which is organized into the following sections:

General Notes
SAP JCO and RFC Tracing
Global Trade Services (GTS) Support

General Notes

The following general notes are provided for the resource:

To allow editing of to and from dates on a per activity group basis, load the SAPUserForm_with_RoleEffectiveDates_Timezone.xml form. This form also provides the ability to select a time zone for the user.
The sources.ResourceName.hosts property in the waveset.properties file can be used to control which host or hosts in a cluster will be used to execute the synchronization portion of an Active Sync resource adapter. ResourceName must be replaced with the name of the Resource object.
The sample user forms SAPUserForm.xml and SAPUserForm_with_RoleEffectiveDates_Timezone.xml now contain a definition for a field that pre-expires the user’s password. If this field's value is true, and an Identity Manager administrator creates or changes a user’s password, the user must specify a new password upon logging in to SAP.

SAP JCO and RFC Tracing

The SAPResourceAdapter and the SAPHRActiveSyncAdapter provide resource attributes for SAP JCO and RFC tracing. They can be used to trace Identity Manager's communication with the SAP system. The attributes are JCO Trace Level and JCO Trace Directory.

The following environment variables can be set in the environment to enable SAP RFC tracing. These variables must be set in the environment before starting the application server. They control the shared library that JCO uses to communicate with the SAP system.

RFC_TRACE: 0 or 1
RFC_TRACE_DUMP: 0 or 1
RFC_TRACE_DIR: Path to the directory for the trace files
CPIC_TRACE_DIR: Path to the directory for the trace files

Note	If no JCO tracing is desired, set RFC_TRACE to 0 to ensure that no trace files are created.

Global Trade Services (GTS) Support

To enable SAP Global Trace Services support on the SAP adapter, activate the appropriate roles listed Role Name column in the following table. SAP generates the roles listed in the Generated Role column of the table. You must assign the generated roles to the appropriate user profiles in SAP GTS.

Role Label	Role Name	Generated Role
Customs Processing Specialist	SAP_BW_SLL_CUS	SAP_BWC_SLL_CUS
Preference Processing Specialist	SAP_BW_SLL_PRE	SAP_BWC_SLL_PRE
Restitution Specialist	SAP_BW_SLL_RES	SAP_BWC_SLL_RES
Legal Control Specialist	SAP_BW_SLL_LCO	SAP_BWC_SLL_LCO

Security Notes

This section provides information about supported connections and privilege requirements.

Supported Connections

Identity Manager uses BAPI over SAP Java Connector (JCo) to communicate with the SAP adapters.

Required Administrative Privileges

The user name that connects to SAP must be assigned to a role that can access the SAP users.

Provisioning Notes

Feature	Supported?
Enable/disable account	Yes
Rename account	No
Pass-through authentication	No
Before/after actions	No
Data loading methods	Import directly from resource Reconciliation

Account Attributes

The following table provides information about the default SAPaccount attributes. (Additional attributes are provided if the Enable SAP GRC Access Enforcer? resource parameter is selected.) All attribute types are String.

Identity System User Attribute	Resource Attribute Name	Description
accountId	USERNAME->BAPIBNAME	Required. The user’s account ID.
firstname	ADDRESS->FIRSTNAME	User’s first name
fullname	ADDRESS->FULLNAME	User’s first and last name
email	ADDRESS->E_MAIL	User’s e-mail address
lastname	ADDRESS->LASTNAME	Required. User’s last name
personNumber	ADDRESS->PERS_NO	Internal key for identifying a person
addressNumber	ADDRESS->ADDR_NO	Internal key for identifying an address for central address management
birthName	ADDRESS->BIRTH_NAME	Maiden name or name given at birth
middleName	ADDRESS->MIDDLENAME	User’s middle name
secondLastName	ADDRESS->SECONDNAME	Second last name
academicTitle	ADDRESS->TITLE_ACA1	An academic title, such as Dr. or Prof.
academicTitle2	ADDRESS->TITLE_ACA3	A second academic title
namePrefix	ADDRESS->PREFIX1	A prefix to a last name, such as von, van der, or de la
namePrefix2	ADDRESS->PREFIX2	A second prefix to a last name
nameSupplement	ADDRESS->TITLE_SPPL	Name supplement, for example noble title, such as Lord or Lady
nickname	ADDRESS->NICKNAME	User’s nickname
initials	ADDRESS->INITIALS	Middle initial or initials
nameFormat	ADDRESS->NAMEFORMAT	The sequence in which name components are assembled to present the name of a person in a complete form. The sequence can vary for each country.
nameFormatCountry	ADDRESS->NAMCOUNTRY	The country used to determine the name format
languageKey	ADDRESS->LANGU_P	The language used to enter and display text
iso639Language	ADDRESS->LANGUP_ISO	ISO 639 language code
sortKey1	ADDRESS->SORT1_P	A search term
sortKey2	ADDRESS->SORT2_P	A secondary search term
department	ADDRESS->DEPARTMENT	The department in a company as part of the company address
function	ADDRESS->FUNCTION	The user’s job functionality
buildingNumber	ADDRESS->BUILDING_P	The building number where the user’s office is located
buildingFloor	ADDRESS->FLOOR_P	The floor where the user’s office is located
roomNumber	ADDRESS->ROOM_NO_P	The room number where the user’s office is located
correspondenceCode	ADDRESS->INITS_SIG	A correspondence code
inhouseMailCode	ADDRESS->INHOUSE_ML	An internal mail code
communicationTypeCUA	ADDRESS->COMM_TYPE	States how the user wants to exchange documents and messages with a business partner.
title	ADDRESS->TITLE	A title, such as Mr. or Mrs.
title2	ADDRESS->TITLE_P	A title, such as Mr. or Mrs.
personName	ADDRESS->NAME	Name of an address
personName2	ADDRESS->NAME_2	Second line in a name of an address
personName3	ADDRESS->NAME_3	Third line in a name of an address
personName4	ADDRESS->NAME_4	Fourth line in a name of an address
careOfName	ADDRESS->C_O_NAME	Part of the address if the recipient is different from the occupant (c/o = care of)
city	ADDRESS->CITY	User’s city
district	ADDRESS->DISTRICT	City or district supplement
cityNumber	ADDRESS->CITY_N	City code
districtNumber	ADDRESS->DISTRCT_NO	District code
cityPostalCode	ADDRESS->POSTL_COD1	User’s postal code
cityPostalCode2	ADDRESS->POSTL_COD2	Postal code required for unique assignment of the PO Box.
cityPostalCode3	ADDRESS->POSTL_COD3	Postal code which is assigned directly to a company.
poBox	ADDRESS->PO_BOX	The user’s post office box
poBoxCity	ADDRESS->PO_BOX_CIT	Post office box city
poBoxCityNumber	ADDRESS->PBOXCIT_NO	The PO Box city, if it is different from the address city.
postalDeliveryDistrict	ADDRESS->DELIV_DIS	Postal delivery district
transportZone	ADDRESS->TRANSPZONE	Regional zone of a goods recipient or supplier
street	ADDRESS->STREET	The user’s street
streetCode	ADDRESS->STREET_NO	A street code
streetAbbreviation	ADDRESS->STR_ABBR	A street abbreviation
houseNumber	ADDRESS->HOUSE_NO	The number portion of a street address
houseNumber2	ADDRESS->HOUSE_NO2	A secondary address number
street2	ADDRESS->STR_SUPPL1	Additional address field printed above the Street line.
street3	ADDRESS->STR_SUPPL2	Additional address field printed above the Street line.
street4	ADDRESS->STR_SUPPL3	Additional address field printed below the Street line.
street5	ADDRESS->LOCATION	Additional address field printed below the Street line.
oldBuilding	ADDRESS->BUILDING	Number or ID for the building in a contact person address.
floor	ADDRESS->FLOOR	The floor number of an address
roomNumber	ADDRESS->ROOM_NO	The room number in an address
countryCode	ADDRESS->COUNTRY	The country in an address
countryCodeISO	ADDRESS->COUNTRYISO	The two-letter ISO code for the country in an address
languageKey	ADDRESS->LANGU	The language used to enter and display text
languageKeyISO	ADDRESS->LANGU_ISO	ISO 639 language code
region	ADDRESS->REGION	State or province
sort2	ADDRESS->SORT2	A secondary search term
timeZone	LOGONDATA->TZONE	The time difference of the time zone in hours/minutes relative to the UTC
taxJurisdictionCode	ADDRESS->TAXJURCODE	the tax authority to which taxes must be paid. It is always the city to which the goods were delivered.
telephoneNumber	ADDRESS->TEL1_NUMBR	Telephone number, including the area code, but no country code
telephoneExtension	ADDRESS->TEL1_EXT	Telephone number extension
faxNumber	ADDRESS->FAX_NUMBER	Fax number, including the area code, but no country code
faxExtension	ADDRESS->FAX_EXTENS	Fax number extension
buildingNumber	ADDRESS->BUILD_LONG	Number or abbreviation of a building in an address.
cuaSystems	SYSTEMS->CUASYSTEMS	Central User Administration system names
profiles	PROFILES->BAPIPROF	Profiles assigned to the user.
activityGroups	ACTIVITYGROUPOBJECTS	Roles assigned to the user.
lastLoginTime	LOGONDATA->LTIME	Read only attribute that lists the most recent login time.

Resource Object Management

Not applicable

Identity Template

$accountId$

Sample Forms

SAPForm.xml

SAPUserForm_with_RoleEffectiveDates_Timezone.xml

SAPHRActiveSyncForm.xml

Troubleshooting

Use the Identity Manager debug pages to set trace options on the following classes:

com.waveset.adapter.SAPResourceAdapter

To determine which version of the SAP Java Connector (JCO) is installed, and to determine whether it is installed correctly, run the following command:

java -jar sapjco.jar

The command returns the JCO version as well as the JNI platform-dependent and the RFC libraries that communicate with the SAP system.

If the platform-dependent libraries are not found, refer to the SAP documentation to find out how to correctly install the SAP Java Connector.

Previous      Contents      Index      Next

---

.   Copyright 2007 Sun Microsystems, Inc. All rights reserved.