Programme SAP RPLDAP_EXTRACT_IDM - Extraction of HR Data to an LDAP Directory

Purpose
With this report, you launch the LDAP data extraction of employeerecords from an HR system in order to transfer data into an LDAP-readydirectory service or identity management solution.
As compared with the RPLDAP_EXTRACT report, employee data is copied withthis report in a time-dependent manner. This means that data is copieswith its start and end dates.
Example for data records of the same employee when surname has changed:
Name = [01012008-31122009] SMITH
Name = [01012010-31129999] MILLER
If you want to update the data in your LDAP directory at regularintervals, you can schedule the report to run regularly in thebackground.

Integration
This report was developed with the scenario User Administration andDistribution with SAP NetWeaver Identity Management especially inmind.

Prerequisites
The User Administration and Distribution with SAP NetWeaver IdentityManagement scenarios requires SAP NetWeaver Identity Management7.1, which you must have licensed.

Features

Selection
The selection options on the selection screen are broken down accordingto their content using the group box. The report uses the group box toprovide the following selection options:
Under Person Selection, you can enter the personnel number whosedata you want the system read from the HR system and transfer to theLDAP directory in the Personnel Number field.
If you choose the Delta Download field:

  • the report disables selection using the Personnel Number field

  • only personnel numbers entered in the HRLDAP_PERNR table but not yet
    • processed (not marked with the PROCESSED indicator) are processed.
    The HRLDAP_PERNR table is filled using the implementation of theHRBAS00INFTY, HRPAD00INFTY, and HRPAD00INFTYDB Business Add-Ins. SAPdelivers the following inactive example implementations:
    HRPAD00INFTY --> HR_LDAP_EXTRACT_PA
    HRPAD00INFTYDB --> HR_LDAP_EXTRACT_PA_ITF
    HRBAS00INFTY --> HR_LDAP_EXTRACT_PD
    For more information, see the documentation for the implementations.
    Under LDAP Connections, you can restrict your selection with theLDAP Connector (RFC) and LDAP Server fields.
    When you run the report for the first time (initial run), setting theOptimize for LDAP Initial Run indicator improves systemperformance: The system tries to create new data records in the LDAPdirectory and does not try to update a data record unless there is anerror when creating a new data record. Creating a record will fail, forexample, when there is already an entry in the LDAP directory for thekey of a data record.
    If you execute the report again, do not set the indicator: Systembehavior normally includes updating the data records in the LDAPdirectory first. To do this, the system checks if comparable datarecords are already contained in the LDAP directory. After this check,the system updates the existing data records in the LDAP directory orcreates new ones.
    Under Data Source, you can enter a SAP query as the source foryour data transport.
    You can define your SAP query more precisely with the following fields:
    • Global Work Area (indicator)

    • User Group

    • Name

    • Variant

      • Note that the SAP query must be based on a PNP functional area andcontain the following fields:
      • Personnel Number (P0000-PERNR) as an identifier

      • Split Begin (SYHR_A_P0002_AF_SPLIT_BEG)

      • Split End (SYHR_A_P0002_AF_SPLIT_END)

        • The fields are only filled correctly if the following query switches aredefined in the infoset (under Extras --> Coding in DATA Coding Block.
        Start Code
        *$HR$ [P0002]
        *$HR$ ADD_FIELDS_SPLIT_DEP = 'X'
        *$HR$ SPLIT_DEPENDENT_AF = 'SPLIT_BEGDA'
        *$HR$ SPLIT_DEPENDENT_AF = 'SPLIT_ENDDA'
        *$HR$ [P0001]
        *$HR$ TIME_DEPENDENCE = 'DOMINANT'
        End Code
        In the standard system, SAP delivers the LDAPEXTRACT604 query,which is based on the /SAPQUERY/HR_LDAP_604 infoset, and the/SAPQUERY/L1 user group.
        Under Options, you can delete employee data records identifyingemployees with a certain employment status from the LDAP directory. Thisfunction is useful if the LDAP directory is only supposed to containactive employees (employee data records for employees with employmentstatus 3).
        This could lead to memory shortages during the extraction. Thisgenerally depends on the number of selected employees and the complexityof the query the extraction is based on For example, approximately 5 MBof memory are allocated for 1000 employees in the example query wedeliver. Depending on the size of the application server, it istherefore recommended to launch the report in multiple, disjunctpartitions.