SAP Program RSEFS_LDAP_USER_UPDATE - Enterprise File Search: Update User Cache

Purpose
You can use this report to load and update the user cache for EnterpriseFile Search.

Integration
If your Enterprise File Search scenario includes file shares with accesscontrol lists, the security IDs representing users and user groups mustbe obtained from the responsible LDAP directory. To improve the searchresponse time, the security IDs are buffered in a persistent cache peruser and domain. The name of the cache table is SEFS_LDAP_USER. You canuse transaction SE16 to display this table.
Not only users can be members of user groups. A group can in turn be amember of other groups. Therefore<(>,<)> recursive group resolution isrequired. To accelerate the update of the user cache, the groupresolution is buffered in a separate cache table<(>,<)> SEFS_LDAP_GROUP.

Prerequisites

  • Access to the LDAP server must be configured using transaction LDAP.

  • Table SEFS_LDAP_DOMAIN must be maintained. You can use transaction SM30
    • to do this.

    Features
    This report updates the user cache table SEFS_LDAP_USER from theconfigured LDAP server.
    Group resolutions are not done for each user but are taken from theuser group cache table SEFS_LDAP_GROUP. If a required user group is notavailable in the cache yet or if the cache entry is older than 24 hours,the user group cache entry is created or updated on-the-fly.

    Selection
    You can select single users to be updated in the cache.

    Standard_variants
    If you leave the select option empty, the user cache is updated for allusers of this system.

    Output
    You will receive statistics containing the number of updated users.

    Activities
    To achieve maximum search performance in Enterprise File Search, you canrun this report every night in batch mode after running reportRSEFS_LDAP_USERGROUP_UPDATE.
    If you do not run this report every night, the required cache entriesare updated on demand if they are older than 24 hours.
    If the response time of your LDAP server is fast, it may be sufficientto run only report RSEFS_LDAP_USERGROUP_UPDATE every night.
    You could even run neither of these reports. In this case, you mustaccept that the user group IDs contained in the user cache are based ona group resolution that is up to 48 hours old (24 + 24).

    Notes

    • If you enter a select option that does not specify at least one valid
      • user for this system, the report ends instantly with no results.
      • If you enter a valid user for this system and the report still returns
        • no results, you should check table SEFS_LDAP_DOMAIN. It could be thatthe specified user is valid in this system, but not in the configuredLDAP server.
        • If the error message "Operation failed" appears, you should use
          • transaction LDAP to check the following:
          Select an active connector and the server assigned in tableSEFS_LDAP_DOMAIN.
          Choose Log On, select the Use System User option<(>,<)>and choose Execute. The message "Operation successful" shouldappear.
          Choose Find.
          On the following screen, change the search depth to Basis Entry Only
          and choose Execute. If the error message "Operation failed"appears again, you should check your LDAP connection. One reason mightbe that the Distinguished Name of the assigned System User
          is not valid in the LDAP directory.
          • If the users for this system cannot be found in the LDAP directory, you
            • should use transaction LDAP to test the Base entry in your LDAPserver configuration: For performance reasons<(>,<)> this reportrestricts the search depth to One Level Below Basis Entry. If youneed more than one Base Entry to cover all SAP users inyour LDAP directory, you can configure multiple LDAP servers intransaction LDAP and in table SEFS_LDAP_DOMAIN.