Hi Pradeep
Question 1
Not sure if SAP LDAP can lookup users who belong to a specific LDAP group
If your IT can do this, another option is to build an LDAP (read only) is populated by a script (e.g. refresh every night). The script is used to only select the AD users who belong to the specific group. You can then connect the SAP LDAP to this LDAP instead. It means work outside of SAP and you would need to make this LDAP highly-available.
Question 2
- Check you transactions LDAPMAP and LDAP to make sure you have identified the correct AD fields for firstname and surname (I assume givenName and sn)
- Check IMG "Maintain Mapping for Actions and Connector Groups" for LDAP connector group and 0004 action (provisioning) to ensure that you have AC Field to LDAP field mapped correctly. Under "Assign group field mapping" check that AC Field Names for LASTNAME and FIRSTNAME are mapped to SN and GIVENNAME respectively
- Check Configuration Parameter 2052 is relevant for you
Question 3
Would this be the Page Size set in transaction LDAP > LDAP Connectors: Use "
This allows you to avoid restrictions with regard to the maximum number of hits that exist in some directory servers."
Also - when you search in question 3 what criteria are you entering? It may be need to restrict in your search.
If you are still having issues, I would recommend you post some screen shots of your configuration for LDAP and Conenctor AC Field mappings.
