Identity Manager SAP User Management Driver breaks with SAP 7.3x

  • 7011523
  • 17-Dec-2012
  • 25-Jul-2013


NetIQ Identity Manager 3.6.1
NetIQ Identity Manager 4.0
NetIQ Identity Manager 4.0.1
NetIQ Identity Manager 4.0.2
NetIQ Identity Manager Driver - SAP User Management 3.6.5
NetIQ Identity Manager Driver - SAP User Management
NetIQ Identity Manager Driver - SAP
SAP 7.3x
SAP NetWeaver 7.3x


SAP have released SAP 7.3x which have introduced a number of API changes.

This is causing the NetIQ Identity Manager to stop working.

Until now we have seen the following issues;
1) iDOC publication
  1. Only directly affected systems are notified when a change happen in SAP, for example iDOC's are not created when roles are assigned to users.

2) BAPI Interface
  1. "BAPI_USER_CREATE1 : com.novell.nds.dirxml.driver.sapumshim.BapiException: Company address cannot be selected".
  2. "BAPI_USER_CHANGE : com.novell.nds.dirxml.driver.sapumshim.BapiException: Language key  not defined".
  3. "BAPI_USERLOCACTGROUP_READ —> Message: System QE1CLNT100 is not part of Central User Administration".


These two issues have been fixed in IDM 4.0.2 SAP User Driver Version or later


iDOC Publication

As per information from SAP on SAP NetWeaver 7.0 HP3 (Infrastructure Changes in User Maintenance (Changed)):
Targeted Use of IDocs in Central User Administration

Previously the system sent IDocs for user data, role assignment, and profile assignment to all systems in a CUA landscape, no matter what kind of change you made to the user. Now, when you make changes to user data, such as a role assignment in a given system, the CUA sends the change information only the role assignment IDoc to only the affected systems in the landscape and not all IDocs to all systems.