on 09-05-2013 9:24 AM
Hello,
One of our customers, have several companies around the world, Each company has its own WinAD and domain. He want to know if it's possible and how to configure his single BI Plateform to allow WinAD Authentification.
Best regards
Laurent
there must be a 2 way transitive trust between the domains for BO AD authentication using Kerberos to work.
Please check the below Points:
using a service account from the remote forest has been reported to allow manual AD to work with 2 forests and only a 1 way forest trust
2-way external trusts (used for Windows 2000 and above) may work with manual AD and multiple forests but results have been inconsistent and unreliable.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You can verify 2-way transitive trust required for multi forest SSO
Please check the below SAP note first.
1384606 - How To view Active Directory Trusts using Microsoft Management Console (mmc)
This is correct, for the supported method all forests/domain must have a 2-way trust.
However one potential solution which is NOT supported would be to introduce a virtual directory server which would sit between BOE and the AD servers. Then you would configure LDAP to point to this virtual directory and all of the routing or queries would be performed by the virtual directory. NOTE: this is very complex to configure and requires a great knowledge of all the directories as well as producing a single point of failure if BOE cannot handle the connections to the virtual directory. Again connecting to virtual directories is NOT supported.
User | Count |
---|---|
90 | |
10 | |
10 | |
10 | |
7 | |
7 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.