on 01-27-2016 8:49 AM
Dear all,
We face the following scenario:
1.) We have a SAP BO BI 4.0 SP7 server which runs on SuSE SLES 11.
2.) The authentication scheme currently used is LDAP > LDAP Server Type = Oracle Internet Directory.
3.) The customer wants to change the LDAP > LDAP Server Type = Microsoft Active Directory Application Server.
If we fulfill all the necessary restrictions while mapping LDAP against Windows AD, as stated in Administrator's Manual, I would like to ask:
A.) Are the following assumptions correct?
A1.) If an existing user has the same name with one coming from Windows AD, then the user will remain intact.
A2.) If an existing user has different name with one coming for Windows AD, then the existing user will be removed and a new one will be created.
There are two useful links:
10 easy steps - How to use LDAP-based authentication in SAP BusinessObjects 4.1
Setting up the LDAP connector - Business Intelligence (BusinessObjects) - SCN Wiki
Thanks in advance for any answer.
Regards,
ilias
If you simply change them you'll lose all users.
You need to ensure each user has an Enterprise alias before making this change.
Then after the change you'll see both of your assumptions.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
The user account can remain in in BO under 2 condition:-
The AD group is mapped in BO and LDAP group is also present and the user id is same and they get sync.
1205637 - How to map Active Directory accounts in a Windows and UNIX/Linux environment
But as you have Suse so you do not have AD plugin hence you will have to map in the LDAP Plugin itself while the LDAP is already configured.
U can only configure AD as LDAP in the current configuration if you have same OU.
So, the best option is create enterprise alise for all LDAP with the script:-
1804839 - How to add or remove an Enterprise alias through a script in SAP BI 4.0
once the alias is created then you can remove and configure new AD.
Hello,
the guys gave you already the tipps you need.
I want to draw the Attention to something else. You posted that you are running SAP BI 4.0 SP07. BI 4.0 is out of Support since 12.31.2015.
You should plan to update to the latest Version which is SAP BI 4.1 SP07. Its just a simple update installer...so no rocket science here.
Regards
-Seb.
Dear all,
I've made some investigation in a test BO environment and here are my results / conclusions:
1.) The first step is to create Enterprise Aliases for every user that came from LDAP (Oracle Internet Directory). In that way we will ensure that no user account and dependent objects (Favorites Folder, Inbox) will be removed after re-adjusting the LDAP authentication plugin with Windows Active Directory.
2.) After we re-adjust the LDAP authentication plugin in order to get the users from Windows Active Directory, there are two possible scenarios:
A. If an existing user has the same name with one coming from Windows AD, then the user will remain intact (automatic user aliasing).
B. If an existing user has different name with one coming for Windows AD, then the existing user will be removed from the current LDAP group and a new one will be created. So, for one physical user we will have two different BO-related accounts (Enterprise, LDAP).
C. The next step should be the manual aliasing of the current Enterprise User with the new LDAP User. In that way we will preserve the security scheme for the existing user. After this step, the new LDAP User will not be visible in the LDAP Group and dependent objects will be removed (Favorites, Inbox). If we re-import the users from Windows AD, then we will see the Enterprise User Account (which is aliased with the LDAP Account) in LDAP Group.
Thanks for your time and answers,
ilias
PS: I already informed the customer about the current status of 4.0 version (end of mainstream maintenance) and I hope they will soon move on 4.1 version.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
93 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.