Skip to Content

BusinessObjects Credential Mapping with SQL Server Database

I have come across a few links related to this topic in the SAP Community forums however unable to find an answer. We are trying to use 'BusinessObjects Credential Mapping' in IDT's connection connecting to SQL Server database. We use LDAP for authentication to BOE (BI4.2 SP5 Patch600). The universe connection test is successful from the workstation but the report fails from BOE server because the user's network credentials are unable to bypass the service account SIA is running on. On the BOE server we have defined ODBC DSN for SQL Server database (Integrated Windows Authentication and not SQL Auth). I found this Kbase 1869952 to configure kerberos however the point #2 under 'Important things to note before engaging in this complex process' says this:

Kerberos SSO to the DB is not possible if you logged into BI with enterprise, LDAP, SAP, siteminder, trusted authentication, or anything other than AD/kerberos (KBA 1631734)

Has anyone successfully used BO credential mapping to SQL Server database with LDAP authentication? Is this supported or even doable?

Please note: We have the database credentials enabled for each of our users under CMC --> Users and 'Enable and update user's Data Source Credentials at logon time' under CMC - Authentication - LDAP

BO Credential mapping works for us with Oracle database when report is run from BOE server (BI Launchpad or CMC).

Appreciate any inputs.

Add a comment
10|10000 characters needed characters exceeded

Related questions

1 Answer

  • Posted on May 14 at 12:31 PM

    Are you trying to do credential mapping (entering each user's ID and password in the CMC), or end-to-end SSO (connecting to the database using the SSO credentials obtained during login)?

    The kb articles you linked to deal with end-to-end SSO, and the text you highlighted is pretty explicit about it only working for Windows AD authentication.

    If you're using credential mapping, then there is no role for LDAP or AD in the process. It simply passes through the ID and password from the user's properties page in the CMC. This means that you can't use Windows Authentication for the ID in SQL Server -- you have to use SQL Server authentication instead. It's working for you in IDT because your workstation is doing Windows authentication to the database using your local Windows credentials. When refreshing a report on the server, it's attempting to authenticate with the server's Windows credentials.

    So, your options are:

    1) To use credential mapping, ensure your users have SQL Server authentication IDs on the database, then change the ODBC connection to "SQL Server authentication".

    2) To use end-to-end SSO, switch to Windows AD authentication from LDAP.

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.