Post Author: TAZ

CA Forum: Authentication

That question would be better serverd by the BO product group. I'm not sure anyone on this forum will be able to answer. Just some LDAP basics....

If you set up a test LDAP server.BO server you should be able to experiment with modifying the attributes/reg keys to see how they modify the LDAP queries. You can use the CMS logs or even enable a packet scan such as wireshark or netmon to read the queries that are being sent to the LDAP server. Typically this is what I do when I can't get a straight answer.

Hope this helps

Regards,

Tim

Post Author: Butchieb

CA Forum: Authentication

I have been working with Business Objects for over a week now and they cannot provide a solution. They first had me install Service pack 3 and FP3.5. I then added registry keys setting base DN for group lookup and then a key to prevent LDAP group lookup altogether and only use the graph cache.

The issue we have is that the query sent to our LDAP host is looking up users in base ou=X. The groups that are mapped are in a container ou=bo,ou=adappgroups,o=x. The query being sent executes the user lookup fast but the base for the group lookup begins in ou=x and is slow. If we run the same filter beginning at ou=bo,ou=adappgroups,o=x it is fast. The question I have is can the group beginning DN be controlled? Even with the registry key below the query sent to LDAP does a group lookup.

HKEY_LOCAL_MACHINE\SOFTWARE\Business Objects\Suite 11.5\Enterprise\Auth

Plugins\secLDAP

new string value

name = NoGroupFilter

value = true

Post Author: TAZ

CA Forum: Authentication

There are many environmental issues, configuration issues, and some bugs as well in our LDAP plugin. You should open a case and have support address your concerns by examining the query. Since the issue could be configuration or environmental I wouldn't just add a patch, but if it's a dev server your welcome to try. To note soem patches also require registry changes, consult your FP readme for instructions.

Regards,

Tim