on 06-21-2018 6:36 PM
Hi all,
I am trying to set up SSO on a new BusinessObjects XI 4.2 sp5 server. I have a service account that has access to AD. However, when I put the name of Group AD I get the following error:
Invalid group name, cannot find group (CN=UserGroup,CN=Users,DC=terminator,DC=local).
I retrieved the distinguishedName of Group from Windows AD Server on tab "attribute editor" of his properties.
I am able add without issue the "AD Administrator name" and "Default AD Domain" on Cmc but unfortunately I'm stuck during the mapping of AD Group .
N.B.
I'm administrator of SAP BI Server and Windows AD Server.
Any ideas?
Best regards MJ
Dear All,
Is the CMS trace the only trace that I have to activate in order to analyze the issue?
Best regards,
MJ
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Dear Dell,
thank you about your response.
----------------------------------
The KB 1886178 could be usefull in order to analize the issue.
Below I report the CMS trace log during the mapping of AD Group:
Assert failure: (ad_acct_entity.cpp:152). (false : WINAD: CAccountEntity::InitFromSid() -- BindIADsToLDAPFromSid hr=-2147467259). NameServer.cpp:1408:-: TraceLog message 80
Best regards,
MJ
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Dear Michael Jennings,
I install SAP BI4.2 on windows server 2016 and exported the users and groups manually using the import wizard from SAP BOXI 3.1 then imported with Upgrade Management Tools from SAP BI 4.2.
I created the service account and configured the SPNs and the SAP BI4.2 server, but I haven't used Windows AD, I have this same error in my CMS log.
(false: WINAD: CAccountEntity :: InitFromSid () - BindIADsToLDAPFromSid hr = -2147467259)
Have you already solved this problem?
If the group is in the default domain that is set in the properties, I usually use the just the group name instead of the full distinguished name when I add an AD group to this screen. When you do a group update at the bottom of the screen, it will pull the distinguished name. In the documentation for configuring AD authentication ("Configuring Active Directory Manual Authentication and SSO for BI4" by Steve Fredell) it mentions KBAs 1199995 and 147634 for troubleshooting issues when mapping groups.
-Dell
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
86 | |
10 | |
10 | |
9 | |
7 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.