our SAP Portal installation is not configured to authenticate with Active Directory. As there are lots of users in the AD, we're trying to avoid to insert all users manually in SAP Portal. One solution proposed was to create a default user in SAP Portal which has a default role assigned to him. When a user logs in SAP Portal, I would verify (using Web Dynpro) if this user exists in the AD and then sign him in with the defaut SAP Portal user.
The problem with this approach is that all users would be assigned to the same role, so all of them would be able to see the same KM documents. As I'm going to check the user permissions in the AD, I was thinking about storing this permissions somewhere so I can use it to manually implement KM features using Web Dynpro, such as associating this AD permissions to KM documents in order to filter KM documents by users permissions. It would also be necessary to implement logic to navigate through the KM tree based on the user permissions, etc.
How painful is to manually implement this KM features using Web Dynpro? Can anyone see other problems with this approach?
Thanks in advance,