cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Moving security from LDAP to Windows AD

former_member602339
Discoverer

on ‎02-04-2019 2:30 AM

0 Kudos

Hi Everyone,

We are planning on moving BO authentication from our current LDAP system to Windows AD. I couldn't find anything related to this in the Admin guides/KBA's. I want to know the best way to achieve this (any experiences you might have) and, we have a few other concerns too


Issues we are looking at are:

1) Win AD group creates a new ID which does match with existing LDAP setup so, do we have to manually alias all of them?
Ex: Existing LDAP username: SRITAT01
New Win AD username: sri.tatineni

2) As it creates a new user, it creates a new favorites, how can it be merged with old one

3) What happens if we delete LDAP user id? Will their schedules, Favorites and Inboxes

4) Since we have thousands of users, How can do this in bulk?


Our Current Environment:

SAP BO: 4.X (We have both 4.1 and 4.2 systems in different landscapes of the company)

Windows 2016 servers

Show replies
Show replies
denis_konovalov
Active Contributor
‎02-04-2019 12:49 PM
0 Kudos

I have fixed your tags, please select more careful next time.

Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

BasicTek
Advisor
Advisor
‎02-04-2019 5:57 PM
0 Kudos

The consultant that replied to this post can help for unlike aliases https://answers.sap.com/questions/736450/sap-businessobjects-assignment-of-user-aliases-sap.htm.

For manual I'd add the LDAP alias to AD (this should keep the AD username) vs the other way around would keep the LDAP username. Then after all manually mapped you can remove the LDAP groups deleting the old aliases and leaving the AD alias with favorites folder.

If you want to automate you will need consulting such as the one that posted in the thread above.

-Tim

Show replies
Show replies
denis_konovalov
Active Contributor
‎02-04-2019 12:51 PM
0 Kudos

The only way yo do this is if you have your security based on enterprise groups and if each of your users has an enterprise alias.
Then you simply unmap LDAP groups, and map AD ones in and you retains security by making your new AD groups subgroups to your enterprise groups and by selecting option to map AD aliases to existing users.

Show replies
Show replies
Ask a Question