Skip to Content

Moving security from LDAP to Windows AD

Hi Everyone,

We are planning on moving BO authentication from our current LDAP system to Windows AD. I couldn't find anything related to this in the Admin guides/KBA's. I want to know the best way to achieve this (any experiences you might have) and, we have a few other concerns too


Issues we are looking at are:

1) Win AD group creates a new ID which does match with existing LDAP setup so, do we have to manually alias all of them?
Ex: Existing LDAP username: SRITAT01
New Win AD username: sri.tatineni

2) As it creates a new user, it creates a new favorites, how can it be merged with old one

3) What happens if we delete LDAP user id? Will their schedules, Favorites and Inboxes

4) Since we have thousands of users, How can do this in bulk?


Our Current Environment:

SAP BO: 4.X (We have both 4.1 and 4.2 systems in different landscapes of the company)

Windows 2016 servers

Add a comment
10|10000 characters needed characters exceeded

Related questions

2 Answers

  • Posted on Feb 04, 2019 at 12:51 PM

    The only way yo do this is if you have your security based on enterprise groups and if each of your users has an enterprise alias.
    Then you simply unmap LDAP groups, and map AD ones in and you retains security by making your new AD groups subgroups to your enterprise groups and by selecting option to map AD aliases to existing users.

    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on Feb 04, 2019 at 05:57 PM

    The consultant that replied to this post can help for unlike aliases https://answers.sap.com/questions/736450/sap-businessobjects-assignment-of-user-aliases-sap.htm.

    For manual I'd add the LDAP alias to AD (this should keep the AD username) vs the other way around would keep the LDAP username. Then after all manually mapped you can remove the LDAP groups deleting the old aliases and leaving the AD alias with favorites folder.

    If you want to automate you will need consulting such as the one that posted in the thread above.

    -Tim

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.