Skip to Content

BO 4.1 AD authentication in Unix/AIX environment


On this blog, I’ll explain the step by step of how to configure the Windows AD authentication when BO is installed on a Unix server.

This how-to was done with this environment:

  • SO: AIX version 6.1, TL 9
  • BO: 4.1 SP4 Patch 3

These steps were done following the steps described on SAP Note  1245218 – How to connect the LDAP plugin to Active Directory

The “Distinguished Name”

When we are configuring Windows AD authentication in one BOE Unix Environment, there is parameter that we need to insert called “Distinguished Name”. This information is not easy to find when we don’t have access to the Active Directory server for example. To find this information, we used one tool Active Directory Explorer that will show for us what is the Distinguished Name of the user that we need. Below, I will show how to find this parameter and apply in the AD authentication configurations on BO CMC.

Attention: the Distinguished Name of the user is not the user itself

To download the Active Directory Explorer:

After download the AD Explorer, it’s necessary to logon on the AD server with an allowed user:


After that, we should do a search for the user that we need the distinguished name using the parameter sAMAccountName. After we added the Search Criteria sAMAccountName is <user name>, we do a double-click on the search results below:


After a double click, you can see selected the Distinguished Name of our needed user, this is what we need to insert on BO AD authentication configuration on CMC:


The LDAP Configuration in CMC:

To use the AD authentication in Unix, we will need to use the LDAP plugin selecting on the configurations that it will be AD based

Below are the configurations that we need on LDAP Authentication plugin config screen through CMC:

Select LDAP


Click on Start Configuration Wizard



Inform all your AD servers that you would like to able users to be authenticated


Select Microsoft Active Directory Application on LDAP Server type parameter and then click on Show Attribute Mappings


On Attribute Mappings, inform these parameters:


After that, inform you Base LDAP Distinguished name, what usually is the FQDN of server domain on “DC” tags


And then, the Distinguished Name that we found using the AD Explorer tool:


After, click on Next


click on Next


click on Next


And then, Finish


After that, the AD authentication configuration is done and the users will be able to logon using their AD users in an UNIX environment.


You must be Logged on to comment or reply to a post.
  • Thanks for the steps.

    As per SAP note 1245218 i was typing manually DN info and getting different errors. Followed your steps on how to get DN and its fixed.

    I am able to configure AD authentication.

    I am a BASIS guy and performed these steps. Can you tell me next step and how the user ids will be sync to BO CMS.

    Any suggestions for next steps.

  • Hi Rodrigo,


    Can you help me with login format in CMC or BI launchpad using LDAP Authentication .


    Also if you can share steps for SSO that would be great