Skip to Content

Hi,

On this blog, I’ll explain the step by step of how to configure the Windows AD authentication when BO is installed on a Unix server.

This how-to was done with this environment:

  • SO: AIX version 6.1, TL 9
  • BO: 4.1 SP4 Patch 3

These steps were done following the steps described on SAP Note  1245218 – How to connect the LDAP plugin to Active Directory

The “Distinguished Name”

When we are configuring Windows AD authentication in one BOE Unix Environment, there is parameter that we need to insert called “Distinguished Name”. This information is not easy to find when we don’t have access to the Active Directory server for example. To find this information, we used one tool Active Directory Explorer that will show for us what is the Distinguished Name of the user that we need. Below, I will show how to find this parameter and apply in the AD authentication configurations on BO CMC.

Attention: the Distinguished Name of the user is not the user itself


To download the Active Directory Explorer: https://technet.microsoft.com/en-us/library/bb963907.aspx

After download the AD Explorer, it’s necessary to logon on the AD server with an allowed user:

/wp-content/uploads/2015/02/1_655187.png

After that, we should do a search for the user that we need the distinguished name using the parameter sAMAccountName. After we added the Search Criteria sAMAccountName is <user name>, we do a double-click on the search results below:

2.JPG

After a double click, you can see selected the Distinguished Name of our needed user, this is what we need to insert on BO AD authentication configuration on CMC:

3.JPG

The LDAP Configuration in CMC:

To use the AD authentication in Unix, we will need to use the LDAP plugin selecting on the configurations that it will be AD based

Below are the configurations that we need on LDAP Authentication plugin config screen through CMC:

Select LDAP

/wp-content/uploads/2015/02/4_655234.png

Click on Start Configuration Wizard

/wp-content/uploads/2015/02/5_655238.png

 

Inform all your AD servers that you would like to able users to be authenticated

6.JPG

Select Microsoft Active Directory Application on LDAP Server type parameter and then click on Show Attribute Mappings

/wp-content/uploads/2015/02/7_655240.png 

On Attribute Mappings, inform these parameters:

/wp-content/uploads/2015/02/8_655241.png

After that, inform you Base LDAP Distinguished name, what usually is the FQDN of server domain on “DC” tags

9.JPG

And then, the Distinguished Name that we found using the AD Explorer tool:

/wp-content/uploads/2015/02/10_655243.png

After, click on Next

/wp-content/uploads/2015/02/11_655244.png

click on Next

/wp-content/uploads/2015/02/12_655245.png

click on Next

/wp-content/uploads/2015/02/13_655246.png

And then, Finish

/wp-content/uploads/2015/02/14_655247.png

After that, the AD authentication configuration is done and the users will be able to logon using their AD users in an UNIX environment.

15.JPG

To report this post you need to login first.

2 Comments

You must be Logged on to comment or reply to a post.

  1. Hosting Cap

    Thanks for the steps.

    As per SAP note 1245218 i was typing manually DN info and getting different errors. Followed your steps on how to get DN and its fixed.

    I am able to configure AD authentication.

    I am a BASIS guy and performed these steps. Can you tell me next step and how the user ids will be sync to BO CMS.

    Any suggestions for next steps.

    (0) 
    1. Rodrigo Caparroz Post author

      Hi,

      I’m glad that this helped you 🙂

      You can use the option:”Create new aliases only when a user logs on”

      This option will create a new user once he logs on the BO LaunchPad.

      Other option, is to with “Create new aliases when the Alias Update occurs”, this option will replicate all your AD/LDAP users to your BO System.

      More information: http://help.sap.com/businessobject/product_guides/sbo41/en/sbo41sp5_bip_admin_en.pdf

      Best Regards,

      Rodrigo.

      (0) 

Leave a Reply