Skip to Content
Author's profile photo Rodrigo Caparroz

BO 4.1 AD authentication in Unix/AIX environment


On this blog, I’ll explain the step by step of how to configure the Windows AD authentication when BO is installed on a Unix server.

This how-to was done with this environment:

  • SO: AIX version 6.1, TL 9
  • BO: 4.1 SP4 Patch 3

These steps were done following the steps described on SAP Note  1245218 – How to connect the LDAP plugin to Active Directory

The “Distinguished Name”

When we are configuring Windows AD authentication in one BOE Unix Environment, there is parameter that we need to insert called “Distinguished Name”. This information is not easy to find when we don’t have access to the Active Directory server for example. To find this information, we used one tool Active Directory Explorer that will show for us what is the Distinguished Name of the user that we need. Below, I will show how to find this parameter and apply in the AD authentication configurations on BO CMC.

Attention: the Distinguished Name of the user is not the user itself

To download the Active Directory Explorer:

After download the AD Explorer, it’s necessary to logon on the AD server with an allowed user:


After that, we should do a search for the user that we need the distinguished name using the parameter sAMAccountName. After we added the Search Criteria sAMAccountName is <user name>, we do a double-click on the search results below:


After a double click, you can see selected the Distinguished Name of our needed user, this is what we need to insert on BO AD authentication configuration on CMC:


The LDAP Configuration in CMC:

To use the AD authentication in Unix, we will need to use the LDAP plugin selecting on the configurations that it will be AD based

Below are the configurations that we need on LDAP Authentication plugin config screen through CMC:

Select LDAP


Click on Start Configuration Wizard



Inform all your AD servers that you would like to able users to be authenticated


Select Microsoft Active Directory Application on LDAP Server type parameter and then click on Show Attribute Mappings


On Attribute Mappings, inform these parameters:


After that, inform you Base LDAP Distinguished name, what usually is the FQDN of server domain on “DC” tags


And then, the Distinguished Name that we found using the AD Explorer tool:


After, click on Next


click on Next


click on Next


And then, Finish


After that, the AD authentication configuration is done and the users will be able to logon using their AD users in an UNIX environment.


Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo Hosting Cap
      Hosting Cap

      Thanks for the steps.

      As per SAP note 1245218 i was typing manually DN info and getting different errors. Followed your steps on how to get DN and its fixed.

      I am able to configure AD authentication.

      I am a BASIS guy and performed these steps. Can you tell me next step and how the user ids will be sync to BO CMS.

      Any suggestions for next steps.

      Author's profile photo Rodrigo Caparroz
      Rodrigo Caparroz
      Blog Post Author


      I'm glad that this helped you 🙂

      You can use the option:"Create new aliases only when a user logs on"

      This option will create a new user once he logs on the BO LaunchPad.

      Other option, is to with "Create new aliases when the Alias Update occurs", this option will replicate all your AD/LDAP users to your BO System.

      More information:

      Best Regards,


      Author's profile photo Former Member
      Former Member

      Hi Rodrigo,


      Can you help me with login format in CMC or BI launchpad using LDAP Authentication .


      Also if you can share steps for SSO that would be great