Maybe those links can help:
http://www.gknw.com/development/apache/ (mod_auth_sspi) or mod_ntlm for apache 1.3
pabloj (BOB member since 2003-03-27)
We opened a case with tech support and asked:
When will Business Objects support NTLM authentication for JSP installations (Apache installations on W2K servers)?
David (BOB member since 2002-08-29)
All,
Am I missing something here 
Does this mean that even if I try to configure LDAP Windows Authentication with Apache it will not work?
Thanks,
BOOZ (BOB member since 2003-08-28)
We don’t have LDAP implemented so we couldn’t test to see if that worked. According to the literature, LDAP should 
work with Apache.
It’s no longer Windows authentication though right? At least not NTLM. You are authenticating against your LDAP server (one running Microsoft Active Directory).
David (BOB member since 2002-08-29)
Yes we are checking against our Microsoft Active Directory but I still get the login prompt on the Webi login - I am not sure if I have to alter the code on the login page or configure Apache in some way.
I have loged a call with technical support but have not heard from them yet.
I just wanted to know if anyone has successfully implemented LDAP to Active Directory with Apache for 3 tier ZABO and Webi?
thanks,
BOOZ (BOB member since 2003-08-28)
Has anyone had any luck with this in 6.5.1?
cjweis (BOB member since 2003-10-02)
Recommend to setup IIS with Tomcat if you want LDAP to work properly.
Keiichi 
(BOB member since 2005-02-08)
Have you set it up successfully? Do users need to login, or does the Windows Integrated Authentication automatically log them in to WebI? How does ZABO work?
cjweis (BOB member since 2003-10-02)
I have gotten 6.51 to work with NTLM using IIS ASP Version.
I am still working with tech support on getting IIS/Tomcat NTLM to work.
No, users do not need to login to Infoview/WebI (thats the whole point of NTLM) when its working…
Anybody else get IIS/Tomcat/NTLM working in 6.51?
We need to deploy the Tomcat/JSP version since we are looking to deploy AF.
Thanks.
Hao.
browncow (BOB member since 2002-09-05)
Im currently running BusinessObjects 6.5.1/Application Foundation 6.5 with IIS/Tomcat setup on production Webi users will still getting prompted for login and password (authentication will be going through Active Directory), but full client users will be able to login automatically.
Youll have to configure IIS/Tomcat Bridge, customize uriworkermap.properties, worker.properties files, and login.jsp to get this setup to work. I admit this is a headache to setup…but I think its the only setup that will work if you want to use NTLM.
I have tested the above configuration with IIS 5.0 and IIS 6.0 and all functioning normally.
Sorry cjweis…I have not try this setup with ZABO, so I don’t know how ZABO going to behave…
Keiichi (BOB member since 2005-02-08)
how do you get Webi to prompt for password but not full client?
Is that how its supposed to work? I thought they weren’t supposed to get prompted. When I use the IIS/ASP version, I am not prompted.
I do have the IIS/Tomcat bridge properly configured, but when NT authentication is turned on, it works for full client, but when I click the login-in button, it errors out.
Did you have to customize login.jsp or anything else?
Anyhelp you could provide would be much appreciated as I’ve been with Level 1 tech support since late December…
THanks.
Hao.
browncow (BOB member since 2002-09-05)
Hao,
Youll have to customize your uriworkermap.properties, worker.properties, and login.jsp files.
Unfortunately at this moment, you cant bypass authentication with TOMCAT running as your application server.
If you got errors right after turning on NTLM I suspect you have not configure your security connector correctly. Can you send samples of your uriworkermap.properties, worker.properties, and your login.jsp. These files located normally at C:\Program Files\Apache Software Foundation\Tomcat 5.0\conf. And C:\Program Files\Apache Software Foundation\Tomcat 5.0\webapps\wijsp\scripts\login for your login.jsp file. Finally your securityConnector log file.
Keiichi (BOB member since 2005-02-08)
Keiichi, I didn’t have to modify login.jsp in order to enable NTLM with IIS->Tomcat. What type of change did you have to make?
I did add a modification to login.jsp, which, along with a copy of webiStart.jsp, allows for an alternate login screen where users can log in manually even when NTLM is enabled.
Hao, if the bridge works, but NTLM does not, the problem may be with the connector. I got it to work with AJP13, but not Coyote. Also, I had to add tomcatAuthentication=“false” to the AJP13 connection paragraph in server.xml.
I’d double-check that the jakarta and wijsp virtual directories are set to IWA in IIS.
Joe
joepeters (BOB member since 2002-08-29)
[quote]add tomcatAuthentication=“false” to the AJP13 connection paragraph in server.xml.
[/quote]
Joe, THANK YOU VERY MUCH!!!
Comment out CoyoteConnector; un-comment Ajp13Connector; and adding tomcatAuthentication=“false” in server.xml solved my problem.
I have been working with BO tech support for 2 weeks on NTLM/IIS/Tomcat for E6.5.1 and this is what BO Tech support wrote
[quote]we do not support such an implementation as NT authentication is built for Windows products only and it is a limitation of microsoft windows.
[/quote]
shuj (BOB member since 2004-04-30)
Thanks for your reply.
I tried changing from the default coyote connetor to the AJP13 connector and verified the bridge still worked, but NTLM still didn’t work for me.
I still get the following tomcat error:
HTTP Status 403 - The Business Objects server is not ready. (Error: INF 00105)
type Status report
message The Business Objects server is not ready. (Error: INF 00105)
description Access to the specified resource (The Business Objects server is not ready. (Error: INF 00105)) has been forbidden.
For what its worth, Im using Tomcat 4.
Thanks again for everyones help.
Hao.
02-09-2005.zip (12.0 KB)
browncow (BOB member since 2002-09-05)
Hi Hao,
Feel free to slap me for asking a silly question, but did you confirm that the jakarta and wijsp virtual directories (and all subdirs) are set to use IWA?
Joe
joepeters (BOB member since 2002-08-29)
Not silly question, just me not understanding what IWA is. I didn’t mean to imply i confirmed it worked, I just confirmed the IIS/Tomcat connector works.
When I say the connector works, Im saying I don’t have to specify the port for tomcat.
I am unsure what IWA is.
What type of verification are you suggesting I do?
thanks again!
Hao.
browncow (BOB member since 2002-09-05)
ah, ok.
In the IIS administration tool, you have to change the Directory Security for the jakarta and wijsp virtual directories from the default “anonymous” to “Integrated Windows Authentication”.
Joe
joepeters (BOB member since 2002-08-29)
Can you email me the customized file, or let me know what is it that you have changed to get it to work. Thanks
Supportgroup (BOB member since 2005-02-10)
Hao,
if you still having problem after you checked everything as Joe said, you may need to take a look at your uriworkermap.properties file. You seem to have a extra “/” in a couple places. Try these:
open uriworkermap.properties in text editor
change /wijsp/=ajp13 to /wijsp=ajp13
save the file
restart Tomcat
then try http:///wijsp
shuj (BOB member since 2004-04-30)