Configuration details for Integrating Active Directory with Business Objects XI R2 :
AD Integration - Active Directory Integration is a significant improvement for the user experience as they will be using their LANid/pswd to login to business objects. We have implemented User Authentication using Windows AD but the authorization (content access permissions) are still with in Business Objects. We have a single Business Objects Users Group in AD and several B.O XI R2 User Groups with in the application. The benefits of this approach include the user can still user their AD credentials (LAN user info) to login to business objects and the B.O Administrator can quickly create user groups and assign permissions with in the B.O XI R2 Application with out the need to co-ordinate this with the AD Administrator.
Please upgrade the JRE on your Web Server to JRE 1.5 or higher to avoid an issue related to the Case Sensitive User Names while using Active Directory which is a limitation of JRE 1.4 (Java) .
Please review the attached document for the Installation and Configuration steps (end to end) for Integrating Business Objects and Active Directory. Since the file size exceeds the 256 KB set by the BOB Forum, the file can be accessed by clicking on the following link
at http://www.freedrive.com/folder/142368
If you are on Business Objects XI R2 Service Pack 2 or Higher , there is new functionality available to grant B.O Infoview portal access by silently passing Active Directory userid/pswd to B.O with out ever having the users enter their userid/pswd on the Infoview Portal logon page , thanks to a third party component “vintela” included in SP2.
Thanks for the info. Since you have implemented, is it stable? Can BO XI r2 support multiple user groups within LDAP/AD. How do you tag universes that belong to diff applications to only a few set of people/groups… is that role based access control mechanism
can you pls shed light with some examples couple of universes tied to three diff groups
I have a similar problem, I have around 11 AD’s for every country like SG, CN, MY etc. Now I managed to register SG and CN but for other countries I cannot register in the Windows AD authentication and I get the following error:-
Error updating Windows AD authentication properties: The secWinAD
plugin failed to look up the account for the group “secWinAD:CN=Domain
Users,CN=Users,DC=my,DC=domain,DC=com”. Please enter non-local
groups as DomainName\GroupName and local groups as
\ServerName\GroupName.
Is there anyway to have multiple AD to be validated, if so how to register the different countries in BO…
I used the BO Document to setup the AD integration with BO. I tried all the steps which are mentioned in the document and so, the SG and CN works, but the other countries are not working, I dont know were am wrong.
Can someone help me to get rid of this.
Also the case sensitive user id is a problem only in Infoview and also I tried installing java 1.5, but still have the same problem.
The Case Sensitive user id is working, when the Java 1.5 is installed in the BO Server and the Tomcat Application server Configuration should point to the Java 1.5.
Start --> All Programs --> Tomcat --> Tomcat Configuration and
Select Java tab then change Java Virtual Machine and Java Classpath to point out to Java 1.5 not the Java 1.4.2 under Business Objects Folder.
I also see that you have crated fault tolerant architecuture by keeping multiple tomcat installation sync with Cicso router. I am wondering if you can share setup instruction of this also with me. Thanking you in advance.
(BOB member since 2006-03-23)
(BOB member since 2002-08-08)