LDAP - What to do with designers/supervisors and BCA

Hi all,

BO 6.1b, Oracle 9.2, MS Active Directory

Trawling through the documentation both here, the tech support site and the slides about LDAP (on here somewhere). Am i right in the following bits of information:

  1. Our deisgners and supervisors will be setup as Users in LDAP, but they will have ‘extra’ attributes in LDAP mapping to the Group in the repository which allows them these extra rights? So NO user setup in the repository for these users?

  2. The slideshow suggested problems with BCA Publisher requiring users to be setup in the repository. I assume this is with Publisher only? and not the normal BCA? Do we just setup a user in LDAP with the same name as the agents?

So in essence, the repository will ONLY have groups defined in it, and NO users at all - these users being maintained by LDAP instead.

ie:

SIMSL
|
– Power Users [group]
– Stupid Users [group] <-- actually, think we’d get away with this? :slight_smile:
– Designers
– Supervisors

(Our deisgners have access to ALL universes etc, as do the supervisors…we’re a small shop…4 designers, 2 supervisors, 60 full client, 60 infoview)

Anyone run into any problems with any of this?

Cheers,
Robin.


RobinBowen (BOB member since 2004-06-07)

We did Group to group mapping.

I think General Supervisors have to be top-level, so you can’t map Group to Group.

We went with External then Repository, so we can always fall back to the repository when the LDAP authentication doesn’t work for the particular scenario.


Jeff Binnig (BOB member since 2004-07-23)