Configuring BusinessObjects for use with LDAP

This topic describes how to configure BusinessObjects Business Intelligence (BI) for use with Lightweight Directory Access Protocol (LDAP).

In addition to using these instructions, review SAP documentation on configuring LDAP authentication. SAP-BusinessObjects-BI-platform-documentation describes how to access the SAP BusinessObjects Business Intelligence documentation, where you can find full details about configuring LDAP authentication.

Before you begin

Review the following prerequisites and gather the information that you need for this procedure.

  1. Review the information in Authentication-and-authorization.
     This topic describes the authentication process, authentication options, and the required installation sequence based on the authentication types that you want to use in your environment.
  2. BusinessObjects BI must already be installed in your environment before you can set up LDAP.
  3. Determine the proper sequence for completing this procedure based on your authentication needs:
    • If you are not going to use BusinessObjects BI Enterprise authentication in your environment, complete this procedure before installing BMC Decision Support – Database Automation.
    • If you are going to use BusinessObjects BI Enterprise authentication and LDAP in your environment, first install BMC Decision Support – Database Automation, run the run_export script and User Role Group (URG) Mapper, and then complete this procedure.
  4. Review this procedure and ask your LDAP administrator for the correct information and settings that you need to use in your environment. Have the following information on hand before you begin this procedure:
    • LDAP host name and port number
    • LDAP directory type
    • LDAP distinguished name
    • LDAP server administrator credentials
    • Secure socket layer (SSL) authentication type
    • Single sign-on (SSO) authentication type

To configure BusinessObjects for use with LDAP

  1. Log on to the Central Management Console (CMC) as described in Accessing-the-Central-Management-Console.
  2. Click Authentication.
  3. Double-click LDAP to open it.
  4. Click Start LDAP Configuration Wizard.
     The wizard displays the following panel.

    LDAPwizard.png
  5. Provide the name of the LDAP computer in your environment in the following format, hostName:portNumber.
     For example, myserver.mycompany.com:3268.
  6. Click Add and then Next.
  7. From the LDAP Server Type menu, select the LDAP directory type for your environment, and click Next.
     The wizard displays the following panel.

    LDAPwizard2.png
  8. Enter the Base LDAP Distinguished Name for your environment in the format that is appropriate for your environment (something similar to the following):
    ou=<organization_unit>,dc=<domain_component>,dc=<domain_component>,dc=<domain_component>
     For example, ou=Security,dc=myserver,dc=mycompany,dc=com
  9. Click Next.
     The wizard displays the following panel.

    LDAPwizard3.png
  10. In the LDAP Server Administration Credentials area, provide the LDAP distinguished name and password for the user account that is authorized to administer your LDAP server and click Next.
     The credentials vary based on your LDAP server configuration. The user must have administrator privileges to configure LDAP.
     Use the complete name in the following format:
    cn_<admin_user_name>,ou=<organization_unit>,ou=<organization_unit>,dc=<domain_component>,dc=<domain_component>,dc=<domain_component>
     For example:
    cn=reportsadmin,ou=Service Accounts,ou=Security,dc=myserver,dc=mycompany,dc=com
  11. From the Type of SSL authentication list, select the SSL authentication type ,and click Next.
  12. From the Authentication list, select your SSO authentication type, and click Next.
  13. In the following panel, select the options to specify how new LDAP users and aliases are created by BusinessObjects.

    LDAPwizard4.png

  14. Click Finish.
    The wizard displays the following message:

    The wizard has now collected all the information it needs. Use the Finish button to save your LDAP settings.

    If the values were entered correctly, go to the next step.
     If invalid values are entered, an error is displayed. Work with your LDAP administrator to rectify the problems and retry this step.

  15. Click Finish.
     The next panel appears.

    LDAPwizard5a.png
  16. In the Mapped LDAP Member Groups section, in the Add LDAP group field, enter a name for the LDAP group in which you want to store your users in BusinessObjects BI and click Add.
  17. In the Attribute Binding Options section, select Import Full Name and Email Address.

    LDAPwizard5b.png
  18. Click Update.
     If the group is validated, the LDAP group is added to Users and Groups in the CMC User and Groups page. To verify that the group was added, access Users and Groups as described in Accessing-users-and-groups-in-the-Central-Management-Console. It might take a little time before the group is added.
     If the group is not validated, an error is displayed and the group is not added to the User list. Work with your LDAP administrator to correct the problem and repeat these steps.

To enable the LDAP selection drop-down in the launch pad

  1. Navigate to the C:\Program Files (x86)\SAP BusinessObjects\Tomcat6\webapps\BOE\WEB-INF\config\custom directory.
  2. Create a file called BIlaunchpad.properties, edit it and add the following line to it:
    authentication.visible=true
  3. Save and close the file.
  4. Restart the BusinessObjects services. See Restarting-the-BusinessObjects-services.

Where to go from here

Configuring-the-data-warehouse-database

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*