cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

active directory authentication

Go to solution
Former Member

on ‎05-20-2010 2:28 PM

0 Kudos

Hi,

We are currently trying to setup the BPC 7.0 sp 7 .NET webserver with integrated active directory authentication in combination with Netweaver As we have both internal and external users 2 AD domains are needed. There is a 2 way trust between these domains. I have defined 2 BPC system user groups. The internal users work fine, I can add any user from the internal active directory. The service user for BPC is also part of this domain

However when I select the external user group to add a new user the tree structure under available from domain remains empty. The service user under which the BPC application and com+ applications are running does have access to the external active directory. This i have tested by connecting to this domain with administrative tools run as the service user.

Are there some additional settings necessary if you want to add users from a trusted domain? I have not found any such reference in the installation guide.

Thx for your help,

Tom Willems

Edited by: Tom Willems on May 20, 2010 3:30 PM

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

former_member192799
Active Participant
‎05-20-2010 3:01 PM
0 Kudos

Hi Tom,

you need to make sure that your sysadmin account has rights to browse the trusted domain.

If that does not work, there is an alternative but that is not as user friendly: you can type the accounts in table UJE_USER in ABAP, specifying which appset they should have access to.

Then when you reopen the admin console the users should be listed and you can then adust their rights (teams, member access profile etc)

I hope this helps

Cheers

Bruno Ranchy

Show replies
Show replies
Former Member
‎05-20-2010 3:41 PM
0 Kudos

Bruno,

I have already doublechecked that the system user has browse access to the trusted domain.

The alternative solution you suggested is something I would like to avoid. This would mean that the users need to remember yet another password and the management would become quite hard, as you already indicated. I would only use this as a last resort.

Regards,

Tom

former_member192799
Active Participant
‎05-20-2010 6:35 PM
0 Kudos

Hi Tom,

no there would not be another password. This would still use the domain accounts. It just bypasses the step in Admin console, where you browse the domain to select the users. Instead you just add them directly in the ABAP table. But it's still the same domain accounts. It's just less user friendly for the person adding the accounts and less elegant.

Bruno

Answers (0)

Ask a Question