on 05-20-2010 2:28 PM
Hi,
We are currently trying to setup the BPC 7.0 sp 7 .NET webserver with integrated active directory authentication in combination with Netweaver As we have both internal and external users 2 AD domains are needed. There is a 2 way trust between these domains. I have defined 2 BPC system user groups. The internal users work fine, I can add any user from the internal active directory. The service user for BPC is also part of this domain
However when I select the external user group to add a new user the tree structure under available from domain remains empty. The service user under which the BPC application and com+ applications are running does have access to the external active directory. This i have tested by connecting to this domain with administrative tools run as the service user.
Are there some additional settings necessary if you want to add users from a trusted domain? I have not found any such reference in the installation guide.
Thx for your help,
Tom Willems
Edited by: Tom Willems on May 20, 2010 3:30 PM
Hi Tom,
you need to make sure that your sysadmin account has rights to browse the trusted domain.
If that does not work, there is an alternative but that is not as user friendly: you can type the accounts in table UJE_USER in ABAP, specifying which appset they should have access to.
Then when you reopen the admin console the users should be listed and you can then adust their rights (teams, member access profile etc)
I hope this helps
Cheers
Bruno Ranchy
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Bruno,
I have already doublechecked that the system user has browse access to the trusted domain.
The alternative solution you suggested is something I would like to avoid. This would mean that the users need to remember yet another password and the management would become quite hard, as you already indicated. I would only use this as a last resort.
Regards,
Tom
Hi Tom,
no there would not be another password. This would still use the domain accounts. It just bypasses the step in Admin console, where you browse the domain to select the users. Instead you just add them directly in the ABAP table. But it's still the same domain accounts. It's just less user friendly for the person adding the accounts and less elegant.
Bruno
User | Count |
---|---|
13 | |
2 | |
2 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.