cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

AD Form with structurals authorizations

Go to solution
Former Member

on ‎04-24-2014 11:21 AM

0 Kudos

Hi colleagues,

We have an issue with AD form login, Nakisa OrgChart 4.0 SP1 built 0910026400. Someone know if there are some client with a live system with AD form authentication and structural authorizations. could someone confirm us a correct version?.

Regards

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

StephenMillard
Active Contributor
‎04-24-2014 11:37 AM
0 Kudos

Albano.

What issue are you seeing and are there any errors in the cds.log?

I've had a look through our builds repository and the latest version we have for OrgChart 4.0 SP1 is 0910053200 (though checking on the Nakisa Partner Portal I only saw the previously released version 484).  There have been at least three further releases since 264, so I would suggest you contact Nakisa (i.e. raise an OSS) and ask them for two things.

  1. To confirm if a fix has been applied to a later build for your particular issue (provide them with details of the issue as you would for reporting any VSN issue) since build 264; and if it has...
  2. To send you a link to download the latest build (containing the fix).

Regards,

Stephen.

Show replies
Show replies
Former Member
‎04-24-2014 12:09 PM
0 Kudos

Hello Stephen,

yes, it´s a problem with AD form authentication, We had sniffered the network comunication between Nakisa and SAP, and the system try to connect with domain\user (windows domain) and it´s not a valid user for SAP.

It seems very strange the presence of the domain, the RFC’s calls are trying to use as uname for logon SAP the value domain\user.

Yes, we have a OSS message and we are in contact with nakisa support, but we need a urgent solutions because planning go live next month, We would like to know if there are a client with a live system with AD form authentication and structural authorizations.

Regards

Albano

StephenMillard
Active Contributor
‎04-24-2014 12:34 PM
0 Kudos

Albano.

For what it's worth here's a couple of things I might try taking a look at...

I think by default that your AD authentication configuration (Admin Console > Security Settings > Authentication Settings) will be set to use DistinguishedName.  It is probably worth confirming that the DistinguishedName in AD does just contain the SAP user ID and not the domain + the ID.

I note that there's also an option to specify the default domain.  I don't know if having this set will make any difference, but I guess anything is worth a try at this point?  I'm just wondering if Nakisa possibly use that to strip off the domain on whatever is being passed through?

Regards,

Stephen.

Answers (0)

Ask a Question