I’m thinking that this will be the last part in this series for a while. I may certainly revisit the topic of SAP Business Objects XI on Linux, but for now, I think we’ll put a bow on it. I don’t know why but this post kind of makes me smile. We are going to crack open a big can of Windows Active Directory (AD) goodness. Hopefully by now, you’ve been through Part 1, Part 2, and Part 3 of this series. I hope good things have come of it for you. The topic I have been inspired to cover today is handling Active Directory authentication on XI 3.1 via LDAP. Score.
There are some assumptions/prerequisites here for you:
- You already have an AD domain controller you can access.
- If your Linux box isn’t already sharing your corporate DNS server, define that domain controller host name in your
/etc/hostsfile. - You have a user account capable of browsing your AD structure via LDAP. I easily tested this using the Apache Directory Studio.
- Remember to modify your
web.xmlfile for your InfoViewApp deployment to set the authentication.visible property to true. We’ll need this to test out authentication later. If you’ve been following along but are still unfamiliar with this file, browse to/app/bobj/bobje/tomcat/webapps/InfoViewApp/WEB-INFand edit theweb.xmlfile. Do a quick search for authentication.visible and update the flag.
On to the fun part…
Connecting this VM to AD is actually quite easy since SAP has made this a standard behavior. You just need to know how to reference the DN correctly.
- Start out by entering the CMC and clicking the Authentication section. Double click on LDAP to start the configuration wizard.
- If you don’t already have a defined host, reference the IP address of the server running the domain controller and unless changed, it should be running on port 389.
- The great part here is we already have a default selection for AD, which maps all of the attribute mappings to the appropriate elements in AD.
- Here you have to define the Base LDAP Distinguished Name. The example on my dev AD server looks like:
CN=Users,DC=CORP,DC=EVTVM,DC=COM. Breaking this down a little bit, Users is the point in the tree, for a simple term, where your users exists. This can be nested I do believe (but I’m REALLY not an AD expert). The three “DC” parts are the fully qualified domain name of the domain,CORP.EVTVM.COM. Again, I’m not the AD guru here. Consult your Windows Admin for help if you are having connecting the dots here.
- Here, at a minimum, you have to supply a valid AD username and password that can query AD. In my case, I am the admin on my dev AD controller so this was an easy one. Simply append “CN=Username” to the beginning of your base DN and enter that user’s password. Referrals, as I understand them, will forward the LDAP authentication request to another LDAP host if it can’t find the user in the default tree. It’s ignored here.
- No SSL on SSL authentication for me.
- No SSO either on my test.
- You can always accept the defaults here and modify later, but this controls the behavior of adding new user aliases when XI synchronizes with LDAP.
- Presto. Finish it.
- With all of those settings committed, you should be set to check the box to enable LDAP as well as the one to enable and update user’s credentials. The only thing missing now is defining a group to map using an AD group. Note that the structure for adding this group isn’t as simple as just throwing out the group name. You have to give it the full cn. In this example, my group is called “bobjdemo”. I added it as follows in the “Add LDAP Group” box.
cn=bobjdemo,cn=users,dc=corp,dc=evtvm,dc=comOnce added, it looks like so:
- Click the update button at the bottom and you’ve got it. Your AD group is mapped in as an alias, and depending on how you set up your user adds in step 8 above, either users will get an alias on update, or when they first log in.
As with the prior posts, this is not a configuration (CentOS 5.4 running SAP Business Objects XI 3.1) that is supported or recommended for production. But hopefully, if you didn’t have the resources to do so before, you got a taste of building XI on Linux and have a consistent, core architecture.
Read the rest of the SAP BusinessObjects Enterprise XI 3.1 on Linux series.