Configure the Components › Integrate CA Business Intelligence with Active Directory › Configure CA Business Intelligence for LDAP Authentication

Configure CA Business Intelligence for LDAP Authentication

Follow these steps:

1. Click Start, All Programs, BusinessObjects XI 3.1, BusinessObjects Enterprise, BusinessObjects Enterprise Central Management Console.
2. Log in to the Central Management Console as the BOXI Application Administrator.
3. Click Authentication under the Manage column.

   

4. Double-click LDAP on the Authentication Page.
5. Click Start LDAP Configuration Wizard.

   

6. Type the LDAP host name and Active Directory listening port, click Add, and click Next.

   

7. Select the LDAP Server Type as Microsoft Active Directory Application, then click the Show Attribute Mappings link.

   

   The attribute mappings appear.

8. Change the following attributes and click Next.

   User Name

   Value: sAMAccountName

   Default User Search Attribute:

   Value: sAMAccountName

   Note: When the attributes are changed, the LDAP Server Type value changes to Custom automatically.

9. Provide the Base LDAP Distinguished Name, and click Next.

   For example, cn=users,dc=gsplab,dc=ca,dc=com

10. Provide the Distinguished Name and password, leave the default for LDAP Credentials and Maximum Referral Hops, and click Next.

    For example, CN=GSP Admin,CN=Users,DC=GSPLAB,DC=ca,DC=com

11. For the Type of SSL authentication, accept the default as Basic (no SSL) and click Next.
12. For Authentication, accept the default as Basic (no SSO) and click Next.
13. Set the appropriate LDAP Import options:

    

14. Click Finish.
15. Map LDAP Member Groups. Type the group name in the Add LDAP group (by cn or dn): Field, and click Add.

    For example, cn=ForwardInc,cn=users,dc=gsplab.dc=ca,dc=com

    Note: Do not prefix the LDAP group dn or cn with “secLDAP.”

    

16. On the same screen, verify that the following options are selected:
    • New Alias Options:

      Assign each added LDAP alias to an account with the same name.

    • Alias Update Options:

      Create new aliases when the Alias Update Occurs.

    • New User Options:

      New users are creates as concurrent users.

    • Attribute Binding Options:
      • Select the Import Full Name and Email Address checkbox.
      • Select the Give LDAP attribute binding priority over AD attribute binding checkbox.
17. Click Update to complete mapping.
    1. Scroll to the top of the screen and verify the message, "LDAP Authentication updated" appears.
    2. Close the screen and return to the Authentication screen in the Central Management Console.
18. Select Users and Groups from the Central Management Console drop-down list.
19. Verify that users are imported:
    1. By default, the Group Hierarchy appears, showing the LDAP groups added in Step–14.
    2. Click User List and verify that LDAP users are imported.
20. Add the mapped LDAP groups to the appropriate CA Business Intelligence groups by performing the following steps:
    1. Click Group List. Right-click a group name and click “Add Members to Group”.
    2. Select the LDAP group, and click the ">" button.
    3. Click OK.

       Verify that the LDAP group shows up under the CABI group, under Group Hierarchy.

    For example, map cn=Report Admins to the CA Report Admins group. In this example, the LDAP group members inherit privileges to administer reports.