AD authentication for domain in another forest- XI R2
- Windows 2003
- BOXI R2 (tomcat)
- 2 domains (in different forest)
- trust between the two domains
We have succesfully installed the AD-authentication plugin for domain1.
To work around for domain2, we've added users from domain2 inside a group of domain1, but these users are not shown inside the CMC when we import the AD-group.
Can we use the LDAP plugin for the domain2? What should be the procedure?
If found a similar question on this forum from one month ago, where they were talking about BO3 SP1, which will support multiple forest. But not really a solution the could help me out now.
Thanks in advance!
Tim Ziemba replied
In XIR2 we cannot map in groups that contain users from 2 different forests. To work around this we could use LDAP to AD, but there are a few limitations.
If you want to upgrade the version that should contain this will hopefully be out by the end of this month XI 3.1 or XI 3.0 integrated SP1.
There should be some notes on using LDAP to AD in the SMP as well as it's documented in the [XI 3.0 Admin Guide|http://help.sap.com/businessobject/product_guides/boexir3/en/xi3_bip_admin_en.pdf]