Currently on BIP 4.1 SP2 (Windows/Tomcat) using Enterprise authentication, but want to set up LDAP authentication. I've looked at the SAP documentation, but it isn't very clear which options to use in my situation:
- LDAP directory contains >100K users, about 350 use BIP
- Do not want to create any LDAP groups, only want to use it to authenticate the username/password
- About 75% of the BIP users have Enterprise usernames that do NOT match their LDAP usernames
Under the "New Alias Option" my sense says to select "Assign each added LDAP alias to an account with the same name," and this would take care of the 25% of users whose Enterprise username matches their LDAP username.
Under the "Alias Update Options" I think I should choose "Create new aliases only when the user logs on," since it mentions having many users in LDAP but not all of them will use BIP.
If I have to manually add the aliases for all 350 initially so be it, I'm more looking for how to avoid having erroneous accounts/aliases created automatically.
Am I on the right track?
Josh Pare replied
If you want users to login using the LDAP authentication you MUST map a group they are a member of for password sync at the very minimum. However if you have the users already created as Enterprise users you could configure Trusted Authentication SSO and the end users would not be prompted for a password... No LDAP needed.
1593628 - Setting up Trusted Authentication in BI4 for BIlaunchPad and Opendocument using QUERY_STRING