Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

BOE XI R2- AD vs LDAP?

Status
Not open for further replies.

Ruune

Programmer
Jun 7, 2006
33
US
Hi, we're currently doing a proof of concept with BOE XI R2, and want to structure it around a single sign on. What are the advantages/disadvantages of AD vs. LDAP?
 
We've currently got active directory over multiple domains, plus I'm told that novell uses LDAP, and I **think** that the Cognos side of the house is using LDAP as well.

Basically, I'm wanting to utilize single sign on w/ domain info, then do grouping inside BOEXI.
 
One thing that I would point out is that you can only do true single sign on with AD. This just means that if they go to the log on page, it will automatically log them on as the AD user that is logged into the machine and bring them right into InfoView.
With LDAP, it will bring you to the log on screen where the user would have to click the log on button to get in. It is not necessary for them to enter their password, but you can't get out of the box pass thru.

~Brian
 
It will only log them automatically if they are using the .NET version of Infoview. The Java version is incapable.

We use the Java Infoview, because of PM, and I setup an ASP script in IIS that creates the LogonToken and redirects to the Java InfoView.

I believe there might be an issue with this method if you want straight-thru SSO (to DB) because NTLM is used. The DB SSO requires Kerberos. I don't believe you can use both.
 
I'm thinking that we're leaning more towards AD-based single sign on, and then managing groups inside of BOE. For my application alone, I have approximately 1500 users at 24 different facilities, with report coordinators at each facility- who will manage their own groups. Also, each facility has its own view to our oracle DSS, and access views are being set on a per-group basis, with filters allowing for views with their own data.

Also, regarding the web application server- we're actually using the websphere interface in an SOA/UCE cluster. Thankfully we've got some knowledgeable websphere people here!
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top