Dear experts,

In a normal windows server 2003 case,
i follow these steps to create my new users.

1) create new user in baan server
2) create new user in Baan Tools ttaad2100m000
3) convert to runtime dictionary
4) link user between baan user and database user ttdba0110m000
5) dump user

I created only one database user called Baan. All users are linked to one database user. This works fine.

But now I have another scenario. I have another server which has active directory and all users are created in active directory.
Is the above steps still valid? What else must I do?
Using the same steps to create new user, I could not log into baan with my new user login. Why?

Thanks and regards,

Of course , I think that there is no relation between AD users and baan users.
As far as I known , there is a no relation between AD and Baan.


Good LUck

Hi Mr suleyman,

So can i use the normal way to setup the new users to login baan.

I tried but it dont allow me to enter baan.

rgds

As far as I know, baan connections are authenticated against operating system users. You have to mach baan user and operating system username, but you may specify any kind of authentication in the operating system layer. I used pam with LDAP, or even NIS, without problems.

Bye,
Giuseppe

Eppe can be right. I don't use it.Because our structure is in unix.

We use Baan IVc4/W2K3/Oracle with O/S authentication against AD, works great. Users are created in AD and authenticated by Baan against AD during login.

Hi sctoolsguy,

Could you state what are the steps you did?

If you could give me a screen dump of the screen you use to enter the user in AD, it would greatly help. Any other information is appreciated.

Thanks and regards

I will get you the information requested next week.

I would be very interested in this information also if you would share it with us, as we are looking at Active Directory for authentification.

I have done it a few days ago on an IBM AIX 5.2 machine. This host hosts baan IVsp15 and oracle 9.2. Porting set is 6.1c.07.14.
What I did was to configure and activate AD authentication within AIX. There is nothing to do in baan or oracle.

How did you address the 8 character limit in BAAN IVC4 ?

Our user names are 8 character long. Anway, I inquired the italian Infor subsidiary and they told me (two weeks ago) that they have a solution for this.

can you give me information to contact them?

Guys,
Quoting an earlier line from the thread..
"I created only one database user called Baan. All users are linked to one database user."

How will the Database Authorization sessions work if the Baan users are linked to just one database user(baan)?? Doesnt the database authorization sessions check for the database users while authenticating their access?
For E.g: If UserA is given permission to Table1 and UserB is not, then wouldnt there be a conflict since both of them are linked to the same db user?

sk

"How will the Database Authorization sessions work if the Baan users are linked to just one database user(baan)?? "

No problem. Database authorization is checking on application level. UserA can send "select something form Table1" and database user will run this select, UserB can't send such select.

Any drawbacks in using this technique(one to many) against having as many database users as there are baan users(many to many)??

sk

A concern might the fact that all the processes in the database originating from Baan show the same user id. If you needed to perform in depth research on a database issue you wouldn't be able to research by user id (since they are all the same); you would have to find other methods.

The plus side to using one database user is you have minimized database user management and thus minimized database security management associated with Baan db users.