Currently on BIP 4.1 SP2 (Windows/Tomcat) using Enterprise authentication, but want to set up LDAP authentication. I've looked at the SAP documentation, but it isn't very clear which options to use in my situation:
- LDAP directory contains >100K users, about 350 use BIP
- Do not want to create any LDAP groups, only want to use it to authenticate the username/password
- About 75% of the BIP users have Enterprise usernames that do NOT match their LDAP usernames
Under the "New Alias Option" my sense says to select "Assign each added LDAP alias to an account with the same name," and this would take care of the 25% of users whose Enterprise username matches their LDAP username.
Under the "Alias Update Options" I think I should choose "Create new aliases only when the user logs on," since it mentions having many users in LDAP but not all of them will use BIP.
If I have to manually add the aliases for all 350 initially so be it, I'm more looking for how to avoid having erroneous accounts/aliases created automatically.
Am I on the right track?