Before you start integrating AD with the WebFOCUS product, its good to have a high level understanding of the WebFOCUS security architecture.
A quick overview that can help with this is an article I wrote here
Its about 6-8 pages of high level overview of the places in the WebFOCUS product where security is implemented.
With that in mind, there are a number of different ways to integrate with AD.
If you're looking for your user's to be prompted for credentials by WebFOCUS once, then I recommend:
Managed Reporting Authentication -> WFRS
Reporting Server Security -> LDAP (Against AD)
If you're looking for your user's to never be prompted for credentials besides the logon to their computer, I recommend:
IWA enabled on IIS web server
Managed Reporting Security -> TRUSTED (REMOTE_USER)
Reporting Server Security -> LDAP (Against AD) with TRUST_EXT set to Y to allow a trusted connection (LDAP_AD_ONLY must also be set to N).
With the Reporting Server node within the WebFOCUS Admin Console configured for Trusted security passing the WebFOCUS Variable WF_REMOTE_USER.
If you plan on using database level security based on each user's userid using SQL Server, etc, and you don't want your users to be prompted for credentials at all, I recommend setting up Kerberos according to TM4647.
All of the options outlined above outline authentication options, and don't touch the topic of authorization.
Reporting Server authorization can be controlled by the LDAP group, or with group profiles.
Managed Reporting authorization can reside in AD, but I don't recommend it due to its complexity to maintain. Typically putting the authorization data in a DBMS is much easier to maintain and is the way to go.
WebFOCUS 8.0 is going to have quite a few changes that should allow for greater integration with AD.
WF 71.x, 76.x, 7701, 8.0 Beta OS: Linux, Win2k3, Win2k, Win2k8, WinXP