Skip to main content link. Accesskey S
  • HCL Logo
  • HCL Connections On-Premise Wiki
  • THIS WIKI IS READ-ONLY.
  • HCL Forums and Blogs
  • Home
  • API Documentation
Search
Community Articles > Deployment Scenarios > Configure Active Directory Server LDAP Namespace for Metrics of Connection 4.0
  • Share Show Menu▼

Recent articles by this author

Configure Active Directory Server LDAP Namespace for Metrics of Connection 4.0

Metrics is a new component of Connections 4.0, and the deployment of Metrics need the LDAP server configuration in Cognos side, this article will introduce the steps to set up the LDAP namespace for Active Directory Server for Metrics.
Community articleConfigure Active Directory Server LDAP Namespace for Metrics of Connection 4.0
Added by ~Laura Quetboosiverakol | Edited by ~Samuel Umjipytheroni on October 12, 2012 | Version 7
  • Actions Show Menu▼
expanded Abstract
collapsed Abstract
Metrics is a new component of Connections 4.0, and the deployment of Metrics need the LDAP server configuration in Cognos side, this article will introduce the steps to set up the LDAP namespace for Active Directory Server for Metrics.
Tags: Metrics, Cognos, LDAP, Active Directory, 4.0_deployment
About this task
Configure the IBM® Cognos® Business Intelligence server to support the use of same Active Directory LDAP server that IBM Connections uses for authentication.


Procedure

1. Launch Cognos Configuration tool on Cognos server by following the guide 'Configuring support for LDAP authentication for Cognos Business Intelligence' on the IBM Connections 4.0 info center.
2. Expand Local Configuration > Security > Authentication.
3. Click New resource > Namespace.
4. In the window opened, input the value of 'Name' (Suggest to use the value of the cognos.namespace value sppecified in the cognos-setup.properties file during the installation ), select 'LDAP' from the 'Type' list, then click 'OK'.
5. Fill in the properties for your LDAP directory, use the following tables as a guideline. After have this done, follow the rest of the steps in the guide mentioned in step1 to complete the LDAP configuration.

Table 1 LDAP properties list

FIELD
Example value
Comments
Namespace ID
IBMConnections
Type the value of the cognos.namespace value sppecified in the cognos-setup.properties file (this property must match that value).
Host and port
ldap.example.com:389
Type the fully qualified host name and port of the LDAP server.
Base distinguished name
ou=Sales,o=Example
Type the base DN where LDAP searches will originate.
User lookup
(sAMAccountName=${userID})
Type the expression to use when constructing the fully qualified DN of the user for authentication.
Use external identity?
true
Set to true to enable Single Sign-On with WebSphere Application Server.
External identity mapping
(sAMAccountName=${environment("REMOTE_USER")})
Type the expression to be for constructing the fully qualified DN of the user for authentication when SSO is enabled (that is, when Use external identity? is set to true). The variable REMOTE_USER passes the information from WebSphere Application Server.
Bind user DN and password
cn=binduser,ou=Sales,o=Example
password
Type the credentials used for binding to the LDAP and for performing user lookups.

If no values are specified, the LDAP authentication provider binds as anonymous.

If External identity mapping is enabled, the Bind user DN and Password are used for all LDAP access. Otherwise, these credentials are used only when a search filter is specified for the User lookup property. In that case, when the user DN is established, subsequent requests to the LDAP server are executed under the authentication context of the end user.

Unique identifier
objectGUID
Specifies the value used to uniquely identify objects stored in the LDAP directory server.

Specify either an attribute name or the value of 'dn' to use as the unique identifier. If an attribute is used, it must exist for all objects, such as users, groups, folders. If the 'dn' is used, more resources are used as you search deeper in the LDAP directory server hierarchy and policies may be affected if the 'dn' is renamed.

Table 2 LDAP advanced mapping values for use with Active Directory Server objects

Mappings
LDAP property
LDAP value
Folder
Object class
organizationalUnit,organization,container
Description
description
Name
ou,o,cn
Group
Object class
group
Description
description
Member
member
Name
cn
Account
Object class
user
Business phone
telephonenumber
Content locale
(leave blank)
Description
description
Email
mail
Fax/Phone
facsimiletelephonenumber
Given name
givenname
Home phone
homephone
Mobile phone
mobile
Name
displayName
Pager phone
pager
Password
unicodePwd
Postal address
postaladdress
Product locale
(leave blank)
Surname
sn
Username
sAMAccountName
Note:

These mapping properties represent changes based on a default Active Directory Server installation. If you have modified the schema, you may have to make additional mapping changes.

LDAP attributes that are mapped to the Name property in Folder mappings, Group mappings, and Account mappings must be accessible to all authenticated users. In addition, the Name property must not be blank.

Here is an example of Active Directory LDAP configuration:

AD configuration example


  • Actions Show Menu▼


expanded Attachments (0)
collapsed Attachments (0)
Edit the article to add or modify attachments.
expanded Versions (1)
collapsed Versions (1)
Version Comparison     
VersionDateChanged by              Summary of changes
This version (7)Oct 12, 2012, 9:28:01 AM~Samuel Umjipytheroni  
expanded Comments (0)
collapsed Comments (0)
Copy and paste this wiki markup to link to this article from another article in this wiki.
Go ElsewhereStay ConnectedAbout
  • HCL Software
  • HCL Digital Solutions community
  • HCL Software support
  • BlogsDigital Solutions blog
  • Community LinkHCL Software forums and blogs
  • About HCL Software
  • Privacy
  • Accessibility