Configuring an LDAP namespace for Oracle Directory Server

If you configure a new LDAP namespace for use with an Oracle Directory Server, default values are generated for you.

Procedure

  1. In every location where you installed Content Manager, open IBM® Cognos® Configuration.
  2. In the Explorer window, under Security, right-click Authentication, and then click New resource > Namespace.
  3. In the Name box, type a name for your authentication namespace.
  4. In the Type list, click LDAP - Default values for Oracle Directory Server and then click OK.

    The new authentication namespace resource appears in the Explorer window, under the Authentication component. Check them and make changes as needed.

  5. In the Properties window, for the Namespace ID property, specify a unique identifier for the namespace.
    Tip: Do not use colons (:) in the Namespace ID property.
  6. Specify the values for all other required properties to ensure that IBM Cognos can locate and use your existing authentication namespace.

    The following settings are examples:

    • For User lookup, enter (uid=${userID})
    • If you use single signon, for Use external identity, set the value to True.
    • If you use single signon, for External identity mapping, specify any attribute, such as the NT user domain ID or the user ID:

      (ntuserdomainid=$environment("REMOTE_USER")})

      (uid=${environment("REMOTE_USER")})

      Important: Ensure that you use only the variable REMOTE_USER. Using another variable can cause a security vulnerability.
    • For Unique identifier, type nsuniqueid
  7. If you want the LDAP authentication provider to bind to the directory server by using a specific Bind user DN and password when you perform searches, then specify these values.

    If no values are specified, the LDAP authentication provider binds as anonymous.

  8. If you do not use external identity mapping, use bind credentials for searching the LDAP directory server by doing the following steps:
    • Ensure that Use external identity is set to False.
    • Set Use bind credentials for search to True.
    • Specify the user ID and password for Bind user DN and password.
  9. From the File menu, click Save.