Configuring an Active Directory Namespace

You can use Active Directory Server as your authentication provider.

You also have the option of making custom user properties from the Active Directory Server available to IBM® Cognos® components.

Before you begin

For IBM Cognos to work properly with Active Directory Server, ensure that the Authenticated users group has Read privileges for the Active Directory folder where users are stored.

If you are configuring an Active Directory namespace to support single signon with a Microsoft SQL Server or Microsoft Analysis Server data source, ensure the following configuration:

  • The IBM Cognos gateway is installed on an IIS web server that is configured for Integrated Authentication on Microsoft Windows operating system.
  • The gateway is assigned to the local intranet website in your web browser.
  • Content Manager is installed on a Windows 2008 or Windows 2012 server.
  • Content Manager, Application Tier Components, IIS web server, and the data source server (Microsoft SQL Server or Microsoft Analysis Server) belong to the Active Directory domain.
  • The data source connection for Microsoft SQL Server or Microsoft Analysis Server is configured for External Namespace and that namespace must be the Active Directory namespace.

For more information about data sources, see the IBM Cognos Analytics Administration and Security Guide.

Procedure

  1. In every location where you installed Content Manager, open IBM Cognos Configuration.
  2. In the Explorer window, under Security, right-click Authentication, and then click New resource > Namespace.
  3. In the Name box, type a name for your authentication namespace.
  4. In the Type list, click the appropriate namespace and then click OK.

    The new authentication provider resource appears in the Explorer window, under the Authentication component.

  5. In the Properties window, for the Namespace ID property, specify a unique identifier for the namespace.
  6. Specify the values for all other required properties to ensure that IBM Cognos components can locate and use your existing authentication provider.
  7. Specify the values for the Host and port property.

    To support Active Directory Server failover, you can specify the domain name instead of a specific domain controller.

    For example, use mydomain.com:389 instead of dc1.mydomain.com:389.
  8. If you want to search for details when authentication fails, specify the user ID and password for the Binding credentials property.

    Use the credentials of an Active Directory Server user who has search and read privileges for that server.

  9. From the File menu, click Save.
  10. Test the connection to a new namespace. In the Explorer window, under Authentication, right-click the new authentication resource and click Test.

    You are prompted to enter credentials for a user in the namespace to complete the test.

    Depending on how your namespace is configured, you can enter either a valid user ID and password for a user in the namespace or the bind user DN and password.

Results

IBM Cognos loads, initializes, and configures the provider libraries for the namespace.