Include or Exclude Domains Using Advanced Properties

When you configure an authentication namespace for IBM® Cognos®, users from only one domain can log in. By using the Advanced properties for Active Directory Server, users from related (parent-child) domains and unrelated domain trees within the same forest can also log in. There is no cross-forest support; there must be a namespace for each forest.

If you set a parameter named chaseReferrals to true, users in the original authenticated domain and all child domains of the domain tree can log in to IBM Cognos. Users from a parent domain of the original authenticated domain or in a different domain tree cannot log in.

If you set a parameter named MultiDomainTrees to true, users in all domain trees in the forest can log in to IBM Cognos.

Procedure

  1. In every location where you installed Content Manager, open IBM Cognos Configuration.
  2. In the Explorer window, under Security > Authentication, click the Active Directory namespace.
  3. In the Properties window, specify the Host and port property:
    • For users in one domain, specify the host and port of a domain controller for the single domain.
    • For users in one domain tree, specify the host and port of the top-level controller for the domain tree.
    • For users in all domain trees in the forest, specify the host and port of any domain controller in the forest.
  4. Click in the Value column for Advanced properties and click the edit icon.
  5. In the Value - Advanced properties window, click Add.
  6. Specify two new properties, chaseReferrals and MultiDomainTrees, with the values from the following table:
    Table 1. Advanced properties settings

    Authentication for

    chaseReferrals

    MultiDomainTrees

    One domain

    False

    False

    One domain tree

    True

    False

    All domain trees in the forest

    True

    True

  7. Click OK.
  8. From the File menu, click Save.