You can configure IBM®
Cognos® components to use an LDAP namespace when the users
are stored in an LDAP user directory. The LDAP user directory may be accessed from within another
server environment, such as Active Directory Server or SiteMinder.
If
you are configuring an LDAP namespace for a directory server other
than LDAP, see the appropriate section:
You can also use LDAP authentication with IBM Db2 and
Essbase OLAP data sources by specifying the LDAP namespace when you set up the data source
connection. For more information, see the IBM
Cognos Analytics with Watson
Administration and Security Guide.
- In every location where you installed
Content Manager, open IBM Cognos Configuration.
- In the Explorer window,
under Security, right-click Authentication,
and then click New resource > Namespace.
- In the Name box,
type a name for your authentication namespace.
- In the Type list,
click the appropriate namespace and then click OK.
The new authentication provider resource appears in the Explorer window,
under the Authentication component.
- In the Properties window,
for the Namespace ID property, specify a unique
identifier for the namespace.
- Specify the values for all other required
properties to ensure that IBM Cognos components can locate
and use your existing authentication provider.
- If you want the LDAP authentication provider to bind to
the directory server by using a specific Bind user DN and
password when you perform searches, then specify these
values.
If no values are specified, the LDAP authentication
provider binds as anonymous.
If external identity mapping is
enabled, Bind user DN and password are used
for all LDAP access. If external identity mapping is not enabled, Bind
user DN and password are used only when a search filter
is specified for the User lookup property.
In that case, when the user DN is established, subsequent requests
to the LDAP server are run under the authentication context of the
user.
- If you do not use external identity mapping, use bind credentials
for searching the LDAP directory server by doing the following step:
- Ensure that Use external identity is set
to False.
- Set Use bind credentials for search to True.
- Specify the user ID and password for Bind user DN and
password.
If you do not specify a user ID and password, and anonymous
access is enabled, the search is done by using anonymous.
- Check the mapping settings for the required objects and
attributes.
Depending on the LDAP configuration, you
may have to change some default values to ensure successful communication
between IBM Cognos components and the LDAP server.
LDAP
attributes that are mapped to the Name property
in Folder mappings, Group mappings,
and Account mappings must be accessible to
all authenticated users. In addition, the Name property
must not be blank.
- From the File menu, click Save.
- Test the connection to a new namespace.
In the Explorer window, under Authentication,
right-click the new authentication resource and click Test.
You are prompted to enter credentials for a user in the namespace
to complete the test.
Depending on how your namespace is configured,
you can enter either a valid user ID and password for a user in the
namespace or the bind user DN and password.
IBM Cognos loads, initializes, and configures
the provider libraries for the namespace.