LDAP mapping
If users are stored hierarchically within the directory server, you can configure the User lookup and External identity mapping properties to use search filters. When the LDAP authentication provider performs these searches, it uses the filters that you specify for the User lookup and External identity mapping properties. It also binds to the directory server by using the value you specify for the Bind user DN and password property or by using anonymous if no value is specified.
When an LDAP namespace is configured to use the External identity mapping property for authentication, the LDAP provider binds to the directory server by using the Bind user DN and password or by using anonymous if no value is specified. All users who log on to IBM® Cognos® by using external identity mapping see the same users, groups, and folders as the Bind user.
If you do not use external identity mapping, you can specify whether to use bind credentials to search the LDAP directory server by configuring the Use bind credentials for search property. When the property is enabled, searches are performed by using the bind user credentials or by using anonymous if no value is specified. When the property is disabled, which is the default setting, searches are performed by using the credentials of the logged-on user. The benefit of using bind credentials is that instead of changing administrative rights for multiple users, you can change the administrative rights for the bind user only.