Configuring an LDAP namespace for Novell Directory Server
Procedure
- In every location where you installed Content Manager, open IBM® Cognos® Configuration.
- In the Explorer window, under Security, right-click Authentication, and then click New resource > Namespace.
- In the Name box, type a name for your authentication namespace.
- In the Type(Group) list, click LDAP, then
in the Type list, choose LDAP - General default values, and then click
OK.
The new authentication namespace resource appears in the Explorer window, under the Authentication component.
- In the Properties window, for the Namespace
ID property, specify a unique identifier for the namespace.
Tip: Do not use colons (:) in the Namespace ID property.
- Specify the values for all other required properties to
ensure that IBM Cognos can locate and use your existing authentication
namespace.
- For User lookup, specify (cn=${userID})
- For Bind user DN and password, specify the base DN for an administration user, such as cn=Admin,o=COGNOS
- If you want the LDAP authentication provider to bind to the directory
server by using a specific Bind user DN and password when you perform
searches, then specify these values.
If no values are specified, the LDAP authentication provider binds as anonymous.
- If you do not use external identity mapping, use bind credentials for
searching the LDAP directory server by doing the following steps:
- Ensure that Use external identity is set to False.
- Set Use bind credentials for search to True.
- Specify the user ID and password for Bind user DN and password.
- To configure the LDAP advanced mapping properties for use with Novell Directory Server
objects, use the values specified in the following table.
Table 1. LDAP advanced mapping values for use with Novell Directory Server objects Mappings
LDAP property
LDAP value
Folder
Object class
organizationalunit,organization,container
Description
description
Name
ou,o,cn
Group
Object class
groupofnames
Description
description
Member
member
Name
cn
Account
Object class
inetOrgPerson
Business phone
telephonenumber
Content locale
Language
Description
description
Email
mail
Fax/Phone
facsimiletelephonenumber
Given name
givenname
Home phone
homephone
Mobile phone
mobile
Name
cn
Pager phone
pager
Password
(leave blank)
Postal address
postaladdress
Product locale
Language
Surname
sn
Username
uid
These mapping properties represent changes that are based on a default Novell Directory Server installation. If you modify the schema, you might have to make more mapping changes.
LDAP attributes that are mapped to the Name property in Folder mappings, Group mappings, and Account mappings must be accessible to all authenticated users. In addition, the Name property must not be blank.
For users to successfully log in to the portal, they must have permission to read the ou and o attributes.
- From the File menu, click Save.