Configuring an LDAP namespace for Novell Directory Server

If you configure a new LDAP namespace for use with a Novell Directory Server, you must modify the necessary settings and change the values for all properties of the Novell Directory objects.

Procedure

  1. In every location where you installed Content Manager, open IBM® Cognos® Configuration.
  2. In the Explorer window, under Security, right-click Authentication, and then click New resource > Namespace.
  3. In the Name box, type a name for your authentication namespace.
  4. In the Type(Group) list, click LDAP, then in the Type list, choose LDAP - General default values, and then click OK.

    The new authentication namespace resource appears in the Explorer window, under the Authentication component.

  5. In the Properties window, for the Namespace ID property, specify a unique identifier for the namespace.
    Tip: Do not use colons (:) in the Namespace ID property.
  6. Specify the values for all other required properties to ensure that IBM Cognos can locate and use your existing authentication namespace.
    • For User lookup, specify (cn=${userID})
    • For Bind user DN and password, specify the base DN for an administration user, such as cn=Admin,o=COGNOS
  7. If you want the LDAP authentication provider to bind to the directory server by using a specific Bind user DN and password when you perform searches, then specify these values.

    If no values are specified, the LDAP authentication provider binds as anonymous.

  8. If you do not use external identity mapping, use bind credentials for searching the LDAP directory server by doing the following steps:
    • Ensure that Use external identity is set to False.
    • Set Use bind credentials for search to True.
    • Specify the user ID and password for Bind user DN and password.
  9. To configure the LDAP advanced mapping properties for use with Novell Directory Server objects, use the values specified in the following table.
    Table 1. LDAP advanced mapping values for use with Novell Directory Server objects

    Mappings

    LDAP property

    LDAP value

    Folder

    Object class

    organizationalunit,organization,container

     

    Description

    description

     

    Name

    ou,o,cn

    Group

    Object class

    groupofnames

     

    Description

    description

     

    Member

    member

     

    Name

    cn

    Account

    Object class

    inetOrgPerson

     

    Business phone

    telephonenumber

     

    Content locale

    Language

     

    Description

    description

     

    Email

    mail

     

    Fax/Phone

    facsimiletelephonenumber

     

    Given name

    givenname

     

    Home phone

    homephone

     

    Mobile phone

    mobile

     

    Name

    cn

     

    Pager phone

    pager

     

    Password

    (leave blank)

     

    Postal address

    postaladdress

     

    Product locale

    Language

     

    Surname

    sn

     

    Username

    uid

    These mapping properties represent changes that are based on a default Novell Directory Server installation. If you modify the schema, you might have to make more mapping changes.

    LDAP attributes that are mapped to the Name property in Folder mappings, Group mappings, and Account mappings must be accessible to all authenticated users. In addition, the Name property must not be blank.

    For users to successfully log in to the portal, they must have permission to read the ou and o attributes.

  10. From the File menu, click Save.