When you configure an authentication namespace for IBM®
Cognos®, users from only one domain can log in. By using the
Advanced properties for Active Directory Server, users from related (parent-child) domains and
unrelated domain trees within the same forest can also log in. There is no cross-forest support;
there must be a namespace for each forest.
If you set
a parameter named chaseReferrals to true, users in the original authenticated
domain and all child domains of the domain tree can log in to IBM Cognos.
Users from a parent domain of the original authenticated domain or
in a different domain tree cannot log in.
If you set a parameter
named MultiDomainTrees to true, users in all domain trees in the forest
can log in to IBM Cognos.
Procedure
- In every location where you installed Content Manager,
open IBM Cognos Configuration.
- In the Explorer window, under Security > Authentication,
click the Active Directory namespace.
- In the Properties window, specify
the Host and port property:
- For users in one domain, specify the host and port of a domain
controller for the single domain.
- For users in one domain tree, specify the host and port of the
top-level controller for the domain tree.
- For users in all domain trees in the forest, specify the host
and port of any domain controller in the forest.
- Click in the Value column for Advanced properties and
click the edit icon.
- In the Value - Advanced properties window,
click Add.
- Specify two new properties, chaseReferrals and MultiDomainTrees,
with the values from the following table:
Table 1. Advanced
properties settings
Authentication for
|
chaseReferrals
|
MultiDomainTrees
|
One domain
|
False
|
False
|
One domain tree
|
True
|
False
|
All domain trees in the forest
|
True
|
True
|
- Click OK.
- From the File menu, click Save.