Configure an Active Directory Namespace

You can use Active Directory Server as your authentication provider.

You also have the option of making custom user properties from the Active Directory Server available to IBM® Cognos® Controller components.

Note: For IBM Cognos components to work properly with Active Directory Server, ensure that the Authenticated users group has Read privileges for the Active Directory folder where users are stored.

Before you begin

If you are configuring an Active Directory namespace to support single signon with a Microsoft SQL Server data source, the following configuration is required:

  • The IBM Cognos gateway must be installed on an IIS Web server that is configured for Windows Integrated Authentication.
  • Content Manager must be installed on a Windows 2008 server.
  • Content Manager, Report Server (Application Tier Components), IIS Web server, and the data source server (Microsoft SQL Server) must belong to the Active Directory domain.
  • The data source connection for Microsoft SQL Server must be configured for External Namespace and that namespace must be the Active Directory namespace.

For more information about data sources, see the IBM Cognos Administration and Security Guide.

Procedure

  1. On the computer where you installed Content Manager, start IBM Cognos Configuration.
  2. In the Explorer window, under Security, right-click Authentication, and then click New resource, Namespace.
  3. In the Name box, type a name for your authentication namespace.
  4. In the Type list, click the appropriate namespace and then click OK.

    The new authentication provider resource appears in the Explorer window, under the Authentication component.

  5. In the Properties window, for the Namespace ID property, specify a unique identifier for the namespace.
  6. Specify the values for all other required properties to ensure that IBM Cognos components can locate and use your existing authentication provider.
  7. Specify the values for the Host and port property.
  8. If you want to be able to search for details when authentication fails, specify the user ID and password for the Binding credentials property.

    Use the credentials of an Active Directory Server user who has search and read privileges for that server.

  9. From the File menu, click Save.
  10. Test the connection to a new namespace. In the Explorer window, under Authentication, right-click the new authentication resource and click Test.

Results

IBM Cognos Controller loads, initializes, and configures the provider libraries for the namespace.