Configuring LDAP validation

To configure LDAP validation, you will change the password in the TM1s.cfg file so that you can then import names from your LDAP directory and modify group assignments for new users. Then change the password back to the LDAP credentials.

Before you begin

To configure LDAP validation, you need the following information:

  • A name that the TM1® Server can use to log in to LDAP. You can test the validity of this name using ETLDAP.
  • The SSL port on which your LDAP server is running. The default is 636.
  • The name or IP address of the LDAP server you want to use for validation.

Procedure

  1. To use your TM1 credentials to log in, change the password parameter in TM1s.cfg by completing these actions:
    1. Edit TM1s.cfg in your TM1 Server data directory.
    2. Modify PasswordSource=LDAP to read PasswordSource=TM1
    3. Save and exit TM1s.cfg.
    4. Restart your TM1 Server.
  2. To import names from your LDAP directory into TM1 Server, complete these actions:
    1. Use the procedure described in ETLDAP utility.
    2. Use the following TM1 login information:
      • Admin user (default) - Admin
      • Admin password (default) - apple

      Use the user that you specified during the installation to log in to LDAP.

  3. To modify group assignments for new users, complete the following actions:
    1. Log in to TM1 Server as an administrator.
    2. Right-click the server name in Server Explorer and click Security, Clients and Groups.
    3. Modify the groups assignments for your new users as required.

      For each TM1 user ETLDAP added to your database, you must assign that user to the same group they belong to in the LDAP directory. For example, if NadiaC is a member of the group gymnasts in your LDAP directory, ETLDAP creates the user Nadiac, and creates the group gymnasts within TM1. Nadiac displays in the Clients/groups dialog box as a member of gymnasts.

  4. To change the password back to the LDAP credentials, complete these actions:
    1. Edit TM1s.cfg in your TM1 Server data directory.
    2. Modify PasswordSource=TM1 to read PasswordSource=LDAP
    3. Define the connection status:
      • To directly connect to the server, add the following line:
        LDAPUseServerAccount=T
      • To use a password before connecting to the server, add the following lines:

        LDAPPasswordFile= file

        LDAPPasswordKey= key

    4. Save and exit TM1s.cfg file.
    5. Restart your TM1 Server.

      You should now be able to log in to TM1 Server with a name that you added from your LDAP directory.