Enabling Authentication in Your Project

About this task

The Watson™ Explorer Engine makes it easy to integrate authentication and access controls in a project by setting a few per-project variables. These variables are set on the Project's Misc tab. To set these


  1. Click the Project entry in the Watson Explorer Engine administration tool's left-hand navigation bar to open your windows-auth-tutorial project
  2. Click the Advanced tab
  3. Click the Misc sub-tab
  4. Click edit at the far right of the screen.
  5. Scroll down until you see the Directory section

    This is shown in Figure 1.

    Figure 1. Project Settings for LDAP Authentication and Authorization

    To use authentication with your project so that you can only see search results that you are authorized to see, you must provide the following values on this screen:

    • directory.hostname - the host name or IP address of the system on which the Active Directory/LDAP server is running.
    • directory.port - the port on which the Active Directory/LDAP server is listening. The default value, 389, is correct unless the server has been relocated to another port for security or other reasons.
    • directory.search-base - the distinguished name of the base object for the Active Directory/LDAP server that you are querying. The distinguished name of the main domain may work, such as dc=mydomain,dc=com, though it may not be the most efficient value to provide. If you see an LDAP error such as error 39, you should provide the distinguished name of a more specific object, such as cn=Users,dc=mydomain,dc=com. (See Common LDAP Errors for more detailed information about LDAP errors.)
    • directory.binding-username - the username used to bind to the directory service. In most cases this is a Distinguished Name such as the following:

      A user's logon name may sometimes work with Active Directory, but using a distinguished name will always work and will help avoid potential confusion.

    • directory.binding-password - the password used by the directory.binding-username to connect to the Active Directory/LDAP server. You will have to enter this value twice to ensure that you have not made any typographical errors, because whatever you type is not actually echoed to the screen.
  6. Click OK

    (at the top right of this screen) to save your changes.


To proceed to the next section of this tutorial, click Enabling Authentication in Your Source.