Skip to main content link. Accesskey S
  • Help
  • IBM Logo
  • IBM Connections wiki
  • All Wikis
  • All Forums
  • THIS WIKI IS READ-ONLY. Learn more...
  • Home
  • Product Documentation
  • Community Articles
  • Learning Center
  • IBM Redbooks
  • API Documentation
Search
Community Articles > Deployment Scenarios > Configure Active Directory Server LDAP Namespace for Metrics of Connection 4.0
  • Share Show Menu▼
  • Subscribe Show Menu▼

About the Original Author

Click to view profilexiao feng zhang
Contribution Summary:
  • Articles authored: 1
  • Articles edited: 1
  • Comments Posted: 0

Recent articles by this author

Configure Active Directory Server LDAP Namespace for Metrics of Connection 4.0

Metrics is a new component of IBM Connections 4.0, and the deployment of Metrics need the LDAP server configuration in Cognos side, this article will introduce the steps to set up the LDAP namespace for Active Directory Server for Metrics.
Community articleConfigure Active Directory Server LDAP Namespace for Metrics of Connection 4.0
Added by xiao feng zhang | Edited by IBM contributorXiao Feng Z Zhang on October 12, 2012 | Version 7
  • Actions Show Menu▼
Rate this article 1 starsRate this article 2 starsRate this article 3 starsRate this article 4 starsRate this article 5 stars
expanded Abstract
collapsed Abstract
Metrics is a new component of IBM Connections 4.0, and the deployment of Metrics need the LDAP server configuration in Cognos side, this article will introduce the steps to set up the LDAP namespace for Active Directory Server for Metrics.
Tags: Metrics, Cognos, LDAP, Active Directory, 4.0_deployment
About this task
Configure the IBM® Cognos® Business Intelligence server to support the use of same Active Directory LDAP server that IBM Connections uses for authentication.


Procedure

1. Launch Cognos Configuration tool on Cognos server by following the guide 'Configuring support for LDAP authentication for Cognos Business Intelligence' on the IBM Connections 4.0 info center.
2. Expand Local Configuration > Security > Authentication.
3. Click New resource > Namespace.
4. In the window opened, input the value of 'Name' (Suggest to use the value of the cognos.namespace value sppecified in the cognos-setup.properties file during the installation ), select 'LDAP' from the 'Type' list, then click 'OK'.
5. Fill in the properties for your LDAP directory, use the following tables as a guideline. After have this done, follow the rest of the steps in the guide mentioned in step1 to complete the LDAP configuration.

Table 1 LDAP properties list

FIELD
Example value
Comments
Namespace ID
IBMConnections
Type the value of the cognos.namespace value sppecified in the cognos-setup.properties file (this property must match that value).
Host and port
ldap.example.com:389
Type the fully qualified host name and port of the LDAP server.
Base distinguished name
ou=Sales,o=Example
Type the base DN where LDAP searches will originate.
User lookup
(sAMAccountName=${userID})
Type the expression to use when constructing the fully qualified DN of the user for authentication.
Use external identity?
true
Set to true to enable Single Sign-On with WebSphere Application Server.
External identity mapping
(sAMAccountName=${environment("REMOTE_USER")})
Type the expression to be for constructing the fully qualified DN of the user for authentication when SSO is enabled (that is, when Use external identity? is set to true). The variable REMOTE_USER passes the information from WebSphere Application Server.
Bind user DN and password
cn=binduser,ou=Sales,o=Example
password
Type the credentials used for binding to the LDAP and for performing user lookups.

If no values are specified, the LDAP authentication provider binds as anonymous.

If External identity mapping is enabled, the Bind user DN and Password are used for all LDAP access. Otherwise, these credentials are used only when a search filter is specified for the User lookup property. In that case, when the user DN is established, subsequent requests to the LDAP server are executed under the authentication context of the end user.

Unique identifier
objectGUID
Specifies the value used to uniquely identify objects stored in the LDAP directory server.

Specify either an attribute name or the value of 'dn' to use as the unique identifier. If an attribute is used, it must exist for all objects, such as users, groups, folders. If the 'dn' is used, more resources are used as you search deeper in the LDAP directory server hierarchy and policies may be affected if the 'dn' is renamed.

Table 2 LDAP advanced mapping values for use with Active Directory Server objects

Mappings
LDAP property
LDAP value
Folder
Object class
organizationalUnit,organization,container
Description
description
Name
ou,o,cn
Group
Object class
group
Description
description
Member
member
Name
cn
Account
Object class
user
Business phone
telephonenumber
Content locale
(leave blank)
Description
description
Email
mail
Fax/Phone
facsimiletelephonenumber
Given name
givenname
Home phone
homephone
Mobile phone
mobile
Name
displayName
Pager phone
pager
Password
unicodePwd
Postal address
postaladdress
Product locale
(leave blank)
Surname
sn
Username
sAMAccountName
Note:

These mapping properties represent changes based on a default Active Directory Server installation. If you have modified the schema, you may have to make additional mapping changes.

LDAP attributes that are mapped to the Name property in Folder mappings, Group mappings, and Account mappings must be accessible to all authenticated users. In addition, the Name property must not be blank.

Here is an example of Active Directory LDAP configuration:

AD configuration example


  • Actions Show Menu▼


expanded Attachments (0)
collapsed Attachments (0)
Edit the article to add or modify attachments.
expanded Versions (7)
collapsed Versions (7)
Version Comparison     
VersionDateChanged by              Summary of changes
This version (7)Oct 12, 2012, 5:28:01 AMXiao Feng Z Zhang  IBM contributor
6Sep 20, 2012, 10:03:50 AMxiao feng zhang  IBM contributor
5Sep 20, 2012, 9:55:21 AMxiao feng zhang  IBM contributor
4Sep 20, 2012, 6:12:59 AMxiao feng zhang  IBM contributor
3Sep 20, 2012, 6:07:37 AMxiao feng zhang  IBM contributor
2Sep 20, 2012, 5:48:38 AMxiao feng zhang  IBM contributor
1Sep 20, 2012, 5:39:14 AMxiao feng zhang  IBM contributor
expanded Comments (0)
collapsed Comments (0)
Copy and paste this wiki markup to link to this article from another article in this wiki.
Go ElsewhereStay ConnectedHelpAbout
  • IBM Collaboration Solutions wikis
  • IBM developerWorks
  • IBM Software support
  • Twitter LinkIBMSocialBizUX on Twitter
  • FacebookIBMSocialBizUX on Facebook
  • ForumsLotus product forums
  • BlogsIBM Social Business UX blog
  • Community LinkThe Social Lounge
  • Wiki Help
  • Forgot user name/password
  • About the wiki
  • About IBM
  • Privacy
  • Accessibility
  • IBM Terms of use
  • Wiki terms of use