Configure an LDAP Namespace for IBM Directory Server

If we configure a new LDAP namespace for use with the IBM Directory Server, we must modify the necessary settings and change the values for all properties of the IBM Directory objects.

  1. Open IBM Cognos Configuration.

  2. In the Explorer window, under Security, right-click Authentication.

  3. Click New resource > Namespace.

  4. In the Name box, type a name for your authentication namespace.

  5. In the Type list, click LDAP-General default values.

  6. Click OK. The new authentication namespace resource appears in the Explorer window, under the Authentication component.

  7. In the Properties window, for the Namespace ID property, specify a unique identifier for the namespace. Tip: Do not use colons (:) in the Namespace ID property. For Host and Port, specify <Hostname>:<port>.For example, localhost:389.
  8. Specify the values for all other properties to ensure that IBM Cognos 10.2.1 can locate and use your existing authentication namespace.
    • For Base Distinguished Name, specify the entry for a user search.
    • For User lookup, specify (uid=${userID}).
    • For Bind user DN and password, specify cn=root. For example, cn=root as a user name and secret as a password. Specify the values if we want an LDAP authentication provider to bind to the directory server by using a specific bind user DN and password. If no values are specified, an LDAP authentication namespace binds as anonymous.

  9. If we do not use external identity mapping, use bind credentials to search an LDAP directory server. Complete the following items.
    • Set Use external identity to False.
    • Set Use bind credentials for search to True.
    • Specify the user ID and password for Bind user DN and password.

  10. To configure an LDAP advanced mapping properties, see the values that are specified in the following table.

    Mappings LDAP property LDAP value
    Folder Object class organizationalunit, organization, and container
      Description description
    Name ou, o, and cn
    Group Object class groupofnames
      Description description
    Member member
    Name cn
    Account Object class inetorgperson
      Business phone telephonenumber
    Content locale (leave blank)
    Description description
    Email mail
    Fax/Phone facsimiletelephonenumber
    Given name givenname
    Home phone homephone
    Mobile phone mobile
    Name cn
    Pager phone pager
    Password userPassword
    Postal address postaladdress
    Product locale (leave blank)
    Surname sn
    Username uid
    If the schema is modified, we must make extra mapping changes.

  11. To prevent the anonymous access, complete the following steps:

    1. Go to Security > Authentication > Cognos.
    2. Set Allow anonymous access? to False.

  12. From the File menu, click Save.

A new LDAP namespace is configured with the appropriate values.

Create the users in an LDAP. See Create users in an LDAP.

Parent topic: User authentication setup by using LDAP