S7 authentication (Cognos 8,PPES 7.3 MR3) through Tivoli Directory Server 5.2

[gcekol]

Hi,

I have a serious problem with configuring S7 authentication and Tivoli Directory Server. I have succesfully extended/added new OU in existing LDAP structure and it looks like: ou=cognos,o=xxxx,c=hr.

The problem is that I'm trying to add users through Access Manager using OS signon and that doesn't work. I have to enter something like 'userid' format and I'm not quite sure what 'userid' means. Because of that I cannot logon to Cognos Connection.

I have wrote to official Cognos support but they said that they don't support it.

Please help!!

Thank you!

[sir_jeroen]

This is possible.
What do you want to achieve?
Do you want to
(1) link Series 7 with Tivoli using external user linking or
(2) create a Series 7 namespace in the Tivoli LDAP server and create and maintain users using Access Manager or
(3) Tivoli to act as an authentication source?

If you go for option 1 you have to assign the correct object classes to the series 7 object in Cognos Configuration manager (not Cognos Configuration!! ) and turn the link users option on.

If you go for option 2 then you will also have to create a namespace using Cognos Configuration Manager (see the documentation on how to do this).

If you go for option 3 you can access Tivoli as an LDAP authentication source and now you can link the corresponding objectclasses to the object classes Cognos uses (objects: Folders/User Groups / Users)

Anyway if you want to have a deeper look into this subject then you can go to cognos support and look in the multimedia knowledge base. There's a thread on how to link Microsoft AD to cognos as an LDAP authentication source. Especially pay attention to the chapters where the correct objects are linked (in the mm tutorial they use ADSI edit and you can e.g. use LDAPAdminstrator http://ldapadmin.sourceforge.net/)

The thing with userid is that this is the string that has to be matched to an attribute in your authentication  namespace eg. (username=$userid) . If you look in the mm tutorial they show this.

Good luck!

[gcekol]

Hi,

We have decided to go with option number 1 and still have problems.

We are using Sun One as directory server and we have already extend the schema. We would like to access external users from a secondary server. Secondary directory server is LDAP. We have configured 'external user support' settings in Configuration Manager and successfully applied them. When we access Access Manager we don't have an option to Enable External User Support.

We have successfully tested this issue with Sun One as primary and Active Directory as secondary Directory Server.

Thank you!

[sir_jeroen]

does your user have all the necessary rights?

[gcekol]

Hi,

We have successfully done with two LDAP directory servers also, but now we have antoher problem. When we try to access Cognos Connection portal (Series 7 namespace) we get an authetication window and cannot log on with OS signon (LDAP user and password). Basic signon works fine.

Any suggestions?

Thank you!

[sir_jeroen]

did you add the os signon including the domain name?

[gcekol]

I don't know what to add. This is a IBM Tivoli Directory Server, and they don't have a domain. I have some documents but all of them are related with Microsoft Active Directora and this don't work for me.

Help!

[sir_jeroen]

on what platform are you working? Are you using IIS? If so... if you enable windows authentication on IIS your domain\username will be passed to the authentication source. You will have to create a lookup in you LDAP structure where e.g. the username is mapped to a unique property so that that user is authenticated. In the cognos Multimedia knowledge base there's a movie about configuring MSAD as an LDAP provider. Watch it and find out what differences there are between MS and IBM and make the necessary changes..

[gcekol]

We are using IBM HTTP Server 2.0.47.

The problem is that when we try to logon to Cognos Connection we get authentication window but we cannot logon with OS signon, but we can with basic signon. Everything else works fine.

[sir_jeroen]

have you looked at the MM document?

[gcekol]

Yes, I have, several times. Don't know what to do...