If you are unable to create a new account, please email support@bspsoftware.com

 

Need newbie help Configuring Novell LDAP in 8.4 - Base Distinguished Name issue

Started by timbrelyp, 26 Jan 2010 06:25:49 PM

Previous topic - Next topic

timbrelyp

I am in CognosConfiguration>Security>Authentication
I'm trying to setup my LDAP but I am in over my head. I do not have admin access to Novell, and do not know the right questions to ask in order to configure my LDAP.

I understand Namespace ID - that is at my own discretion, right?
The host and port were provided to me by my Novell administrator (an ip address followed by ":389")
I am going in circles regarding the Base Distinguished Name.

Bear with me for asking a really inane question here. Is the information for the Base Distinguished Name based on the settings in Cognos or Novell? (Yeah, I am THAT lost)

I keep finding examples but, for obvious reasons, they are always generic values. Several examples used values like: o=cognos, c=CA but many examples are generic like dc=server, dc=com, implying server.com is the URL of the LDAP???

Should I be asking my Novell admin for the organization, country, (and organizational unit?) that he has setup in Novell, or do I need to be looking for these values in my Cognos Configuration/Administration?

How do I determine if I need organization, organizational unit, country, or domain components, or any of the myriad binding strings I have encountered in my searches?

Everything i have tried lately has returned the following error:
[ ERROR ] CAM-AAA-0146 The namespace 'NovellLDAP' is not available.
CAM-AAA-0064 The function 'CAM_AAA_Configure2' failed.
CAM-AAA-0089 The provider is not initialized.
CAM-AAA-0026 The function call to 'ldap_search_s' failed with error code: '32'
No such object


Previously I was getting errors about "confidentiality required" instead of "no such object" and I don't know which, if either, was closer to the correct solution.

I promise, I have read user guides, forums, websites, and anything else I can find, but they all assume I have some additional knowledge. Can someone fill-in the gaps for me? My Novell admin assures me he has tested the LDAP with some handy-dandy tool and is certain that is setup correctly.

As you may have guessed I am an "accidental cognos administrator" so please speak slowly.

As a side note, Active Directory is not setup on my Cognos machine apparently. Is this significant?

MFGF

Hi,

The Namespace ID is entirely up to you to define - you can call it whatever you like, and this is how it will appear later on when being accessed from Cognos Connection.

The host and port need to be provided to you by your Novell administrator, and entered exactly as provided.

The Base Distinguished Name also needs to be provided by your Novell administrator.  This was defined by him/her when the directory server was first created, and needs to be replicated here in order for Cognos 8 to be able to connect to it.  The examples you have seen are from sample installs by Cognos personnel, so (perhaps predictably) they used Cognos-oriented DNs when setting up the directory server.  The DN is the unique identifier for each entry in the LDAP tree.  o=Cognos c=CA means the organization name is defined as Cognos and the country is defined as Canada. dc=server, dc=com are domain components.  You should be asking your novell administrator for the DN (however defined) to allow Cognos 8 to find the appropriate part of the LDAP tree.

You may also need to ask for any other specific location information in order to be able to locate your users and/or groups.  I have included a screen capture of my local test configuration below, and here the Base DN is dc=Cognos,dc=Com, then within that my users are located in an operating unit folder called People, so you can see reference to this in my User lookup property.  Again, your Novell administrator should be providing you with the relevant information to put in here.  It may be worth grabbing him/her and asking them to sit with you for ten minutes while you configure and test the LDAP connection from Cognos 8.

For more info on LDAP structures, see http://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol.

My sample config is below:



Regards,

MF.

Meep!

sir_jeroen

And to make it easier... Just read the installation and configuration guide..
"IBM Cognos 8 Installation and Configuration Guide - Chapter 10: Configuring IBM Cognos 8 Components to Use an Authentication Provider"
Everything is explained in there, with all required settings.

Now...  I will assume you have read the things above: Then there are a couple of "traps" in configuring novell:
- Does your external identity user the rights to read all objects and properties as defined.
Sometimes it looks like that anonymous access is allowed, but when looking for users everything is blank :S So an external identity must be used with the proper permissions;
- Is novell using SSL? then port 389 probably isn't in use.

And furthermore: Is there an Active Directory domain present in you company and are all users domain users, if so... Go for AD then you have the ability to use SSO without any trouble...

Hope this will help you further...

timbrelyp

I'm back, with new and different questions. Thanks ReportNet Addict and MFGF for your previous input.
The LDAP is organized as o=Dist_Off, with both USERS and ORGANIZATIONAL UNITS directly below/inside it. Meaning: user1.Dist_Off, and user2.Cent.Dist_Off are two samples of relative distinguished names. (forgive me if I butcher the use of some of these terms... but I am trying) I can only get Cognos to see users directly under Dist_Off, not the users who are within any of the OU's inside Dist_Off

Where do I tell Cognos to look deeper? I see it as similar to having subdirectories and Cognos is not looking inside subdirectories, only at the root level. I have multiple OU's. I need cognos to look for users at the root level and within the OU's.

Can I tell Cognos to grab users from two levels of the hierarchy?

If not, can I configure my OU's as string variables like user? If the latter, how do I determine the name of the OU variable? In other words, in the below example, what would I enter in place of the word "organizationalunit" to indicate that Cognos should look inside all of the 'subfolders'?
User lookup   cn=${userID},ou=${organizationalunit}