COGNOiSe.com - The IBM Cognos Community

Hi buddy,

After setting the LDAP configuration and testing successfully in Cognos Configuration. I am able to login Cognos Connection with my LDAP users but the LDAP users were not shown in Cognos Administration > Security > Users, Groups and Roles, even the users that I have logged in.

Cognos is installed in AIX6.1 whether LDAP server is in a window server 2008.

It would be very grateful if anyone could help. Thank you very much!

Best regards,
Edward

I am also running AD security over Cognos 10.1.1 on AIX 6, may not be a lot of help but here are a few things.

When you setup your AD Namespaces in your Cognos Config you should see those Namespaces (I have 5 different ones but I will assume you have 1)

In the Cognos Administration > Security > Users, Groups and Roles you should see 2 entries:
1 - Cognos
2 - Whatever you called your namespace.

Assuming you have all of the different properties set up correctly in Cognos Config you will then see all of your AD groups and users

If you are not seeing your AD Namespace here I would go back to Cognos Config and make sure it is setup correctly - also make sure you have "Allow Anonymous access" set to False.

In Cognos Config you can test each namespace you have setup by right clicking and selecting test - with my AD environment I was plugging into an existing AD environment (multiple in fact) so I had to change alot of things like "User Lookup" and "Unique Identifier" etc to map correctly. There were 12 different Settings I needed to modify in my environment. I am not an AD Admin so these may be normal - they are just different than the Cognos "defaults" when setting up this namepsace.

Edward,

There is also a little check box when you are looking at the namespace in Cognos Connection - this will show you the users.  Otherwise, you only see folders, groups and roles.  Maybe that checkbox just needs to be checked...it sounds simple, I know, but I missed it at first...

Jeff

Hi MMcBride,

Greate thanks for your detailed reply. I am able to see <MY_NAMESPACE> in Cognos Administration > Security > Users, Groups, and Roles. The hyperlink of <MY_NAMESPACE> is available. But there are 'No entries' in it (Even I have checked 'Show users in the list').

As you have mentioned that there are 12 different settings as default in Cognos Configuration. May I ask for the details?

I have attached the screen capture of my LDAP configuration as below:-

1/ NamesapceID - same as the namespace created in Cognos Configuration
2/ Host and port - LDAP server IP and port
3/ Base Distinguished Name - used some tools to find the DC and CN
4/ User lookup - Add CN=${userID} [my userid is CN=mis01 in the tree]
5/ Bind user DN and password - User Id: mis01
6/ User bind credentials for search? - True

'Test' in Cognos Configuration is passed for this LDAP configuration.

Actually, for the attribute of "Unique Identifier", I just follow the default value - "dn". Will it cause the problem that I faced?

Thanks a lot again!

Edward

Hi Jeff,

Thanks for your suggestion, I have already checked the box - 'Show users in the list'. I have login as mis01. But I am still not able to find the entries in <MY_NAMESPACE> and cannot find the users while I add members to the groups.

I will not give up and keep on trying! Thanks!

Regards,
Edward

Your "User Lookup" setting in your configuration looks a little different to mine. Mine is configured as:

(uid=${userID})

Might be worth changing yours to this to see if it helps?

MF.

Hi MFGF,

Glad to receive your reply. But I have no luck as after changing to (uid=${userID}), I am not able to login - "The provided credentials are invalid. Please type your credentials for authentication."

Thanks.

Edward

Edward,
I had to go to the Active Directory folks and ask them for the LDAP information to configure, I have included a screenshot so you can see what I have changed, I am assuming your AD environment will be a little different, but to get a general idea this lists everything I had to modify to get mine to work.

Hope this helps.

What you have to do is to take a LDAP browser (e.g. ADSI Edit (for ActiveDirectory) or Softerra LDAP Browser, http://www.ldapbrowser.com/) and
connect to your LDAP and start matching objects. I've created a small document to explain all of this and I hope you can figure it all out (and can decypher my writing  ;) )....

And keep in mind:
1. You can use any property you like
2. The properties that are used in your LDAP is up to your administrators.
3. Don't forget, the user that is used to perform the LDAP Search MUST have permissions to read the attributes configured

Hi Buddy,

Thanks all for your wholeheartedly support and effort. I have successfully configured the LDAP account in Cognos(after configuring the account and folder mappings correctly). Thanks MMcBride shows your Cognos configuration for my reference.

And esp. thanks for "ReportNet Addict"'s pdf file. I fully understand after reading your writing and setup the configuration properly within an hour. :)

Best regards,
Edward

Glad to be of service :D

RA

Quote from: ReportNet Addict on 12 Dec 2012 05:33:28 PM
Glad to be of service :D

RA

Helpful as always! Cheers RA! :)

ReportNet Addict, any chance you could post that PDF again?  It says that it is corrupted.  Alternately, if someone could help with my actual problem, that would be great.  We are using OpenLDAP, and are trying to use Cognos 10.1.1.  I was able to successfully set up authentication in the Cognos Configuration.  By successful, I mean that the Test works with no problems and users are able to log in successfully.  The problem is that when I go to Cognos Administration, Security, my LDAP namespace is there but not as a hyperlink.  Therefore, I am not able to grant any privileges for Cognos to any users of our LDAP.  I have tried as many things as I could think of for the folder, group, and account mappings, but nothing has worked.  Is the object class field only supposed to be one class, or all classes that are listed for that item?  Does capitalization matter?  Thanks for any suggestions.

Quote from: NTM on 11 Dec 2013 09:45:24 PM
ReportNet Addict, any chance you could post that PDF again?  It says that it is corrupted.  Alternately, if someone could help with my actual problem, that would be great.  We are using OpenLDAP, and are trying to use Cognos 10.1.1.  I was able to successfully set up authentication in the Cognos Configuration.  By successful, I mean that the Test works with no problems and users are able to log in successfully.  The problem is that when I go to Cognos Administration, Security, my LDAP namespace is there but not as a hyperlink.  Therefore, I am not able to grant any privileges for Cognos to any users of our LDAP.  I have tried as many things as I could think of for the folder, group, and account mappings, but nothing has worked.  Is the object class field only supposed to be one class, or all classes that are listed for that item?  Does capitalization matter?  Thanks for any suggestions.

Here's the PDF again:

Has my guide become a standard item in your toolkit, if so then I've reached the ultimate goal in life....  ::)

And is it gonna be: "MFGF powered by ReportNet Addict"  ;)

Anyway thanks for reposting it for me...

Thanks for the prompt response.  For whatever reason, I am not able to download the entire file.  It ends up as various sizes, none of them complete, and therefore I get the error.  Would one of you mind e-mailing it to me?  Thanks!

Quote from: NTM on 12 Dec 2013 05:37:34 PM
Thanks for the prompt response.  For whatever reason, I am not able to download the entire file.  It ends up as various sizes, none of them complete, and therefore I get the error.  Would one of you mind e-mailing it to me?  Thanks!

Done! :)

Quote from: ReportNet Addict on 12 Dec 2013 04:31:22 PM
Has my guide become a standard item in your toolkit, if so then I've reached the ultimate goal in life....  ::)

And is it gonna be: "MFGF powered by ReportNet Addict"  ;)

Anyway thanks for reposting it for me...

I attribute most of my correct answers to you! ;) The incorrect answers are all my own work...

Hi.

Thanks ReportNet Addict and MMcBride your posts helped me a lot.

Now, I could able to confgure the LDAP Active Directory as per the config setting posted. Through COgnos, when I go in to the Active Directory and search an ID or name, It does not return the name/id I search for. Even manual serach on each folder inside the AD could not help.
But I can see the ID through an Active Directory Explorer tool.

Do any one know why this occurs. Do I need to configure anything special for this? thanks alot in advance.

Hello guys!

Could you help me?

My settings - 1.jpg

but hyperlink in Congos Administratoion - Security is not avaliable... 2.jpg

Quote from: chiz on 10 Jul 2014 02:59:51 AM
Hello guys!

Could you help me?

My settings - 1.jpg

but hyperlink in Congos Administratoion - Security is not avaliable... 2.jpg

Have you successfully managed to log in as a user from within the LDAP namespace?

MF.

Sorry to bring this back up but i am having the same issue! I am also able to log into cognos using my ou=system uid=JoeS.  But when i go to security, i see cognos and my namespace TestLDAP. But similarly when i go into cognos and try to add users to cognos group i dont see anyone from my TestLDAP space. I do have see users checked too...
If anyone can help it would be great!