Can Cognos use 2 LDAP

[cogtrack]

Currently in cognos configuration-->Security-->Authentication, there is one LDAP(use Active Directory 1). I want to add 2nd LDAP as new namespace, use different AD server, will it work?
what I want to achieve is I can switch the LDAP, allow different user under different AD server to access Cognos.
Thank you.

[Olivier]

Hi,

yes you can do it via Cognos configuration (right click authentication) but users will be prompted to choose authentication source when accessing portal.

To avoid such a behavior, you can install a second gateway and force the namespace to be used so that users are not prompted.
The way I did it :

Install Gateway components in a separate folder
Open Cognos configuration of the new cognos installation and setup your new authentication source
In the environment setup, fill in the gateway namespace based on the name you defined
Setup  IIS to configure a new virtual directory using a different name (ex. cognos8_B)
and you are done...

Keep in mind that people in authentication source 1 might not be able to see objects (reports, ...) of authentication source 2 and reverse.

Hope it helps

Have a nice WE

Olivier

[cogtrack]

Super...Thanks a lot Olivier

[karun218]

Hi All ,

The thread may be old. But I have question here.

I am also having similar requirement where I need to configure 2 different LDAP  namespaces . The reason to configure 2 namespaces is LDAP2 is backup for LDAP1. So when ever the LDAP1 server is down automatically LDAP2 namespace should be active.

In the above scenario , If the same user is logging into the application they should be able to all content Irrespective if namespace.

Note *: LDAP 1 server has same user structure as of LDAP2

Please suggest

Thank you

Regards
Karun

[MFGF]

Hi All ,

The thread may be old. But I have question here.

I am also having similar requirement where I need to configure 2 different LDAP  namespaces . The reason to configure 2 namespaces is LDAP2 is backup for LDAP1. So when ever the LDAP1 server is down automatically LDAP2 namespace should be active.

In the above scenario , If the same user is logging into the application they should be able to all content Irrespective if namespace.

Note *: LDAP 1 server has same user structure as of LDAP2

Please suggest

Thank you

Regards
Karun

Hi,

That's not going to work the way you hope. Adding a second namespace (albeit with the same users) will in all likelihood mean that the users in each namespace have different CAMIDs within Cognos, so Cognos will not recognise them as the same user, even though they have the same name. This means you would need to duplicate all of the current security restrictions for the users and groups in the second namespace, and any new rules you define moving forwards would need to be defined twice, which is a horrible overhead.

You don't specify what LDAP you are using, but generally LDAP providers support failover in their own right using their own technologies. This sounds like a better bet to me.

MF.

[ricky_ru]

Step 7

Specify the values for the Host and port property.
To support Active Directory Server failover, you can specify the domain name instead of a specific domain controller. For example, use mydomain.com:389 instead of dc1.mydomain.com:389.

https://www.ibm.com/support/knowledgecenter/en/SSEP7J_10.2.1/com.ibm.swg.ba.cognos.c8pp_inst.10.2.1.doc/t_ap_active_dir_srvr.html