If you are unable to create a new account, please email support@bspsoftware.com

 

News:

MetaManager - Administrative Tools for IBM Cognos
Pricing starting at $2,100
Download Now    Learn More

Main Menu

Cognos 10.2.1 FixPack3 - AD LDS LDAP configuration

Started by AussiePete2011, 02 Nov 2014 07:34:21 PM

Previous topic - Next topic

AussiePete2011

Hi all,

This one is driving me barmy.  I've created an AD LDS instance that I can connect to using Softerra LDAP browser using both the service account and an active user I've created.

AD LDS is running on Windows 2008 R2,  I'm using ADSI EDit version 6.1.7601.17514.
I've added 2 accounts for testing
I've set the password and then set msDS-UserAccountDisabled = FALSE

Testing access to this LDAP instance I'm using Softerra LDAP Browser 4.5 on Windows 7 Professional.

In the Cognos configuration I've added a new Authentication source - LDAP - Default values for Active Directory
Set the Namespace ID, Host and port and Base DN
User Lookup:  (uid=${userID})
External identity mapping: ${environment("REMOTE_USER")}  (Although I've tried (uid=${environment("REMOTE_USER")}) ...)
I've tried different iterations for External identity mapping

I keep getting prompted for a logon "Testing logging on to "<NamespacID" namespace.  I've tried the fully qualified account, single name and domain name but nothing is being accepted and I end up with an error as below.

In Softerra the accounts all allow me to logon and browse the LDAP instance using both the MD5 and GSS authentication methods and are either of the form

domain\<account>
OR
CN=CogTest,OU=Standard Users,OU=User Accounts,DC=Mydomain,DC=com

Cognos LDAP error.
[''Cognos LDS'']
[ ERROR ] CAM-AAA-0146 The namespace 'CognosLDS' is not available.
[ ERROR ] CAM-AAA-0064 The function 'Configure' failed.
[ ERROR ] The user cannot access the application at this time.
[ ERROR ] CAM-AAA-0056 Unable to authenticate.
[ ERROR ] CAM-AAA-0064 The function 'LDAPHandlePool::CreateHandle()' failed.
[ ERROR ] CAM-AAA-0026 The function call to 'ldap_simple_bind_s' failed with error code: '49'
[ ERROR ] Invalid credentials

[''Cognos LDS'']
[ ERROR ] AAA-AUT-0011 Invalid namespace was selected.

What am I missing?

Cheers
AussiePete.

AussiePete2011

Hi All,

I'm not sure what happened but now it's working for some reason.  Chalk it down to a network error, go figure.

[''Cognos LDS'']
User account properties:
      defaultName: CogTest
      userName: CogTest
      givenName:
      surname:
      email:
      businessPhone:
      mobilePhone:
      homePhone:
      faxPhone:
      pagerPhone:
      postalAddress:

Group membership:
      Readers

Tenant ID:
      No associated tenant ID.

Alls well that ends well
Cheers
AussiePete

sdf

Hi,

Im having the same scenario now.
Same errors as well.
Would appreciate if you can share any docs/steps on how you set up yours.