Active IQ Unified Manager Discussions
Active IQ Unified Manager Discussions
I am looking for instructions for configuring the LDAP settings dialog in the OnCommand insight report tools.
I would like users in a Windows 2003 or 2008 Active Directory to be able to log in /authenticate to view / create reports. Can someone suggest recommended values for the LDAP settings dialog? Thanks
Solved! See The Solution
Check the attached screenshots for reference. The screenshot provides an example of the parameters to be provided for AD configuration.
Here are the fields which require changes/inputs. Rest of the fields can be left with the default values shown.
1.) User principal Name – The value is generally “sAMAccountName” for Active Directory.
2.) LDAP Server – IP address of the LDAP server. Remember to give “ldap://” before the ip address.
3.) Domain – Domains configured in the Active directory server.
4.) Server Administrators – The group within the active directory server whose members can be allowed to work with admin portal.
5.) Report authors - The group within the active directory server whose members can be allowed to work with reporting portal with reporting author role.
6.) Report viewers - The group within the active directory server whose members can be allowed to work with reporting portal with reporting viewer role.
7.) Directory look up user – The name of the user who has credentials to perform lookup in the active directory.
8.) Directory look up password – The password of the directory look up user.
Check the attached screenshots for reference. The screenshot provides an example of the parameters to be provided for AD configuration.
Here are the fields which require changes/inputs. Rest of the fields can be left with the default values shown.
1.) User principal Name – The value is generally “sAMAccountName” for Active Directory.
2.) LDAP Server – IP address of the LDAP server. Remember to give “ldap://” before the ip address.
3.) Domain – Domains configured in the Active directory server.
4.) Server Administrators – The group within the active directory server whose members can be allowed to work with admin portal.
5.) Report authors - The group within the active directory server whose members can be allowed to work with reporting portal with reporting author role.
6.) Report viewers - The group within the active directory server whose members can be allowed to work with reporting portal with reporting viewer role.
7.) Directory look up user – The name of the user who has credentials to perform lookup in the active directory.
8.) Directory look up password – The password of the directory look up user.
Once LDAP is setup, and the groups are listed using the distinguished name of the group, how does the user login? [domain]\[username] or [username]?
Do I have to create a user under general settings for the people in the Active Directory group?
Thanks,
Jack
Hey Jack,
It should be [domain]\[username] OCR is like most things very particular about it's LDAP config. You might have to check the group settings, this is where I went wrong.
Regards,
Simon
I have ldap configured as the screenshots but i am still unable to log in with a user account. Can anyone assist?
I have the same issue. It accepted my ldap config but no one can log in except the built in admin. What are we doing wrong, or is this a bug?
Nevermind, after re-looking at the screens and comparing them I found I missed DC=domain ( forgot to change it to the actual domain), and I also still had UserPrincipleName instead of sAMAccountName. Once I changed those 2 and resaved I can log in now w/ active directory. Hope that helps someone else out.