Active IQ Unified Manager Discussions

Using LDAP for authenticating to OnCommand Insight report

kortas
8,362 Views

I am looking for instructions for configuring the LDAP settings dialog in the OnCommand insight report tools.

I would like users in a Windows 2003 or 2008 Active Directory to be able to log in /authenticate to view / create reports.  Can someone suggest recommended values for the LDAP settings dialog?  Thanks

1 ACCEPTED SOLUTION

yuvaraju
8,362 Views

Check the attached screenshots for reference. The screenshot provides an example  of the parameters to be provided for AD configuration.

Here are the fields which require changes/inputs. Rest of the fields can be left with the default values shown.

 

1.)          User principal Name – The value is generally “sAMAccountName” for Active Directory.

2.)          LDAP Server – IP address of the LDAP server. Remember to give “ldap://” before the ip address.

3.)          Domain – Domains configured in the Active directory server.

4.)          Server Administrators – The group within the active directory server whose members can be allowed to work with admin portal.

5.)          Report authors - The group within the active directory server whose members can be allowed to work with reporting portal with reporting author role.

6.)          Report viewers - The group within the active directory server whose members can be allowed to work with reporting portal with reporting viewer role.

7.)          Directory look up user – The name of the user who has credentials to perform lookup in the active directory.

8.)          Directory look up password – The password of the directory look up user.

View solution in original post

6 REPLIES 6

yuvaraju
8,363 Views

Check the attached screenshots for reference. The screenshot provides an example  of the parameters to be provided for AD configuration.

Here are the fields which require changes/inputs. Rest of the fields can be left with the default values shown.

 

1.)          User principal Name – The value is generally “sAMAccountName” for Active Directory.

2.)          LDAP Server – IP address of the LDAP server. Remember to give “ldap://” before the ip address.

3.)          Domain – Domains configured in the Active directory server.

4.)          Server Administrators – The group within the active directory server whose members can be allowed to work with admin portal.

5.)          Report authors - The group within the active directory server whose members can be allowed to work with reporting portal with reporting author role.

6.)          Report viewers - The group within the active directory server whose members can be allowed to work with reporting portal with reporting viewer role.

7.)          Directory look up user – The name of the user who has credentials to perform lookup in the active directory.

8.)          Directory look up password – The password of the directory look up user.

JROBERTS6670
8,362 Views

Once LDAP is setup, and the groups are listed using the distinguished name of the group, how does the user login?  [domain]\[username]  or [username]?

Do I have to create a user under general settings for the people in the Active Directory group?

Thanks,

Jack

CAMPBELLSI
8,362 Views

Hey Jack,

It should be [domain]\[username] OCR is like most things very particular about it's LDAP config. You might have to check the group settings, this is where I went wrong.

Regards,

Simon

RAJMEHTA1
8,362 Views

I have ldap configured as the screenshots but i am still unable to log in with a user account.  Can anyone assist?

bencodental
8,362 Views

I have the same issue.  It accepted my ldap config but no one can log in except the built in admin.  What are we doing wrong, or is this a bug?

bencodental
8,362 Views

Nevermind, after re-looking at the screens and comparing them I found I missed DC=domain ( forgot to change it to the actual domain), and I also still had UserPrincipleName instead of sAMAccountName.  Once I changed those 2 and resaved I can log in now w/ active directory. Hope that helps someone else out.

Public