If you are unable to create a new account, please email bspsoftware@techdata.com

Author Topic: Can Cognos use 2 LDAP  (Read 9989 times)

cogtrack

  • Guest
Can Cognos use 2 LDAP
« on: 03 May 2013 09:25:31 am »
Currently in cognos configuration-->Security-->Authentication, there is one LDAP(use Active Directory 1). I want to add 2nd LDAP as new namespace, use different AD server, will it work?
what I want to achieve is I can switch the LDAP, allow different user under different AD server to access Cognos.
Thank you.

Offline Olivier

  • Full Member
  • ***
  • Join Date: Apr 2013
  • Posts: 18
  • Forum Citizenship: +0/-0
Re: Can Cognos use 2 LDAP
« Reply #1 on: 03 May 2013 10:38:05 am »
Hi,

yes you can do it via Cognos configuration (right click authentication) but users will be prompted to choose authentication source when accessing portal.

To avoid such a behavior, you can install a second gateway and force the namespace to be used so that users are not prompted.
The way I did it :

Install Gateway components in a separate folder
Open Cognos configuration of the new cognos installation and setup your new authentication source
In the environment setup, fill in the gateway namespace based on the name you defined
Setup  IIS to configure a new virtual directory using a different name (ex. cognos8_B)
and you are done...

Keep in mind that people in authentication source 1 might not be able to see objects (reports, ...) of authentication source 2 and reverse.

Hope it helps

Have a nice WE

Olivier

cogtrack

  • Guest
Re: Can Cognos use 2 LDAP
« Reply #2 on: 03 May 2013 11:23:54 am »
Super...Thanks a lot Olivier

karun218

  • Guest
Re: Can Cognos use 2 LDAP
« Reply #3 on: 26 Aug 2014 03:03:20 am »
Hi All ,

The thread may be old. But I have question here.

I am also having similar requirement where I need to configure 2 different LDAP  namespaces . The reason to configure 2 namespaces is LDAP2 is backup for LDAP1. So when ever the LDAP1 server is down automatically LDAP2 namespace should be active.

In the above scenario , If the same user is logging into the application they should be able to all content Irrespective if namespace.

Note *: LDAP 1 server has same user structure as of LDAP2

Please suggest

Thank you

Regards
Karun

Offline MFGF

  • Never knowingly correct
  • Super Moderator
  • Statesman
  • ******
  • Join Date: Jul 2005
  • Posts: 11,484
  • Forum Citizenship: +668/-10
  • Cognos Software Muppet
Re: Can Cognos use 2 LDAP
« Reply #4 on: 26 Aug 2014 03:54:54 am »
Hi All ,

The thread may be old. But I have question here.

I am also having similar requirement where I need to configure 2 different LDAP  namespaces . The reason to configure 2 namespaces is LDAP2 is backup for LDAP1. So when ever the LDAP1 server is down automatically LDAP2 namespace should be active.

In the above scenario , If the same user is logging into the application they should be able to all content Irrespective if namespace.

Note *: LDAP 1 server has same user structure as of LDAP2

Please suggest

Thank you

Regards
Karun

Hi,

That's not going to work the way you hope. Adding a second namespace (albeit with the same users) will in all likelihood mean that the users in each namespace have different CAMIDs within Cognos, so Cognos will not recognise them as the same user, even though they have the same name. This means you would need to duplicate all of the current security restrictions for the users and groups in the second namespace, and any new rules you define moving forwards would need to be defined twice, which is a horrible overhead.

You don't specify what LDAP you are using, but generally LDAP providers support failover in their own right using their own technologies. This sounds like a better bet to me.

MF.
Meep!

Offline ricky_ru

  • Community Leader
  • *****
  • Join Date: Nov 2012
  • Posts: 82
  • Forum Citizenship: +0/-0
Re: Can Cognos use 2 LDAP
« Reply #5 on: 19 Sep 2018 02:00:54 am »
Step 7

Specify the values for the Host and port property.
To support Active Directory Server failover, you can specify the domain name instead of a specific domain controller. For example, use mydomain.com:389 instead of dc1.mydomain.com:389.

https://www.ibm.com/support/knowledgecenter/en/SSEP7J_10.2.1/com.ibm.swg.ba.cognos.c8pp_inst.10.2.1.doc/t_ap_active_dir_srvr.html