Currently in cognos configuration-->Security-->Authentication, there is one LDAP(use Active Directory 1). I want to add 2nd LDAP as new namespace, use different AD server, will it work?
what I want to achieve is I can switch the LDAP, allow different user under different AD server to access Cognos.
Thank you.
Hi,
yes you can do it via Cognos configuration (right click authentication) but users will be prompted to choose authentication source when accessing portal.
To avoid such a behavior, you can install a second gateway and force the namespace to be used so that users are not prompted.
The way I did it :
Install Gateway components in a separate folder
Open Cognos configuration of the new cognos installation and setup your new authentication source
In the environment setup, fill in the gateway namespace based on the name you defined
Setup IIS to configure a new virtual directory using a different name (ex. cognos8_B)
and you are done...
Keep in mind that people in authentication source 1 might not be able to see objects (reports, ...) of authentication source 2 and reverse.
Hope it helps
Have a nice WE
Olivier
Super...Thanks a lot Olivier
Hi All ,
The thread may be old. But I have question here.
I am also having similar requirement where I need to configure 2 different LDAP namespaces . The reason to configure 2 namespaces is LDAP2 is backup for LDAP1. So when ever the LDAP1 server is down automatically LDAP2 namespace should be active.
In the above scenario , If the same user is logging into the application they should be able to all content Irrespective if namespace.
Note *: LDAP 1 server has same user structure as of LDAP2
Please suggest
Thank you
Regards
Karun
Quote from: karun218 on 26 Aug 2014 03:03:20 AM
Hi All ,
The thread may be old. But I have question here.
I am also having similar requirement where I need to configure 2 different LDAP namespaces . The reason to configure 2 namespaces is LDAP2 is backup for LDAP1. So when ever the LDAP1 server is down automatically LDAP2 namespace should be active.
In the above scenario , If the same user is logging into the application they should be able to all content Irrespective if namespace.
Note *: LDAP 1 server has same user structure as of LDAP2
Please suggest
Thank you
Regards
Karun
Hi,
That's not going to work the way you hope. Adding a second namespace (albeit with the same users) will in all likelihood mean that the users in each namespace have different CAMIDs within Cognos, so Cognos will not recognise them as the same user, even though they have the same name. This means you would need to duplicate all of the current security restrictions for the users and groups in the second namespace, and any new rules you define moving forwards would need to be defined twice, which is a horrible overhead.
You don't specify what LDAP you are using, but generally LDAP providers support failover in their own right using their own technologies. This sounds like a better bet to me.
MF.
Step 7
Specify the values for the Host and port property.
To support Active Directory Server failover, you can specify the domain name instead of a specific domain controller. For example, use mydomain.com:389 instead of dc1.mydomain.com:389.
https://www.ibm.com/support/knowledgecenter/en/SSEP7J_10.2.1/com.ibm.swg.ba.cognos.c8pp_inst.10.2.1.doc/t_ap_active_dir_srvr.html