Starting TM1 9.1,the first version of TM1 to support SSL, TM1 supports only the SSL encrypted LDAPS (LDAP over SSL) protocol, which by default is using the TCP port 636.
Does your LDAP Server support the LDAPS protocol ?
In case your LDAP Server supports the LDAPS protocol, which TCP Port is used by the LDAPS protocol ?
By default the ETLDAP tool supports the LDAP protocol. By default the LDAP protocol is using the TCP port 389. To force the ETLDAP tool to use the LDAPS protocol you have to check the checkbox "SSL". But that is nothing but the first step to configure the ETLDAP tool to use the LDAPS protocol.
When you are using LDAP Authentication, the TM1 Server is a LDAP Client to your LDAP Server. As an LDAP Client the TM1 Server has to logon to your LDAP Server using a valid LDAP user and password. There are two options to achive that:
The first one is that the Windows user running the TM1 server process is also a valid LDAP user. If that is the case, you can set the LDAP specific parameter "LDAPUseServerAccount=T".
If that is not the case, if the Windows user running your TM1 server process is not a valid LDAP user, you must use the second option and explicitly specify a valid LDAP user (and his password) in the TM1 server configuration file tm1s.cfg . This is initiated by the parameter "LDAPUserServerAccount=F". After that you must specify the three LDAP specific parameters "LDAPWellKnownUserName", "LDAPPAsswordFile" and "LDAPPasswordKeyfile".
When using an explicitly named LDAP User by setting the LDAP specific parameters "LDAPUseServerAccount=F" and "LDAPWellKnownUserName", you must also also pass the LDAP password of that LDAP user. Prior to TM1 9.1, that LDAP password was stored unencrypted as clear text in the LDAP specific parameter "LDAPWellKnownPassword". As of TM1 9.1, the LDAP password is stored in encrypted form in the two files referred to by the two LDAP specific parameters "LDAPPAsswordFile" and "LDAPPasswordKeyfile". These two files are created using the TM1Crypt.exe tool.
For detailed information see the IBM Cognos Proven Practice "Configuring LDAP authentication for TM1 9.5":
http://www.ibm.com/developerworks/data/ ... ge498.html
Configuring LDAP authentication for TM1 9.5
Summary: This document is meant to supplement the TM1 9.5 Operations Guide as it describes the task of configuring LDAP authentication for TM1 9.5 in greater detail.
http://public.dhe.ibm.com/software/dw/d ... M1_9.5.pdf
