Hi
I am trying to implement SSO in TM1 with ETLDAP. Why I have selected ETLDAP is TM1 is already installed and I do not want to reinstall it. So I am going with ETLDAP.
I have details of Active directory host, port, version, user DN and password, then I clicked on Test I did not get any message. I have done this based on the document of IBM Cognos Proven Practise TM1 9.5.2. My TM1 version is also same. My doubt is what exactly should be added in User DN:
What I entered is uid=xxxxxx,dc=xxxxx and dc=xxxx and password as windows login password for this uid.
Please suggest me what exactly to be enetred in user DN.
Thank you
TM1 9.5.2
Excel 2007.
ETLDAP-LDAP LOGIN details
-
charan
- Posts: 148
- Joined: Tue Nov 23, 2010 9:04 am
- OLAP Product: cognos tm1
- Version: 9.5
- Excel Version: 2007
ETLDAP-LDAP LOGIN details
- Attachments
-
- LDAP Login.docx
- (17.84 KiB) Downloaded 365 times
-
upali
- Posts: 38
- Joined: Thu Oct 11, 2012 6:15 am
- OLAP Product: TM1
- Version: 10.2.2.4
- Excel Version: 2010
- Location: Melbourne, Australia
Re: ETLDAP-LDAP LOGIN details
Honestly, you don't have to use ETLADP to get SSO working on TM1. ETLDAP is used to import users into the TM1 security cube, if you can do that by hand then no need to use it.
However, to get SSO working make sure these settings are correct
Then add a user into TM1 with the windows login id and assign them to a suitable group.
Next, open the cube }ClientProperties and for the userId you just added insert the mapping windows login id in the "UniqueID" attribute.
e.g. if your windows login is "joeb" and your domain is "outdoors" the UniqueID will be "joeb@outdoors"
I strongly recommend using Apache DS to browse your LDAP directory and to find out the details of the root, attributes and query string. If you can establish a connection through to your LDAP from ApacheDS, those credentials can be used to establish the required connection on ETLDAP.
Then finally tick that checkbox in Perspectives or Architect that allows Integrated Login.
However, to get SSO working make sure these settings are correct
Code: Select all
In tm1s.cfg
IntegratedSecurityMode=2
PasswordSource=LDAP
LDAPPort=636
LDAPHost=<LDAP server name or IP>
LDAPUseServerAccount=T
LDAPSearchBase=dc=<DOMAIN>,dc=<COM>,dc=<AU> (the correct root of your LDAP domain)
LDAPSearchField=sAMAccountName (or the LDAP property that maps the windows user id)
LDAPVerifyServerSSLCert=T
LDAPSkipSSLCertVerification=T
LDAPVerifyCertServerName=<LDAP server name or IP>
LDAPSkipSSLCRLVerification=T
Next, open the cube }ClientProperties and for the userId you just added insert the mapping windows login id in the "UniqueID" attribute.
e.g. if your windows login is "joeb" and your domain is "outdoors" the UniqueID will be "joeb@outdoors"
I strongly recommend using Apache DS to browse your LDAP directory and to find out the details of the root, attributes and query string. If you can establish a connection through to your LDAP from ApacheDS, those credentials can be used to establish the required connection on ETLDAP.
Then finally tick that checkbox in Perspectives or Architect that allows Integrated Login.