BY NIKITA ATKINS, PRINCIPAL CONSULTANT
Installing and configuring Apache Directory Service (LDAP) for Cognos BI 10.2.1
This blog is designed for Cognos Administrators, describes how to configure the Apache Directory Service (LDAP) in combination with IBM Cognos 10.2.1. The purpose here was a demo platform, so please don't deduct any best practices from this, and don't forget to read the notes at the bottom.
What is Apache Directory?
The Apache Directory Project (http://directory.apache.org/) is an open source project of the Apache Software Foundation, providing solutions entirely written in Java. These include a directory server, which has been certified as LDAP v3 compliant by the Open Group (ApacheDS), and Eclipse-based directory tools (Apache Directory Studio). In the below sections, we'll use both in our integration steps.
When should I use Apache Directory?
Apache Directory Project is an authentication provider which can be used with IBM Cognos BI. ApacheDS can be useful if you don't have a Directory Server in your organisation or you just want to install a demo platform.
In previous IBM Cognos BI versions you could use the Microsoft Windows NTLM namespace on Windows, but this is no longer supported since Cognos 10.2.
Neither are Series 7 Cognos Access Manager and Sun ONE Directory Server supplied as with pre 8.4 IBM Cognos BI versions.
What elements make up Apache Directory?
- Apache Directory Server (ApacheDS): is an extensible and embeddable directory server entirely written in Java, which has been certified LDAPv3 compatible by the Open Group. Besides LDAP (Lightweight Directory Access Protocol) it supports Kerberos 5 and the Change Password Protocol. It has been designed to introduce triggers, stored procedures, queues and views to the world of LDAP which has lacked these rich constructs.
- Apache Directory Studio: is an Eclipse RCP application and a complete directory tooling platform intended to be used with any LDAP server, however it is particularly designed for use with the ApacheDS.
Note that officially Cognos Express does not support LDAP. If you want to set up a custom authentication source for Cognos Express you must use Microsoft Active Directory Service.
Create Apache Directory Environment
Install ApacheDS Software
- ApacheDS is a multi-platform application and runs on Mac OS X, Linux and Windows.
- Open http://directory.apache.org/apacheds/downloads.html in browser and download installer (~10MB) for your platform.
Insert Image 1
- Installation process should be started by right clicking on the downloaded exe file and ""Run as Administrator"".
- Attention is needed on the below screen shot that asks to locate the java run time. If installing on the same computer as Cognos BI Server you can use the following director: C:\Program Files\ibm\cognos\c10_64\bin64\ire\7.0\
Insert Image 2
Users who don't have JRE installed should abandon the install (click Cancel). Install the JRE and re-run the ApacheDS install.
- On the completion of installation, you can see 'ApacheDS - default' as a new windows service (Start->Programs->Administrative Tools->Services). The default port used by ApacheDS for Idap service is 10389.
Insert Image 3
- Installer for Apache Director Studio can be downloaded from the following directory: http://directory.apache.org/studio/downloads.html
- Once downloaded, right click and ""Run as Administrator"".
- Once installed you can find folders and icons in 'Start-> Program Files' as shown below. Click on 'Apache Directory Studio' link in 'Apache Directory Studio' folder.
Insert Image 4
Configure Apache Directory
- Create Connection with LDAP server. The bottom left corner shows all of the LDAP connections. As can be seen, the view is empty, meaning a connection still needs to be specified. To create a new connection, click the New Connection button.
- Enter a Connection name, this can be anything, ""ApacheDS"" in this example.
- Enter the Hostname server, ""localhost"" in this example.
- Enter the Port number of Apache DS, by default this is ""10389"".
- Manipulate other options as you please and click ""Next"".
- Enter the authentication parameters, by default the Bind DN is ""ui=admin,ou=system"" and the Bind password is ""secret"". Obviously change this for non-demo use. Click ""Next"".
- The remaining screens, I left standard. Click ""Finish"".
- Browse the directory:The LDAP Browser view is on the top left. The category DIT shows the hierarchical content of the directory. You may expand and collapse the tree. When selecting an entry its attributes and values will be displayed in an Entry editor.In the DIT category the directory information tree of the LDAP directory is displayed in its natural hierarchical structure. The first hierarchy level contains the base entries, the Root DSE and the schema entry. When expanding an entry its direct children are fetched from directory. To expand and collapse an entry you could also double-click.
The following icons are used to distinguish entry types:
- The below screen shot showing the attributes for User admin (uid=admin). To add more attributes as per your needs, click on 'New Attribute...' icon (pointed with arrow below).
Please see the second instalment of this blog - Installing ApacheDS for Cognos Part 2 - Create Group Objects.