Skip to main content
OnCommand Insight

Configuring LDAP for Reporting

Contributors netapp-alavoie
PDFs

From the Data Warehouse portal, the Administrator can configure LDAP usage for Data Warehouse and Reporting.

Before you begin

You must log in to Insight as an Administrator to perform this task.

For all Secure Active Directory (i.e. LDAPS) users, you must use the AD server name exactly as it is defined in the certificate. You can not use IP address for secure AD login.

Note If you changed server.keystore and/or server.trustore passwords using securityadmin, restart the sanscreen service before importing the LDAP certificate.

Steps

  1. Log in to the Data Warehouse Portal at https://hostname/dwh, where hostname is the name of the system on which OnCommand Insight Data Warehouse is installed.

  2. From the navigation pane on the left, click User Management.

  3. Click LDAP Configuration.

  4. Select Enable LDAP to start the LDAP user authentication and authorization process.

  5. Make whatever changes are necessary to configure LDAP.

    The majority of the fields contain default values. The default settings are valid for the Active Directory.

    • User principal name attribute

      Attribute that identifies each user in the LDAP server. Default is userPrincipalName, which is globally unique. OnCommand Insight attempts to match the contents of this attribute with the username that has been supplied above.

    • Role attribute

      LDAP attribute that identifies the user's fit within the specified group. Default is memberOf.

    • Mail attribute

      LDAP attribute that identifies the user's email address. Default is mail. This is useful if you want to subscribe to reports available from OnCommand Insight. Insight picks up the user's email address the first time each user logs in and does not look for it after that.

      Note

      If the user's email address changes on the LDAP server, be sure to update it in Insight.

    • Distinguished name attribute

      LDAP attribute that identifies the user's distinguished name. default is distinguishedName.

    • Referral

      Indicates whether to follow the path to other domains if there are multiple domains in the enterprise. You must always use the default follow setting.

    • Timeout

      Length of time to wait for a response from the LDAP server before timing out, in milliseconds. default is 2,000, which is adequate in all cases and should not be modified.

    • LDAP servers

      This is the IP address or DNS name to identify the LDAP server. To identify a specific port, where ldap-server-address is the name of the LDAP server, you can use the following format:

      ldap://ldap-server-address:port

      To use the default port, you can use the following format:

      ldap://ldap-server-address
      Note 
      When entering multiple LDAP servers in this field, separate entries with a comma, and ensure that the correct port number is used in each entry.

      + To import the LDAP certificates, click Import Certificates and automatically import or manually locate the certificate files.

    • Domain

      LDAP node where OnCommand Insight should start looking for the LDAP user. Typically this is the top-level domain for the organization. For example:

      DC=<enterprise>,DC=com

    • Insight server admins group

      LDAP group for users with Insight Server Administrator privileges. Default is insight.server.admins.

    • Insight administrators group

      LDAP group for users with Insight Administrator privileges. Default is insight.admins.

    • Insight users group

      LDAP group for users with Insight User privileges. Default is insight.users.

    • Insight guests group

      LDAP group for users with Insight Guest privileges. Default is insight.guests.

    • Reporting administrators group

      LDAP group for users with Insight Reporting administrator privileges. Default is insight.report.admins.

    • Reporting pro authors group

      LDAP group for users with Insight Reporting pro authors privileges. Default is insight.report.proauthors.

    • Reporting business authors group

      LDAP group for users with Insight Reporting business authors privileges. Default is insight.report.business.authors.

    • Reporting business consumers group

      LDAP group for users with Insight Reporting business consumers privileges. Default is insight.report.business.consumers.

    • Reporting recipients group

      LDAP group for users with Insight Reporting recipient privileges. Default is insight.report.recipients.

  6. Enter values in the Directory lookup user and Directory lookup user password fields if you made any changes.

    If you do not enter the revised values in these fields, your changes are not saved.

  7. Retype the directory lookup user password in the Confirm directory lookup user password field, and click Validate Password to validate the password on the server.

  8. Click Update to save the changes. Click Cancel to remove changes.