Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

2 LDAP's and Series 8 1

Status
Not open for further replies.
Rolldice

Rolldice

Programmer
Aug 5, 2002
37
AU
Hello Cognos friends,

Can anybody tell me if it's possible to use the SDK or some other method to apply security to powercubes? Is Access Manager the only way to get user security in the MDL??

We are trying to avoid the administration or having 2 directory servers. The other LDAP is Oracles 10'g OID LDAP which Series 8 can connect to. We have an Application using the OID and we would like Cognos Series 8 to use the same LDAP, but we need cube level security.

If Access Manager is the only way to get cube level security and Access Manager can't connect to the OID it would look like we're not going to get it our way????

Any ideas?

----------------------------------------
Another throw closer to a win ... ???
----------------------------------------
 
Sort by date Sort by votes
Stefan,

Sorry for the delay. The only documentataion I could find on linking external users was using Access Manager, right clicking the users folder and link Users. However this would require us to link to Active Dirrectory wouldn't it??

At this point we are looking at importing users from the OID LDAP using a LDIF file, but this isn't the greatest solution, if we could link SunOne Dirrectly to the OID LDAP that would be excellent.

Have I missed something in your posting?

Thanking you,

----------------------------------------
Another throw closer to a win ... ???
----------------------------------------
 
Upvote 0 Downvote
The cognos OEM Sun ONE software is not always needed.
Access Manager needs to write it's schema in a Directory Server. Either the Sun ONE, or AD.

With External User linking, you still need that schema (let's asume Sun for simplicity) you link the true user from ANY ldap 3.0 compliant source to your Access Manager user. In your case Oracle 10G.

Cube security uses the accman account's friendly name, but underneath uses the Oracle 10G account (fully transparent)

Hence my question; is Oracle 10G ldap 3.0 compliant?

Stefan
 
Upvote 0 Downvote
Stefan,

Yes 10G is LDAP 3.0 compliant.

Cognos 8 is reading from both namespaces no prob's.

When you say 'Link' do I take it that the same true user is in both LDAP's (Sun and OID) i.e. manually entered in each?

I understand the rest, I think I was getting confused with the external linking concept - I thought it would be possible to import the users from one LDAP (OID) into the other LDAP (SunOne) by some means. Or point one LDAP at the other which I guess would be like an 'INTERNAL LINK' - I'm now thinking 'External' linking is really more like external mapping.

Thanks for you help - I'll do the above and let you know how I go..









----------------------------------------
Another throw closer to a win ... ???
----------------------------------------
 
Upvote 0 Downvote
You would end up with just 1 namespace in Cognos 8; being the "Cognos Series 7".
(which is actually directly using the oracle 10G account, as they are linked)

The linking proces, is true linking. Instead of the option "add user" the new option will only be "link user".
(so no need to import or synchronise or anything)

Set all this up in a vmware box and start playing with it to get clearance on the matter.

Stefan
 
Upvote 0 Downvote
Thanks Stefan,

I'll work on true linking - That's def. what we are after.

We also want SSO between an Oracle app. using Oracle portal and Cognos 8 that's why we have included the other namespace from OID. If we have true linking established between OID and SunOne, with only the "Cognos Series 7" namespace in Cognos 8, would the OID namespace still not be needed?






----------------------------------------
Another throw closer to a win ... ???
----------------------------------------
 
Upvote 0 Downvote
You could end up with just the "Cognos Series 7" namespace and SSO if you can find out how Oracle stores the user info, and how Cognos can hook into it. (various ways posible; if Oracle uses REMOTE_USER it's easy.)

But just start with the "External User Linking" to begin with, and focus on SSO later

Stefan
 
Upvote 0 Downvote
Stefan,

For "External User Linking" do I have to set this up on the UNIX box ccs file OR can I do this using Access Manager on my windows PC through the GUI?

Regards



----------------------------------------
Another throw closer to a win ... ???
----------------------------------------
 
Upvote 0 Downvote
I am not much of a unix man, so i would advise to use the Access manager on your windows machine.
Don't forget to play with it using vmware, before firing this off on your production!

Stefan
 
Upvote 0 Downvote
Stefan,

Thanks for all your help.

We got both external linking working (Accman to OID) and SSO up as well.

Your e-mails put us in the right direction

Thanks



----------------------------------------
Another throw closer to a win ... ???
----------------------------------------
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

deborahyr63
  • Locked
  • Question
how to code for service year milestones in 2020
Replies
0
Views
117
deborahyr63
deborahyr63
Magnus_03
  • Locked
  • Question
Cognos 10.2.2 Workspace Advanced Errors (Failed...request, the report server..., and annotation...)
Replies
0
Views
132
Magnus_03
Magnus_03
damzi
  • Locked
  • Question
using 2 measures as one measure in cognos transformer
Replies
0
Views
52
damzi
damzi
misscognos
  • Locked
  • Question
Order of inner and outer joins
Replies
1
Views
98
misscognos
misscognos
ihcc2uni
  • Locked
  • Question
Cognos 10 - Export all reports and details
Replies
0
Views
60
ihcc2uni
ihcc2uni

Part and Inventory Search

Sponsor

Back
Top