IBM Cognos and Motio Best Practices Blog

LDAP and Active Directory Support in MotioPI

Posted by Holly Rice on Thu, Mar 15, 2012 @ 01:58 PM
Find me on:

In Cognos environments which authenticate against LDAP or Active Directory, MotioPI can be configured to pull information directly from the external security provider. This enables some of the advanced features in the User Access panel without requiring a stored credential for each user.

Luckily, MotioPI can easily pull LDAP / Active Directory configuration information directly from your cogstartup.xml file. This is the file which stores all selections made in the Cognos Configuration UI - its located in your Cognos installation folder at <cognos-install-root>/configuration/cogstartup.xml ).

This blog entry will walk you through the steps required to tell MotioPI about your LDAP or Active Directory instance.

1. First go to File -> Preferences
File Pref resized 600

2. Now select the LDAP/Active Directory Tab
LDAPConnection SelectingADConfig

3. To edit the settings, click the Change Settings button
LDAPConnection SelectingADChangeSettings

4. Now you need to fill in your settings. This is where the cogstartup.xml comes in handy. Grab the cogstartup.xml file from your Cognos server and save it locally. Then use the "..." button to point MotioPI at the cogstartup.xml file. Click on the refresh button, and MotioPI will populate the LDAP / AD settings on this screen based on the values stored in cogstartup.xml.
LDAPConnection PopulatingViaCogstartup

5. You will now see most of your settings filled in
LDAPConnection PopulatedFromCogstartup

6. Next you'll need to fill in your Bind User and Bind Password. These cannot be gleaned from cogstartup.xml since they are stored in encrypted format.
LDAPConnection EnterBindUserAndPassword

7. Once you have the Bind User / Password filled in, click the refresh button for Base DN and it will populate for you.
LDAPConnection SelectingBaseDN

8. You can now test your connection, by clicking Test Connection
LDAPConnection TestADConnection

9. You will then see a message indicating that the test was successful.
LDAPConnection ADTestSuccess

10. Now click OK to save the settings.

11. You will now see your settings saved. Click OK to complete your changes.
LDAPConnection ViewSavedADSettings

 

To complete the connection, click on the Account Query tab. In the lower section select the LDAP/AD radio button, then click ok. MotioPI will now query directly to your LDAP or AD.

 

That's it. Now MotioPI knows how to talk directly to your LDAP or Active Directory security provider.

Tags: troubleshooting, getting started with MotioPI, motiopi