In Cognos environments which authenticate against LDAP or Active Directory, MotioPI can be configured to pull information directly from the external security provider. This enables some of the advanced features in the User Access panel without requiring a stored credential for each user.
Luckily, MotioPI can easily pull LDAP / Active Directory configuration information directly from your cogstartup.xml file. This is the file which stores all selections made in the Cognos Configuration UI – its located in your Cognos installation folder at <cognos-install-root>/configuration/cogstartup.xml ).
This blog entry will walk you through the steps required to tell MotioPI about your LDAP or Active Directory instance.
1. First go to File -> Preferences
2. Now select the LDAP/Active Directory Tab
3. To edit the settings, click the Change Settings button
4. Now you need to fill in your settings. This is where the cogstartup.xml comes in handy. Grab the cogstartup.xml file from your Cognos server and save it locally. Then use the “…” button to point MotioPI at the cogstartup.xml file. Click on the refresh button, and MotioPI will populate the LDAP / AD settings on this screen based on the values stored in cogstartup.xml.
5. You will now see most of your settings filled in
6. Next you’ll need to fill in your Bind User and Bind Password. These cannot be gleaned from cogstartup.xml since they are stored in encrypted format.
7. Once you have the Bind User / Password filled in, click the refresh button for Base DN and it will populate for you.
8. You can now test your connection, by clicking Test Connection
9. You will then see a message indicating that the test was successful.
10. Now click OK to save the settings.
11. You will now see your settings saved. Click OK to complete your changes.
To complete the connection, click on the Account Query tab. In the lower section select the LDAP/AD radio button, then click ok. MotioPI will now query directly to your LDAP or AD.
That’s it. Now MotioPI knows how to talk directly to your LDAP or Active Directory security provider.