©2019 by Atlantic Analytics. Proudly created with Wix.com

Setting up security for Cognos when you don’t have AD

When dealing with Cognos, security is controlled by a mix of connecting to an authentication provider (like Active Directory) and groups and roles that you can create in Cognos. Users always come from the authentication source.

As a developer, when I need to test something with security in Cognos, I'm always faced with the issue that I either need to have access to multiple user accounts or I have to get different users involved.

To deal with this, I needed a solution to security that I can fully control that lives on my laptop. There are various options you can use, but the one I selected is Apache Directory server. First, we need to make sure we have Java installed.


Download and install JRE 1.8 (jre-8u221-windows-x64)

https://www.oracle.com/technetwork/java/javase/downloads/jre8-downloads-2133155.html

Then we can download Apache Directory server: https://directory.apache.org/apacheds/downloads.html



I accepted most of the defaults when doing the install.

The only path I changed was the path to the JRE I installed in the first step (C:\Program Files (x86)\Java\jre1.8.0_221).

Answer Yes to start the server.

Download and Install Apache Directory Studiohttps://directory.apache.org/studio/

I use all the defaults for this as well.

Once everything is installed, open Apache Directory Studio. In Connections, choose to add a new connection.

On the next tab, add in the default user as your bind account.

The password is secret.

Click Finish.

Expand dc=example,dc=comRight-click and choose New > New Entry.

Click Next, until Finish.

Repeat and type in ou-groups,ou=system

Right-click on ou=users and select New > New entry and choose Create entry from scratch.

Choose inetOrgPerson and click Add.

Click Next.

Choose uid and enter admin. Click next.

Enter values for cn and sn. Click Finish.

Right-click next in the attributes list and click Add New Attribute. Choose userPassword.

Add more users as needed.


In Cognos Configuration, add a new security namespace Cognos_LDAP and select LDAP and LDAP – General Default Values.

The things you need to change here are:

Namespace ID: <namespace name>

Host and Port: localhost:10389

Base Distinguished Name: ou=users,dc=example,dc=com

User Lookup: uid=${userID}

Restart the service.

42 views