Description:

This document explains the steps involved in configuring CA Business Intelligence R2 for LDAP authentication. It also describes the changes required on Service Desk to integrate with CABI using LDAP authentication.

Solution:

CA Business Intelligence (CABI) provides the LDAP security plug-in (secLDAP) that allows mapping user accounts and groups from a LDAP directory to CA Business Intelligence.

Integrating CA Business Intelligence with LDAP allows you to assign LDAP aliases to existing users if their usernames match in CABI.

Steps to configure LDAP authentication within CABI

1. Login to Central Management Console as Administrator
   
   
2. Under Manage Section, select Authentication (see Figure 1)
   
   Figure 1
   

   <Please see attached file for image>

   
   
   
3. In the Authentication window, select the LDAP tab
   
   
4. Click on Start LDAP configuration Wizard button (see Figure 2)
   
   Figure 2
   

   <Please see attached file for image>

   
   
   
5. In the Add LDAP host field, add the hostname with the port number of the LDAP server as hostname:port_number and click on Add (see Figure 3)
   
   Figure 3
   

   <Please see attached file for image>

   
   
   
6. Click on Next
   
   
7. Select the LDAP Server Type from the drop down. If you are using Windows Active Directory, select custom. In this example Novell eDirectory is used (see Figure 4)
   
   Figure 4
   

   <Please see attached file for image>

   
   
   All environments are different in one way or another so you may have the need to change your attribute mappings. If you click Show Attribute Mappings you have the ability to change the LDAP attribute mappings.
   
   Figure 5
   

   <Please see attached file for image>

   
   
   Typical Microsoft Active Directory Mappings would look like this.
   
   Figure 6
   

   <Please see attached file for image>

   
   
   
8. Click Next
   
   
9. In the Base LDAP Distinguished Name field enter the Search Base Ex: o=Myorg,dc=MyDomain (see Figure 7)
   
   Figure 7
   

   <Please see attached file for image>

   
   
   
10. Click on Next
    
    
11. In the Distinguished name field enter the LDAP DN of the user who has access to the LDAP server.
    
    
12. In the Password field enter the password for the Admin user (see Figure 8)
    
    Figure 8
    

    <Please see attached file for image>

    
    
    LDAP Referral Credentials should be provided only if all the following apply
    
    
    • The primary host has been configured to refer to another directory server that handles queries for entries under a specified base.
      
      
    • The host being referred to has been configured to not allow anonymous binding.
      
      
    • A group from the host being referred to will be mapped to BusinessObjects Enterprise.
      
      
13. Click on Next
    
    
14. Type of SSL authentication is Basic. Click Next
    
    
15. LDAP single sign-on authentication is Basic (No SSO), Click Next
    
    
16. In the LDAP aliases configuration screen, it is recommended to leave the default settings. Click Next
    
    
17. Click Finish. This will display all the settings under the LDAP tab (see Figure 9)
    
    Figure 9
    

    <Please see attached file for image>

    
    
    
18. In the Mapped LDAP Members Groups, specify the LDAP group name which contains the users who need access to CABI. Enter the CN or the DN of the group and click on Update (see Figure 10)
    
    Figure 10
    

    <Please see attached file for image>

    
    
    
19. Click on Home link to go back to home page of the Central Management Console.
    
    
20. Select Users. From the list of users, if you have a matching LDAP user selects the user (i.e. ServiceDesk)
    
    
21. In the ServiceDesk user details screen, scroll down and click on New Alias (see Figure 11)
    
    Figure 11
    

    <Please see attached file for image>

    
    
    
22. In the Account Name field, enter the LDAP userid and click Ok. It will fetch the user information and assign the alias (see Figure 12)
    
    Figure 12
    

    <Please see attached file for image>

    
    
    
23. Click on Update
    
    
24. Now you can login to Infoview using LDAP authentication (see Figure 13)
    
    Figure 13
    

    <Please see attached file for image>

    

Steps to configure CABI options in ServiceDesk for LDAP authentication

1. Login to ServiceDesk with an Administrator type account
   
   
2. Go to Administration -> Options Manager -> Web Report
   
   
3. Change the bo_server_auth option to secExternal (see Figure 14)
   
   Figure 14
   

   <Please see attached file for image>

   
   
   
4. Recycle the CA Service Desk service.
   
   
5. Login to Service Desk as the LDAP user and click on Reports tab. The reports are displayed after getting authenticated by both the LDAP server and CABI.

Release:
Component: ARGIS