MicroStrategy ONE

Setting up LDAP Authentication in MicroStrategy Web, Library, and Mobile

When you have collected the connection information for your LDAP server and your LDAP SDK, you can use the LDAP Connectivity Wizard to set up your LDAP connection. The LDAP Connectivity Wizard helps step you through the initial setup of using your LDAP server to authenticate users and groups in MicroStrategy. The steps to set up your LDAP connection are the same for MicroStrategy Web, MicroStrategy Library, and MicroStrategy Mobile.

  • You have collected the information for your LDAP server, and made decisions regarding the LDAP authentication methods you want to use, as described in Checklist: Information Required for Connecting Your LDAP Server to MicroStrategy
  • If you want Intelligence server to access your LDAP server over a secure SSL connection, you must do the following:
    1. Obtain a valid certificate from your LDAP server and save it on the machine where Intelligence server is installed. The steps to obtain the certificate depend on your LDAP vendor, and the operating system that your LDAP server runs on. For specific steps, refer to the documentation for your LDAP vendor.
    2. Follow the procedure recommended by your operating system to install the certificate.

To Set up LDAP Authentication in MicroStrategy

Connecting Your LDAP Server Using the LDAP Connectivity Wizard

  1. In Developer, log in to a project source, as a user with administrative privileges.
  2. From the Administration menu, select Server, and click LDAP Connectivity Wizard.
  3. On the Welcome page, click Next.
  4. Type the following information:
    • Host: The machine name or IP address of the LDAP server.
    • Port: The network port that the LDAP server uses. For clear text connections, the default value is 389. If you want Intelligence server to access your LDAP over an encrypted SSL connection, the default value is 636.
  5. If you want Intelligence server to access your LDAP over an encrypted SSL connection, select SSL (encrypted). The Server Certificate file field is enabled.
  6. In the Server Certificate file field, depending on your LDAP server vendor, point to the SSL certificate in the following ways:
    • Microsoft Active Directory: No information is required.
    • Sun ONE/iPlanet: Provide the path to the certificate. Do not include the file name.
    • Novell: Provide the path to the certificate, including the file name.
    • IBM: Use Java GSKit 7 to import the certificate, and provide the key database name with full path, starting with the home directory.
    • Open LDAP: Provide the path to the directory that contains the CA certificate file cacert.pem, the server certificate file servercrt.pem, and the server certificate key file serverkey.pem.
  7. Click Next.
  8. Enter the details of your LDAP SDK, and click Next.
  9. Step through the LDAP Connectivity Wizard to enter the remaining information, such as the LDAP search filters to use to find users, whether to import users into MicroStrategy, and so on.
  10. When you have entered all the information, click Finish to exit the LDAP Connectivity Wizard. You are prompted to test the LDAP connection. It is recommended that you test the connection to catch any errors with the connection parameters you have provided.

Enabling LDAP Authentication for Your Project Source

  1. In the Folder List, right-click the project source, and select Modify Project Source.
  2. On the Advanced tab, go to Use LDAP Authentication.
  3. Click OK.

Enabling LDAP Authentication for MicroStrategy Web

  1. From the Windows Start menu go to All Programs > MicroStrategy Tools > Web Administrator.
  2. Select Intelligence Server > Default Properties.
  3. In the Login area, for LDAP Authentication, select the Enabled check box.
  4. Select the Default option to set LDAP as the default authentication mode.

    If your environment includes multiple Intelligence servers connected to one MicroStrategy Web server, users are authenticated to all the Intelligence servers using their LDAP credentials, and then shown a list of projects they can access. However, if one or more of the Intelligence servers does not use LDAP authentication, the projects for those servers may not be displayed. To avoid this scenario, in the Project list drop-down menu, ensure that Show all the projects connected to the Web Server before the user logs in is selected.

  5. Click Save.

Enabling LDAP Authentication for MicroStrategy Library

  1. Launch the Library Admin page by entering the following URL in your web browser

    http://<FQDN>:<port>/MicroStrategyLibrary/admin

    where <FQDN> is the Fully Qualified Domain Name of the machine hosting your MicroStrategy Library application and <port> is the assigned port number.

  2. On the Library Web Server tab, select LDAP from the list of available Authentication Modes.
  3. Click Save.
  4. Restart your Web Server to apply the change.