MicroStrategy ONE
Implement LDAP Authentication Using Directory Service
If you use an LDAP directory to centrally manage users in your environment, you can implement LDAP authentication in MicroStrategy Workstation from Directory Service. Group membership can be maintained in the LDAP directory without having to also be defined in Intelligence Server. LDAP authentication identifies users in an LDAP directory which MicroStrategy can connect to through an LDAP server.
The ability to view or edit certain settings is determined by a user's privileges. All necessary privileges are included in the Administrator role by default. You must belong to the System Administrators group to use this feature.
Before getting started, see Information Required to Connect Your LDAP Server and Access Directory Service.
Lightweight Directory Access Protocol (LDAP) is an open standard Internet protocol running over TCP/IP that is designed to maintain and work with large user directory services. It provides a standard way for applications to request and manage user and group directory information. LDAP performs simple Select operations against large directories, in which the goal is to retrieve a collection of attributes with simple qualifications, for example, Select all the employees' phone numbers in the support division.
An LDAP authentication system consists of two components: an LDAP server and an LDAP directory. An LDAP server is a program that implements the LDAP protocol and controls access to an LDAP directory of user and group accounts. An LDAP directory is the storage location and structure of user and group accounts on an LDAP server. Before information from an LDAP directory can be searched and retrieved, a connection to the LDAP server must be established.
Access Directory Service
- In the Navigation pane, click Environments.
- Right-click the connected environment and choose Directory Service > Configure Directory Service.
Information Required to Connect Your LDAP Server
Before beginning the process, ensure you have the following connection details for your LDAP server:
- The machine name or IP address of the LDAP server.
- The network port that the LDAP server uses.
- Whether the LDAP server is accessed using clear text, or over an encrypted SSL connection. If you are using an SSL connection, you need to do the following before you begin to set up LDAP:
- Obtain a valid certificate from your LDAP server and save it on the machine where Intelligence Server is installed.
- Follow the procedure recommended by your operating system to install the certificate.
- Details of your LDAP SDK. The LDAP SDK is a set of connectivity file libraries (DLLs) that MicroStrategy uses to communicate with the LDAP server. For information on the requirements for your LDAP SDK, and for steps to set up the SDK, see Setting Up LDAP SDK Connectivity.
- Your LDAP search settings, which allow Intelligence Server to effectively search through your LDAP directory to authenticate and import users. For information on defining LDAP search settings, see Defining LDAP Search Filters to Verify and Import Users and Groups at Login.
- The user name and password of an LDAP user who can search the LDAP directory. This user is called the authentication user, and is used by the Intelligence Server to connect to the LDAP server. Typically, this user has administrative privileges for your LDAP server.