Solved: Purpose of Configurable LDAP - Qlik Community

Report Inappropriate Content · ‎2010-11-23

Hi All,

I had a requirement to use the lotus domino directory user to authorize and authenticate the QlikView. First, I thought that the Configurable LDAP in QV 10 will help me solve the issues. I'm successfully connected to the Domino LDAP and even list the users as well as assignning the Name CAL to the user. However, when I try to login to AccessPoint using the LDAP user, it failed. So I assume that the purpose of Configurable LDAP is ony extracting the user info but not the password for me to login. Please can someone clarify on this?

Thanks and Regards,

Yong

Report Inappropriate Content · ‎2010-11-23

You are correct that LDAP provides a list of users that can be used to configure CAL assignment and document authorization. Custom LDAP does not do authentication, only authorization.

What you are doing is good, but you need to add ticketing. Ticketing is QlikView's approach to support alternatives to Integrated Windows Authentication. Ticketing puts the responsibility for authentication on the developer. YOU must figure out how to confirm that the user is who he says he is. Ticketing is the method by which an already authenticated user is allowed to connect to the server. By providing QlikView Server the name of the user when the ticket is generated, you tie the ticket and the user session to that username. From there the username is looked up in the Directory Service (configurable LDAP) and authorized documents are presented.

Ticketing is not for the non-technical, but it works well. Read chapter 16 of the Server reference manual for a discussion of the various topics. Specifically 16.4 on "Server Side Authentication Get Ticket Process".

View solution in original post

Report Inappropriate Content · ‎2010-11-23

You are correct that LDAP provides a list of users that can be used to configure CAL assignment and document authorization. Custom LDAP does not do authentication, only authorization.

What you are doing is good, but you need to add ticketing. Ticketing is QlikView's approach to support alternatives to Integrated Windows Authentication. Ticketing puts the responsibility for authentication on the developer. YOU must figure out how to confirm that the user is who he says he is. Ticketing is the method by which an already authenticated user is allowed to connect to the server. By providing QlikView Server the name of the user when the ticket is generated, you tie the ticket and the user session to that username. From there the username is looked up in the Directory Service (configurable LDAP) and authorized documents are presented.

Ticketing is not for the non-technical, but it works well. Read chapter 16 of the Server reference manual for a discussion of the various topics. Specifically 16.4 on "Server Side Authentication Get Ticket Process".

Report Inappropriate Content · ‎2010-11-26

Hi Jay,

Thanks for the reply. I'm now working on the authentication part. I manage to authenticate the user through the LDAP using the customize login page using .NET. Now I'm stuck on the ticketing part. I'm now trying on the header name using Fiddler but I'm always redirected to login page. Is this header name going to work on .Net login page? Is the Configurable LDAP still neccessary if I manage to use ticketing and based on the username to authorize the user?I just need to assign the username to the authorization part only rite? I didn't see any point that I still need the configurable LDAP anymore if there is no Publisher.

Thanks,

YSL

Report Inappropriate Content · ‎2010-11-26

You need a directory service for QlikView server and publisher to check. You don't need configurable LDAP, you could use Custom Users instead, but you need something.

One approach to take is this... Have the .NET logon page run as a user in the QlikView Administrator's group. Issue a request for a ticket to QV server according to the documentation. Redirect the user to the formatted URL that contains the ticket value.

If you need more information, just ask.

Report Inappropriate Content · ‎2010-11-26

Hi Jay,

If I use Custom Users, I need to add in those user manually in the directory with the password? But I had already authenticate the user through ldap, I don't need the user to login 2nd time again. So is that mean i still need the configurable LDAP if not the user wont be able to login to the accesspoint?

How do I make the logon page to run as QV administrator? Is it I had to done it on the .Net code? Let's said the user already successfully authenticate through LDAP, then after that i assign the username to QV administrator Group?

Report Inappropriate Content · ‎2010-11-26

Hi,

I had gone through some of the sample of ticketing. Seems like if I use ticketing, I'm not able to use AccessPoint? How should i get the authenticated user to access the QV accesspoint?

Report Inappropriate Content · ‎2013-01-03

Hi, Did you manage to do that? Use LDAP authentication with accesspoint.

I have the same requirement too.

Bill_Britt · ‎2013-01-03

You should be able to access the AccessPoint when using WebTickets. The URL show look something like the below.

http://qv11/QvAJAXZfc/Authenticate.aspx?type=html&webticket=ghDqsPf5OSzcIXFToiKLXHOkN3C3I713T0lGFaDp...

Bill - Principal Technical Support Engineer at Qlik
To help users find verified answers, please don't forget to use the "Accept as Solution" button on any posts that helped you resolve your problem or question.