Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Hi Experts,
I am trying to configure LDAP in QlikView Publisher under DSC service, while configuring I am getting below
timeout error, Please suggest me the process I need to follow for the LDAP configuration.
Thanks,
Mahesh
Mahesh, were you able to get things working after Chip's last comment? I suspect the underlying issue all along was an incorrect setup on the Configuration LDAP directory service provider in the DSC, and that is why things were timing out in that we were not able to make any connection. Generally getting the correct LDAP string from the directory team is the best way to go, but as Chip mentioned, if you are using Active Directory from Microsoft as your LDAP provider, then using the Active Directory DSP is the way to go in that case. The thing that will have to be in place if you have more than one domain is a trust relationship between the domains to ensure the domain the server resides in is able to process the login requests... The DSC is simply reading the directory to get the groups to which the user belongs etc. and provides the user/group list for difference functions in the QMC. The actually Authentication/Authorization is done by Windows or another third party SSO and the Authorization can be Windows or QlikView Server. Let us know if switching to Active Directory DSP got everything working or not.
Regards,
Brett
Hi @Brett_Bleess @Chip_Matejowsky
There was no trust relationship between the Domains, so we are not able to configure the LDAP, I am working with the LDAP team on this meanwhile could you please provide me few suggestion about how we can implement trust between the domains?
Mahesh, that would be a question for Microsoft Community, as Domain Trusts are Windows OS specific, nothing to do with Qlik, so you should search on Microsoft.com etc. There should be tons of things if you do a Google search on how to do it etc.
Regards,
Brett
@Brett_Bleess @Chip_Matejowsky
Hello Brett & Chip, Thanks for your time, currently LDAP is configured in my ABC domain, we need to add different domain LDAP for user authentication, I had discussed with my LDAP team and they were suggesting me to remove current LDAP configuration and add new LDAP, reason for removing is current LDAP belongs to ABC and new LDAP for XYZ company,
Questions
1) if I remove current LDAP we don't need trust between the two domains right? because here we have only new one,
2) to configure different LDAP’s do we need application and LDAP server to be in the same domain?
Mahesh, the caveat here is that if you change the DSC DSP to point to the XYZ domain, you are going to want to be sure the server(s) are members of XYZ as well such that the actual use auth requests are processes by the same domain as you are using to set distributions etc... Hopefully this makes sense. If that is the plan, I would say things should be fine, but my hunch is you may down for a bit while you get everything reset to the new domain as far as the distributions and their users/groups, I would think you want to reset things that way but not sure. Shout if you have further questions, but hopefully this makes some sense.
Regards,
Brett
Server which hosts qlikview application and the ldap which is used currently for authorization is in ABC domain, we are trying to configure new LDAP under DSC for XYZ domain, as confirmed earlier we need trust between these two domains to configure LDAP which cannot be established, here in order to explore new things we are planning to do below activity.
1) remove current LDAP configuration (ABC) and add new LDAP(XYZ), reason for removing is current LDAP belongs to ABC and new LDAP for XYZ company
If I remove current LDAP, we don't need trust between this two domains right? Because here we have only new LDAP that belongs to XYZ,
2) Please let meknow is there any other possible ways to configure LDAP
Moving current application to new domain we considering it is as last option.
As I tried to explain in my last post, this really boils down to what authentication you are using in the web server resource as well as what Authorization method the QVServer is using, really need to know those settings in order to answer further here.
Regards,
Brett