Skip to main content
Announcements
Join us at Qlik Connect for 3 magical days of learning, networking,and inspiration! REGISTER TODAY and save!
cancel
Showing results for 
Search instead for 
Did you mean: 
maheshn
Contributor
Contributor

unable to configure LDAP

Hi Experts,

I am trying to configure LDAP in QlikView Publisher under DSC service, while configuring I am getting below

timeout error, Please suggest me the process I need to follow for the LDAP configuration.

 

Thanks,

Mahesh

 

16 Replies
Brett_Bleess
Former Employee
Former Employee

Mahesh, were you able to get things working after Chip's last comment?  I suspect the underlying issue all along was an incorrect setup on the Configuration LDAP directory service provider in the DSC, and that is why things were timing out in that we were not able to make any connection.  Generally getting the correct LDAP string from the directory team is the best way to go, but as Chip mentioned, if you are using Active Directory from Microsoft as your LDAP provider, then using the Active Directory DSP is the way to go in that case.  The thing that will have to be in place if you have more than one domain is a trust relationship between the domains to ensure the domain the server resides in is able to process the login requests...  The DSC is simply reading the directory to get the groups to which the user belongs etc. and provides the user/group list for difference functions in the QMC.  The actually Authentication/Authorization is done by Windows or another third party SSO and the Authorization can be Windows or QlikView Server.  Let us know if switching to Active Directory DSP got everything working or not.

Regards,
Brett

To help users find verified answers, please do not forget to use the "Accept as Solution" button on any post(s) that helped you resolve your problem or question.
I now work a compressed schedule, Tuesday, Wednesday and Thursday, so those will be the days I will reply to any follow-up posts.
maheshn
Contributor
Contributor
Author

Hi @Brett_Bleess @Chip_Matejowsky 

 

There was no trust relationship between the Domains, so we are not able to configure the LDAP, I am working with the LDAP team on this meanwhile could you please provide me few suggestion about how we can implement trust between the domains?

Brett_Bleess
Former Employee
Former Employee

Mahesh, that would be a question for Microsoft Community, as Domain Trusts are Windows OS specific, nothing to do with Qlik, so you should search on Microsoft.com etc.  There should be tons of things if you do a Google search on how to do it etc.

Regards,
Brett

To help users find verified answers, please do not forget to use the "Accept as Solution" button on any post(s) that helped you resolve your problem or question.
I now work a compressed schedule, Tuesday, Wednesday and Thursday, so those will be the days I will reply to any follow-up posts.
Nayakar_Mahesh
Contributor II
Contributor II

@Brett_Bleess @Chip_Matejowsky 

 

Hello Brett & Chip, Thanks for your time, currently LDAP is configured in my ABC domain, we need to add different domain LDAP for user authentication, I had discussed with my LDAP team and they were suggesting me to remove current LDAP configuration and add new LDAP, reason for removing is current LDAP belongs to ABC and new LDAP for XYZ company,

Questions

1) if I remove current LDAP we don't need trust between the two domains right? because here we have only new one,

2) to configure different LDAP’s do we need application and LDAP server to be in the same domain?

 

 

 

Brett_Bleess
Former Employee
Former Employee

Mahesh, the caveat here is that if you change the DSC DSP to point to the XYZ domain, you are going to want to be sure the server(s) are members of XYZ as well such that the actual use auth requests are processes by the same domain as you are using to set distributions etc...  Hopefully this makes sense.  If that is the plan, I would say things should be fine, but my hunch is you may down for a bit while you get everything reset to the new domain as far as the distributions and their users/groups, I would think you want to reset things that way but not sure.  Shout if you have further questions, but hopefully this makes some sense.

Regards,
Brett

To help users find verified answers, please do not forget to use the "Accept as Solution" button on any post(s) that helped you resolve your problem or question.
I now work a compressed schedule, Tuesday, Wednesday and Thursday, so those will be the days I will reply to any follow-up posts.
maheshn
Contributor
Contributor
Author

Hi @Brett_Bleess 

Server which hosts qlikview application and the ldap which is used currently for authorization is in ABC domain, we are trying to configure new LDAP under DSC for XYZ domain, as confirmed earlier we need trust between these two domains to configure LDAP which cannot be established, here in order to explore new things we are planning to do below activity.

1)      remove current LDAP configuration (ABC) and add new LDAP(XYZ), reason for removing is current LDAP belongs to ABC and new LDAP for XYZ company

If I remove current LDAP, we don't need trust between this two domains right? Because here we have only new LDAP that belongs to XYZ,

2)      Please let meknow is there any other possible ways to configure LDAP

Moving current application to new domain we considering it is as last option.

Brett_Bleess
Former Employee
Former Employee

As I tried to explain in my last post, this really boils down to what authentication you are using in the web server resource as well as what Authorization method the QVServer is using, really need to know those settings in order to answer further here.

Regards,
Brett

To help users find verified answers, please do not forget to use the "Accept as Solution" button on any post(s) that helped you resolve your problem or question.
I now work a compressed schedule, Tuesday, Wednesday and Thursday, so those will be the days I will reply to any follow-up posts.