10 Replies Latest reply: Sep 14, 2015 3:04 AM by chinna katiki RSS

    LDAP Setup(with AD)

    chinna katiki


      Dear Gurus,

       

      we are using Qlikview 11.2 sr8. Currenlly we are using custom authentication and wanted to upgrade to ldap authentication.

       

      Our Qlikview server and and LDAP directory are in 2 different domains .I have added the LDAP directory details under

      QMC-->System-->Setup-->DSC--> Active Directory using LDAP string.(ex: LDAP://xxx.direcotry.xx.com)

       

      Authentication is set as NTLM and Authorization is DMS.

       

      Login page is using the option "Alternate Login Page"

      with all the above settings , I have given access to a user  and that user is able to access the qlikview dashboard in access point only when he put the user id in access point as domain\username.

      if we give only user name(without domain prefix) , he is not able to access the dashboard in access point. getting the login page again.

       

      My query is : How we can avoid using domain prefix to username. / How to make the authentication successful without Domain prefix.

       

      Please suggest.

       

       

      Best Regards,

      Chinna

        • Re: LDAP Setup(with AD)
          chinna katiki

          HI All,

           

          Any one have this kind of issue..Please share your thoughts where you we can append my domain name as prefix to users as a alternate solution..

           

          or

           

          HOw I can customize my acceespoint to give option to select the domain as drop down?

           

          Pls help..

           

          BR,

          Chinna

          • Re: LDAP Setup(with AD)
            Raj Mehetre

            use these settings :

            QMC-->System-->Setup-->Qlikview Web Server - QVWS@xxxxx -> Authentication


            Authentication ->  tick Always

            Type -> tick NTLM

            Login Address : Defaul login page (browser authentication)


            by applying this, it will not ask for login details as it will directly login using single sign on


            Thanks

            Raj



            • Re: LDAP Setup(with AD)
              Bill Britt

              HI,

               

              Are you using IIS or QVWS?

               

              Bill

                • Re: LDAP Setup(with AD)
                  chinna katiki

                  Hi Bill...we are using QVWS...

                  • Re: LDAP Setup(with AD)
                    chinna katiki

                    HI Bill,

                     

                    We are using the attached settings to take the windows system login.as Server and my PC both under same domain.
                    Still it is not working. Please find the attached screenshots.

                     

                    In the capture2.JPG screenshot(under qvws-->authentication-->login adress) if we change it to alternate page, we are prompting for user id and password. if I give my userid as domain\windowslogin and password as my windows password, i'm able to login. But if I ignore the domain name in my userid it is not logging in.

                     

                    Now we do not need automatic login using windows credentials.

                     

                    we are trying to find out , how we can avoid using the domain or how we can append domain in the backend configuration so that users can enter only their windows ID(with out domain).

                     

                    Please suggest your thoughts.

                     

                    BR,

                    Chinna

                  • Re: LDAP Setup(with AD)
                    arjun rao

                    Hi Chinna,

                     

                    Check this link if it is useful.

                     

                    LDAP access configuration

                      • Re: LDAP Setup(with AD)
                        chinna katiki

                        Dear All,

                         

                        Finally I have got the solution from below link by Vlad Gutkovsky(Many many thanks Vlad).

                        Setting a Default Domain with QlikView Web Form Authentication – Infinity Insight Blog

                         

                         

                        Here is the steps I followed.

                         

                        In my configuration,under qlikview webserver, I have set the login page as Alternate web page(which will automatically point to formLogin,htm).

                         

                        I have modified the formLogin.htm to prepend my domain name as suggested by Vlad . So now users do not have to enter domain.

                         

                        PFA screenshots of my configuration. which may help others.

                         

                        ******Amendment*********Edited on 14th Sep 2015********************************

                         

                        in the above link solution is provided for only one domain. As in our case we are having 2 domains, I have modified the script to dynamically prepend the domain name based on username entered.(in my scenario, we can determine the domain based on the username type. if user name is numeric it belongs to "ja" domain, if user name is alphabet it belongs to "ma" domain).

                         

                        Please find the modified script (to be added in formLogin.htm as suggested by Vlad):

                         

                        <script type="text/javascript">

                        function PrependDomain(){

                           var user = document.loginform.username.value;

                        if(!isNaN(user.charAt(0)))

                        {

                        var domain = "japan";

                        }

                        else

                        {

                        var domain = "ma";

                        }

                           if (user.toUpperCase().indexOf(domain) > -1){ //domain has already been entered manually (don't append it again)

                              return true;

                           } else { //domain name has not been entered, append it

                              document.loginform.username.value = domain + "\\" + user;

                           }

                        }

                        </script>

                         

                         

                        BR,

                        Chinna.