7 Replies Latest reply: Jan 3, 2013 1:15 PM by Bill Britt RSS

    Purpose of Configurable LDAP

      Hi All,

      I had a requirement to use the lotus domino directory user to authorize and authenticate the QlikView. First, I thought that the Configurable LDAP in QV 10 will help me solve the issues. I'm successfully connected to the Domino LDAP and even list the users as well as assignning the Name CAL to the user. However, when I try to login to AccessPoint using the LDAP user, it failed. So I assume that the purpose of Configurable LDAP is ony extracting the user info but not the password for me to login. Please can someone clarify on this?

      Thanks and Regards,

      Yong

        • Purpose of Configurable LDAP
          Jay Jakosky

          You are correct that LDAP provides a list of users that can be used to configure CAL assignment and document authorization. Custom LDAP does not do authentication, only authorization.

          What you are doing is good, but you need to add ticketing. Ticketing is QlikView's approach to support alternatives to Integrated Windows Authentication. Ticketing puts the responsibility for authentication on the developer. YOU must figure out how to confirm that the user is who he says he is. Ticketing is the method by which an already authenticated user is allowed to connect to the server. By providing QlikView Server the name of the user when the ticket is generated, you tie the ticket and the user session to that username. From there the username is looked up in the Directory Service (configurable LDAP) and authorized documents are presented.

          Ticketing is not for the non-technical, but it works well. Read chapter 16 of the Server reference manual for a discussion of the various topics. Specifically 16.4 on "Server Side Authentication Get Ticket Process".

            • Purpose of Configurable LDAP

              Hi Jay,

              Thanks for the reply. I'm now working on the authentication part. I manage to authenticate the user through the LDAP using the customize login page using .NET. Now I'm stuck on the ticketing part. I'm now trying on the header name using Fiddler but I'm always redirected to login page. Is this header name going to work on .Net login page? Is the Configurable LDAP still neccessary if I manage to use ticketing and based on the username to authorize the user?I just need to assign the username to the authorization part only rite? I didn't see any point that I still need the configurable LDAP anymore if there is no Publisher.

              Thanks,

              YSL