Setting up an LDAP realm in Reporter 9.X.
What information do I need to collect in order to have a successful deployment of an LDAP Realm in Reporter 9.x?
What are the suggested best practices for using the LDAP protocol to connect to your databases in Reporter?
To first setup a LDAP realm in Reporter, you will need to find this information from your LDAP directory administrator:
Novell e Directory
Microsoft Active Directory.
3rd Party LDAP Directory.
For Microsoft Active Directory, the default is:
User Naming Attribute: sAMAccountName
Group Naming Attribute: groupclass
Group class: class
NOTE: For more information on what these attributes mean, see https://kb.bluecoat.com/index?page=content&id=KB3560
Once you have this information, enter it in to the LDAP realm configuration wizard, and then use the test button to ensure it works. You can find this LDAP realm wizard, by clicking on the Administration tab > General settings, External servers and LDAP/Directory.
Best practice: If you have multiple group and user base DNS all over your tree that are spread over multiple partitions and servers, Bluecoat suggest you configure more than one LDAP realm and point them to each base DN. At the time of writting this Knowledge base article, Reporter 9.1.x versions did not support searching through multiple LDAP partitions and servers.
Configuring roles to use with LDAP:
Once you have your LDAP realm successfully configured, it is now time to connect the LDAP groups to roles in Reporter.
In the administration section of Reporter, click on "Access Control" and then Roles.
Once here, configure a role for a database with the filters you desire. To facilitate greater granularity, you can also configure this same role to only show certain fields in your database. Roles cannot directly control which report you can run, but they can control, down to the field, what data it will see. So, while all reports will still run, the restricted data in that report will not show.
The next step, is to troll the LDAP tree for a role, and connect to the role you configured above. The option, right below roles, is called Ldap Groups- click on this. Here you can conduct LIVE searches of your LDAP tree for groups and linke them to the Roles you created above.
TIP: You can type in any search string to find the groupname you desire to connect to. Remember though, the list you see coming back to you is from your LDAP tree.
TIP: We do not support nest groups in any LDAP tree with versions fo Reporter 9.1.x. For information on how to configure this feature, in version 9.2.x and later, see KB3826
TIP: If you are seeing a empty list here, the most probable cause is that the user you were logging in as does not have rights to pull a group list, or the context you provided the Group base DN is wrong.
Once the LDAP group is connected to a Role in Reporter, all users in in that group will have the same access given to that role.
NOTE1: Links to other LDAP articles:
Occasionaly you may choose a nested group, without realizing it, and see this message when you log in:
" in order to view reports in Reporter, your system administrator must set up a database for you to have access to."
Please see this KB article for troubleshooting steps on how to solve this.
For a list of the LDAP error codes you may see in the journal see FAQ813
For an explanation on how you can use IWA methods on your SG, to authenticate, while you use LDAP on your Reporter, see KB3801
For more details on how to your base DN on Active Director ( AD) , see KB4548
For details on how to use the search user, and what rights it needs in AD, see KB4407
For details on how LDAP nested groups work in Reporter, see KB3826
For details on what the LDAP atributes mean, see KB3560
Rate this Page
Please take a moment to complete this form to help us better serve you.