Solutions

When I am creating a Reporter, LDAP Realm, what do the three attributes mean?

Solutions ID:    KB3560
Version:    4.0
Status:    Published
Published date:    11/20/2009
Updated:    01/20/2011
 

Problem Description

What is the User Naming Attribute used for in the Reporter, LDAP realm?

What is the Group Naming Attribute used for  in the Reporter, LDAP realm?

What is the Group Class attribute used for in the Reporter, LDAP realm?

How are these attributes used to identify users and groups in the Reporter, LDAP realm? 

How does the test button, at the end of the LDAP Realm setup wizard, work?

Resolution

Explanation of the User Naming Attribute:

The main purpose of the User Naming Attribute of  "sAMAccountName" is to  identify, and search for users.   The user naming attribute is used,  by the LDAP protocol, to  match  users in your active Directory tree with those who login to reporter. The test button, at the end of the Realm Setup wizard, uses this attribute to search for users. it declares success once it finds a user.

In Micorosofts Active Directory the login ID is stored in the attribute “sAMAccountName” for historical reasons. (Prior to Microsofts Activie Directory,  SAM was the user database for Micosoft domains. )  If the user naming attribute is set to “sAMAccountName” then the user would login with the name, such as  “Bob.Kent” , which would cause reporter to make a search for “sAMAccountName=Bob.Kent”

By default, this attribute is set to "sAMAccountName", but we allow the administrator to change it to other attributes, such as "displayName", if desired.

In Active Directory the full name of the user is stored in the attribute “displayName”.  For Bob Kent the display name would be “Bob Kent”.  If  “displayName” is set as the user naming attribute in Reporter then the user would login with the name of  “Bob Kent” and the LDAP search would be for “displayName=Bob Kent”.

Explanation of Group Naming Attribute:

The  Group Naming Attribute of  "memberOf" is used to list the groups that each user is a member of in the LDAP tree.  The group naming attribute is an attribute of a user in LDAP whose values are the user’s group memberships for group to role mapping in Reporter. This is used, after authentication of a user,  to list the group membership of each user, and thereby allow access to to the pre-defined roles within the Reporter server, and it's database(s).

Explanation of Group Class:

The Group Class is a globally identifiable class used to search for any available groups within your defined LDAP realm.  The search begins at the pre-defined Base DN, and continues down.  This is mostly used from the UI when mapping an LDAP group to role(s) in Reporter.

 

NOTE: For more information on how to setup a Reporter, LDAP, Realm please see KB3353


Rate this Page

Please take a moment to complete this form to help us better serve you.

Did this document help answer your question?
 
 
If you are finished providing feedback, please click the RATE CONTENT button. Otherwise, please add more detail in the following text box and then click RATE CONTENT.
 
 

Your response will be used to improve our document content.

Ask a Question