Configuring the Authentication Server to refresh LDAP session credentials
- MultiExcerpt named 'Product_Name' was not found
When refreshing session credentials, the Authentication Service validates the user account on the directory server. The account must exist and be enabled for logging on.
User account attributes that indicate whether an account has been disabled or locked differ across directory servers. The Authentication Service relies on the user validation filters to specify how to validate account attributes. If a custom user validation filter is not defined, the Authentication Service can only verify that the user account has not been deleted.
To refresh session credentials, the Authentication Service might need to authenticate itself to the directory server. If authentication is required, you must define a default LDAP user name and password.
To configure an Authentication Server to refresh LDAP session credentials
On the reports server, start the Application Server Administration console (the
blasadminutility) as follows:
(Windows) Navigate to the BDSSAInstallationDirectory\bin directory and enter the following command:
(UNIX) Navigate to the BDSSAInstallationDirectory/br directory and enter the following command:
Provide a default LDAP user name and password that can be used to log on when refreshing session credentials by entering the following commands:
set Ldap DefaultUser <name>
set Ldap DefaultPassword <password>
To validate that users can log on by using LDAP, enter the following command:
set AuthServer LDAPUserValidationFilter <filter>
<filter>is a validation filter used to validate users for a particular LDAP schema. For more information about user validation filters and examples of typical filters for common LDAP directories, see Using user validation filters.