Configuring Windchill Business Reporting (Cognos) with Active Directory Service(ADS)
Starting Windchill 12.0.2.0, Windchill Business Reporting (Cognos) can be configured with Active Directory Server (ADS).
Cognos migration:
• The following configurations are required if you are migrating from the previous Windchill setup with the V3 compliant LDAP Directory Server to ADS.
1. Windchill configurations:
a. Go to > > > > > . Add the following properties in the LDAP adapter on the Windchill side:
▪ Property - <service_name>.windchill.mapping.user.attributes
Value – objectGUID
▪ Property - <service_name>.binaryMode
Value – objectGUID
b. Restart the Windchill Server.
2. Cognos configuration:
Before starting the configurations, take the backup of existing
cogstartup.xml. For more details on Cognos configurations, refer to
Export Cognos configuration from the IBM documentation.
a. Stop the Cognos service.
b. Delete the existing LDAP node.
c. Navigate to > > . Right-click and provide the following details for creating the new namespace:
▪ Name - AdministrativeLDAP.
▪ Type(Group) - LDAP.
▪ Type – LDAP values for Active Directory.
On creating a new namespace, provide the following details:
▪ NamespaceID = <Name> (Eg:- AdministrativeLDAP)
▪ Host and port = <HOST>:<PORT NUMBER>
▪ Base Distinguished Name = <BASE DN>
▪ Bind User DN and Password (specify user@domain)
▪ User lookup = (sAMAccountName=${userID})
▪ User external identity = True
▪ External identity mapping =(sAMAccountName=${environment("REMOTE_USER")})
▪ Unique identifier = objectGUID
d. Update the below mentioned additional attributes:
▪ Folder Mappings (Advanced)
1. Object class = organizationalUnit, organization, container
2. Description = description
3. Name = ou, o, cn
▪ Group Mappings (Advanced)
1. Object class = group
2. Description = description
3. Member = member
4. Name = cn
▪ Account Mappings (Advanced)
1. Object class = user
2. usiness phone= telephonenumber
3. Content locale= preferredlanguage
4. Description= description
5. Email= mail
6. Fax/Phone= facsimiletelephonenumber
7. Given name= givenname
8. Home phone= homephone
9. Mobile phone= mobile
10. Name= cn
11. Pager phone= pager
12. Password= userPassword
13. Postal address= postaladdress
14. Product locale= preferredlanguage
15. Surname= sn
16. Username= sAMAccountName
e. Go to > > and update the SSL Protocol to TLS1.2.
f. Click Save.
g. Right-click on the new namespace created. Click Test. The connection to the namespace should be successful.
h. Restart Cognos.
3. Web Server configuration:
a. Add the following entries to app-cognos-AuthProvider.xml file located at /Apache/conf/:
<provider>
<name> cognos-ldap</name>
<ldapUrl> ldap://<HOST NAME>:<PORT NUMBER>/<BASEDN>?sAMAccountName?sub?(objectClass\=*)</ldapUrl>
<bindDn> <user DN> </bindDn>
<bindPwd> <Password></bindPwd>
</provider>
b. Run the following command at the Web Server prompt from Windchill shell:
ant -f webAppConfig.xml installCognosWebApp
c. Restart the Web Server.
4. Configure db.properties file:
a. Update the Administrator userID and password for the new ADS. The user configured should belong to the Windchill Administrators Group. Set the following properties in the db.properties file and propagate:
wt.cognos.admin.uid
wt.cognos.admin.password
b. Restart the Windchill server.
Recreating Cognos Roles and Capabilities Mapping with the Windchill Groups
2. Restart Windchill and Cognos services.
3. Run the model update command:
ant –f wbr_actions.xml from <WT_HOME>\installer\wnc
For more details on Cognos configurations, refer to the
IBM documentation. For more details on Cognos with ADS configurations, refer
Steps to Configure Cognos With Active Directory.