Roles and LDAP groups

pechonb · Post by **pechonb** » Mon Mar 16, 2009 2:34 pm

Hi all,

I've just installed IBM Information Server 8.1 and I wonder if I have to keep independant user registries or use shared registries with LDAP.
Do you have any suggestions for me ?

To see impact of using LDAP, I decided to install a test server.
I tried to Configure LDAP as indicated in Administration Guide and all seems to be OK. When I grant roles to user, I can connect to web console.
If role is granted to a group where my account is member, this account seems to not inherite roles from group and I receive this message from login window : "User [xxxxxx] does not have the Suite User role."

Do you have any idea ?

Our LDAP Directory is Microsoft Active Directory.

Thanks.

pechonb · Post by **pechonb** » Thu Mar 26, 2009 9:35 am

Hi,

My problem is solved.
The problem was due to Base Distinguished Name syntax. All Attributes need to be upper cased. (DC=xx,DC=yy instead of dc=xx,dc=yy)

I hope this post will help someone.

Bye.

chulett · Post by **chulett** » Thu Mar 26, 2009 9:39 am

Thanks for posting that, I'm sure it will. Seems you were taking point on this one.

JPalatianos · Post by **JPalatianos** » Tue Jul 07, 2009 6:23 pm

Hi pechonb,

I have the same problem and was wondering where you changed the Base distinguished name to all Caps? Was this for the group?

Thanks -- John

U · Post by U » Mon Nov 30, 2009 12:19 am

I am in the midst of trying to implement the same thing, and would appreciate some advice about how to map LDAP groups (Microsoft Active Directory) onto DataStage roles.

There is no advice on this in the DataStage Administrator manual or on-line help, and there does not appear to be any information within the Web Console for Information Server. (Is it just me, or is the help from this particular tool really sparse?)