Initializing help system before first use

LDAP Configuration

Through the LDAP configuration page of the administration web interface, the integration between Xpress Insight and LDAP can be enabled and configured. Open the LDAP Configuration page by selecting the LDAP tab and clicking Edit.

Edit LDAP Configurations

The following table describes each of the fields on this page and its operation. During installation of Xpress Insight some of these fields default to a typical value for AD configuration.

Note If LDAP Mode is changed within Xpress Insight, Xpress Insight Server does not require a restart—User authentication is performed based on the current value of the LDAP Mode field.
Edit LDAP Configuration fields
Field Mandatory Description
Mode Yes
  • Select Disabled to prevent any LDAP synchronisation
  • Select Partial to verify users stored in the Insight database against details retrieved from LDAP
  • Select Full to enable Insight to verify and create a new user, or update an existing user, within Insight if that user has the correct LDAP group membership, see Group membership attribute below.
Note If LDAP Mode is set as Partial or Full, and Tableau is configured to manage the user accounts in Xpress Insight, then Tableau should also use Active Directory.
Insight group Select the LDAP group that grants access to Insight
Tableau group Select the LDAP group that grants access to Tableau
Local accounts enabled Controls whether accounts marked as local can access Xpress Insight. See Local User Accounts for more details on this.
Note If this checkbox is not selected all user account that are marked as local accounts will not be able to log into the system.
Server URL Yes The URL of the LDAP server. For example:
  • ldap://myldapserver
  • ldaps://myldapserver:636
Base suffix Yes

Base suffix from which all operations should originate.

AD Example: DC=corp, DC=mycorp, DC=com

LDAP Example: dc=sample, dc=com

LDAP System user Yes

The user account to use to access the LDAP server.

AD Example: CN=myServiceAccount, OU=Windows Service Accounts, OU=Accounts, DC=corp, DC=mycorp, DC=com

LDAP System password Yes

The LDAP system user password.

Search Base DN No

Base DN where the search should begin.

AD Example: ou=User Accounts, ou=Accounts

LDAP Example: ou=Users

User DN Pattern Yes

User DN pattern (LDAPUserDnPattern).

LDAP examples
  • uid={0}
  • ou={0}

AD example: (sAMAccountName={0})

Username attribute Yes

This maps the Xpress Insight username to the corresponding LDAP attribute within the user record.

LDAP example: uid

AD example: sAMAccountName

First name attribute Yes

This maps the Xpress Insight first name to the corresponding LDAP attribute within the user record.

LDAP example: cn

AD example: givenName

Last name attribute Yes

This maps the Xpress Insight last name to the corresponding LDAP attribute within the user record.

LDAP example: sn

AD example: sn

Email attribute Yes

This maps the Xpress Insight email address to the corresponding LDAP attribute within the user record.

LDAP example: mail

AD example: mail

Group membership attribute Yes

Enter the LDAP field that lists the groups allocated to a user

Parent Topic Managing Users with LDAP

© 2001-2020 Fair Isaac Corporation. All rights reserved. This documentation is the property of Fair Isaac Corporation (“FICO”). Receipt or possession of this documentation does not convey rights to disclose, reproduce, make derivative works, use, or allow others to use it except solely for internal evaluation purposes to determine whether to purchase a license to the software described in this documentation, or as otherwise set forth in a written software license agreement between you and FICO (or a FICO affiliate). Use of this documentation and the software described in it must conform strictly to the foregoing permitted uses, and no other use is permitted.