AUTHENTICATIONMODULE

Specifies the configuration needed for custom external authentication using Analytic Services libraries.

This version of the AUTHENTICATIONMODULE setting is supported for backward compatibility. It is strongly recommended that you implement the Hyperion security plaform; for more information, see Configuration for External Authentication in the security platform section.

Syntax

AUTHENTICATIONMODULE module_name library_name max_wait_time default_connection_parameters@hostname:port_number

 module_name The name of the authentication module. Use the value that corresponds to the external authentication server you plan to use:
  • "LDAP" for LDAP V3-compliant servers
  • "MSAD" for MSAD

Please contact Product Management for more information about implementing custom authentication protocols.

 library_name The directory path and name of the library that implements the authentication protocol. For all platforms, the library that implements the authentication protocol is located in ARBORPATH\bin. The library name depends on the type of external authentication, and the operating system where you have installed Analytic Services.

For LDAP:

  • WINDOWS: essldap.dll
  • SOLARIS: libessldap.so
  • AIX: libessldapS.a
  • HP: libessldap.sl

For MSAD:

  • WINDOWS: essmsad.dll essmsad.lib
  • SOLARIS: libessmsad.so.1
  • AIX: libessmsadS.a
  • HP: libessmsad.sl
 max_wait_time The connection timeout period, in seconds.
 default_connection_parameters The default value is FALSE. Valid values can be anything representing private data needed to authenticate the user with the authentication protocol. For example, in an LDAP schema, default connection parameters would be the portion of the DN (Distinguished Name) other than the user name. Size of ddefault_connection_parameters cannot exceed 256 bytes.
 @host_name:port_number The host name and port number of the directory server that authenticates the user.

For example, this could be the host name and port number of an LDAP directory running on the network.

Note:You must type the character "@" before the host name, and type the character ":" between host name and port number.

Notes

Example

Example 1

The entries in this example allow users in the group Engineers from domain yahoo.com to be authenticated on host Gorky, via port number 389, with a timeout period of 30 seconds.

AuthenticationModule LDAP essldap.dll 30 cn=Engineers, ou=Groups, dc=yahoo, dc=com@Gorky:389

Example 2

The entries in this example allow users in the group Engineers from domain yahoo.com to be authenticated on host 129.63.140.122, via port number 389, with a timeout period of 45 seconds.

AuthenticationModule MSAD essmsad.dll essmsad.lib 45 cn=Engineers, ou=Groups, dc=yahoo, dc=com@129.63.140.122:389

©2004 Hyperion Solutions Corporation. All Rights Reserved.
http://www.hyperion.com