You can configure security settings from User Management in the left navigation panel.
Prerequisites
- You have Admin permissions (ROLE_ADMIN) assigned to your User Profile.
- You have the ability to look at (or get information from) attributes on User and Group LDAP objects. This can be done through CLI, using ldapsearch or through an LDAP object browser.
Configure Security Settings for Active Directory and LDAP
This section describes how to configure security settings for the Active Directory and LDAP connection types.
Note You must add specific script settings in owl-env.sh or ConfigMap when configuring LDAP and Active Directory. For more information, go to Configurations in owl-env.sh or ConfigMap.
For information about mapping an AD Group to a Collibra DQ role, go to AD Group to Role Mapping.
For information about configuration settings for Active Directory and LDAP, select the applicable tab below.
- Active Directory
- LDAP
Configure Active Directory Settings
Configure security settings for Active Directory by navigating to User Management, in the left navigation panel, and selecting AD Security.
The following table shows the available input fields for the Active Directory connection type.
Note An asterisk (*) next to a setting represents a required input field.
| Setting | Description |
|---|---|
| Connection Type | Select Active Directory from this dropdown. |
| Page Size | Set a value greater than 0 to control query page size. |
| Host* | Hostname or URL of your LDAP or LDAPS server, for example, ldap://12.345.678.90. |
| Port* |
Port to connect to your LDAP or LDAPS server. Note The default ports are 389 for LDAP and 636 for LDAPS. |
| Base Path* |
Base path configured for LDAP. The value entered is the base domain information and the format is usually DC=xxxx,DC=com. |
| Group Search Path |
Organizational Units where the Groups are located. It is based on the LDAP setup. The value entered is the domain object path where the groups are located; for example, OU=OwlGroups,OU=Groups (this value is combined with the Base Path to look for groups).
Tip You can use a wildcard in this field to limit the search results. For example, to see only the groups where the common name starts with "Collibra", enter cn=Collibra* in the Group Search Path field. You will now see only groups that start with the name "Collibra" (CollibraPublic, CollibraAdmin, etc.). Note After Group Search Path is configured, it is recommended that you restart the Collibra DQ web application. |
| Domain |
The domain name used to signify when non-local users log in. Note This field applies only to Active Directory configurations. |
| Bind User | DN of an admin user that is used for authentication; for example, [email protected]. |
| Bind Password | Password of an admin user for the bind account. |
Configure LDAP Settings
Configure LDAP security settings by navigating to User Management, in the left navigation panel, and selecting AD Security.
The following table shows the available input fields for the LDAP connection type.
Note An asterisk (*) next to a setting represents a required input field. A restart of the Collibra DQ web application may be needed for values to take effect.
| Setting | Description |
|---|---|
| Connection Type | Select LDAP from this dropdown. |
| Page Size | Set a value greater than 0 to control query page size. |
| Host* | Hostname or URL of your LDAP or LDAPS server, for example, ldap://12.345.678.90. |
| Port* |
Port to connect to your LDAP or LDAPS server. Note The default ports are 389 for LDAP and 636 for LDAPS. |
| Base Path* |
Base path configured for LDAP. The value entered is the base domain information and the format is usually DC=xxxx,DC=com. |
| Group Search Path |
Organizational Units where the Groups are located. It is based on the LDAP setup. The value entered is the domain object path where the groups are located; for example, OU=OwlGroups,OU=Groups (this value is combined with the Base Path to look for groups).
Tip You can use a wildcard in this field to limit the search results. For example, to see only the groups where the common name starts with "Collibra", enter cn=Collibra* in the Group Search Path field. You will now see only groups that start with the name "Collibra" (CollibraPublic, CollibraAdmin, etc.). Note After Group Search Path is configured, it is recommended that you restart the Collibra DQ web application. |
| Domain |
The domain name used to signify when non-local users log in. Note This field applies only to Active Directory configurations. |
| User Search Base | Base DN where the LDAP users for Collibra DQ are located; for example, CN=Users. |
| User Search Filter | When set, this LDAP filter is used to locate users at login. This filter is based on your LDAP configurations. |
| Group Search Base |
The base DN where all the groups are located. Note This field applies only to LDAP configurations. |
| Group Search Filter |
LDAP filter used to narrow down group objects located under a base DN. Default: (&(objectclass=group)) Note This field applies only to LDAP configurations.
|
| Bind User | DN of an admin user that is used for authentication; for example, [email protected]. |
| Bind Password | Password of an admin user for the bind account. |
