A cluster can contain one or more volumes, with 1000 volumes as a practical limit. Creating more than 1000 volumes can cause instability in the iHub system.
For each volume, there is one database schema and one or more storage areas. The metadata database contains volume metadata, such as user and user group information. The storage area or areas contain volume consumable data, such as BIRT document content. When adding a volume, properties the system administrator specifies include schema name, storage area or areas, and the database user and password with which to connect to the metadata database.
A single BIRT iHub cluster can use only one security mechanism. For example, if the system administrator wants to use iHub User Management (default) as the user management setting for one volume and LDAP/Active Directory Adapter as the user management setting for a second volume, the system administrator must create a cluster for each volume. For more information on the user management setting, see Configuring User Management.
Actuate recommends enabling e-mail notification before creating a new volume if you have not already enabled e-mail notification. You need e-mail notification enabled to successfully perform the following tasks:
Create a volume, if also specifying an e-mail address for the volume administrator
Edit an existing volume and selecting to reset the password
If you have not enabled e-mail notification, System Console displays an error message and cannot complete these tasks. For information on enabling e-mail notification, see Enabling e-mail notification.
This section demonstrates adding an example volume named sales_volume in the process of creating a two-node cluster.
How to add a volume
1 Actuate recommends enabling e-mail notification. For information on enabling e-mail notification, see Enabling e-mail notification.
2 Create a new folder at the location where you want to store the volume data. For example, create a new folder in AC_SHARED_HOME named sales_storage. In a default BIRT iHub installation on Windows, performed using the installer, in which the install folder is C:\Actuate3, the path for AC_SHARED_HOME\sales_storage is:
Do not reuse a storage location for a new volume. For example, if AC_SHARED_HOME\sales_storage was the storage folder for a previously existing volume, create a storage location for the new volume that has a path other than AC_SHARED_HOME\sales_storage. System Console accepts the use of a subfolder of AC_SHARED_HOME\sales_storage, such as AC_SHARED_HOME\sales_storage\sales_storage_2.
4 On Volumes, choose Add Volume, as shown in Figure 7‑19.
Figure 7‑19 Choosing Add Volume
5 Configure the following properties on Add Volume. Figure 7‑20 shows the property values for an example volume, sales_volume. An asterisk (*) next to the property name means the property is required.
Volume Name
Type a name for the volume.
Description
Type a description for the volume.
Volume Administrator Email
Type the e-mail address of the volume administrator. When you create a volume, System Console sends a notification e-mail containing the volume password to this address if you have enabled e-mail notification. For more information, see Enabling e-mail notification. If you leave Volume Administrator Email blank, BIRT iHub does not create a password for accessing the new volume in Information Console. The BIRT iHub default user, Administrator, can log in to Information Console to access the new volume without using a password. Then, in Information Console, the administrator can choose My Profile and create a new password for accessing the volume.
Schema Name
Type a name for the volume schema that is 30 characters or less. BIRT iHub creates the volume and the volume schema at the same time.
Create New Schema
Select this property except under either of the following conditions:
You have already populated the schema using the Volume Data Store Administrator utility.
You are adding a volume for which the schema is already populated and the storage location already contains files.
Tablespace
Type the name of a tablespace for the volume schema. Alternatively, leave Tablespace blank to use the default tablespace.
DBA User
Type the name of the postgreSQL superuser, postgres.
DBA password
Type the postgreSQL superuser password. By default, the password is postgres.
Storage Location
Type the path of the volume storage folder you created in step 2, using UNC format. UNC format supports all nodes in the cluster finding this folder. The path you type is the path that appears as the Network Path in Properties—Sharing for the storage folder after sharing it. In this example, the sales_storage folder is on a machine named URUP.
Organization ID
Type an alphanumeric character string for the Organization ID. The LDAP adapter and RSSE implementation use the Organization ID to filter users and user groups. Alternatively, leave Organization ID blank. For more information on Organization ID, see Managing volume access by users and user groups when using LDAP.
Encryption Key for Storage
Type the name of the Encryption key. Alternatively, leave Encryption Key blank.
On Add Volume, choose OK.
Figure 7‑20 Adding a volume
If e-mail notification is enabled, BIRT iHub sends an e-mail notifying the volume administrator that BIRT iHub has created the volume. The e-mail contains the password with which to log in to Information Console to access sales_volume, as shown in Figure 7‑21.
Figure 7‑21 Viewing the notification e-mail that the volume is created
6 On Volumes, left-click the arrowhead icon next to the new volume name and choose Enable, as shown in Figure 7‑22.
Figure 7‑22 Viewing the new volume in the list on Volumes
Adding a storage location
The system administrator can add a storage location for a volume. A single volume can use a maximum of 10 storage locations.
How to add a storage location for an existing volume
1 Create a new folder at the location where you want to add storage. Do not use a storage location that a volume has used previously. The path of the storage location must be new.
3 On Volumes, in the Storage Status column, left-click the plus sign (+) in the row containing the name of the volume for which you want to add storage.
4 In Add Storage, specify the new storage location in Storage Location using UNC format, as shown in Figure 7‑23. Choose OK.
Figure 7‑23 Adding a storage location for a volume
Updating a storage location
The system administrator can create a new storage folder for a volume, relocate the volume data to the new folder, then update the volume storage location using System Console.
How to update a storage location
1 Create a new folder for the volume.
2 Copy the contents of the old folder to the new folder.
1 Left-click the arrowhead icon next to the volume name and choose Disable, as shown in Figure 7‑24. Confirm that you want to disable the volume.
Figure 7‑24 Disabling the volume
On Confirmation, choose OK to confirm that you want to disable the volume.
2 Left-click the arrowhead icon in the Storage Status box for the volume and choose Set Read Only, as shown in Figure 7‑25.
Figure 7‑25 Setting a volume to Read Only status
On Confirmation, choose OK to confirm that you want to change the status of the volume to Read Only.
3 Left-click the arrowhead icon in the Storage Status box for the volume and choose Edit.
4 In Edit Storage, specify the path of the new storage folder using UNC format, as shown in Figure 7‑26. Choose OK.
Figure 7‑26 Specifying the new storage location
5 Left-click the arrowhead icon in the Storage Status box for the volume and choose Set Read/Write. On Confirmation, choose OK to confirm that you want to change the Volume status to Read/Write.
6 Left-click the arrowhead icon next to the volume name and choose Enable. On Confirmation, choose OK to confirm that you want to enable the volume.
5 Log in to Information Console and ensure that the contents of the volume appear.
6 Delete the old volume storage folder.
Removing a storage location
If you want to remove a storage location from a volume, please contact Actuate Support. They will ensure that you remove the storage location without any loss of data.
Understanding the volume menu
Left-click the arrowhead icon next to a volume name to display a menu containing the following options:
Edit
Supports changing the following volume properties:
Description
Organization ID
Encryption Key for Storage
Delete
Deletes the volume. Delete is a menu option only when the volume is offline.
Enable or Disable
Brings the volume online and takes it offline. If the status of the volume is Enabled, the menu option is Disable. If the status of the volume is Disabled, the menu option is Enable.
Monitoring
Displays a link named Server Resource. Choose Server Resource to open a new browser window, in which System Console uses Actuate Viewer to display a chart showing the last 48 hours of activity on this volume for each of the following statistics.
Response Time (milliseconds)
Number of Alerts
Viewing metadata database properties
Metadata Database displays properties for the database storing volume metadata. BIRT iHub supports storing volume metadata in one of the following databases:
The default PostgreSQL database that installs with BIRT iHub
A pre-existing PostgreSQL database
A pre-existing Oracle database
By default, BIRT iHub stores volume metadata in the PostgreSQL database that installs with BIRT iHub. Figure 7‑27 shows the following properties for the default PostgreSQL database, installed on a machine named urup.
Database Type
Type of database BIRT iHub is using for volume metadata. Can be PostgreSQL or Oracle.
Test Connection
Choose Test Connection to test the connection to the database.
Database server
Host name of the machine containing the database.
Database port
The default port number for the default PostgreSQL database is 8433.
Database name
Name of the database. The name of the default database is ihub.
Encryption Method
The default value is noEncryption. The channel between BIRT iHub and the metadata database passes unencrypted data.
Schema Name
Name of the volume schema. The name of the default volume schema is ac_cluster.
Username
Database user name. The name of the default user is ihub.
Change Password
Choose Change Password to change the database user name password.
System Console monitors a range of activity, conditions, and resources in a BIRT iHub System. An attribute identifies a monitored item. The system administrator can create an alert for any system attribute. Alerts supports the system administrator performing the following operations:
Viewing the list of alerts
Adding an alert
Editing an alert
Disabling and enabling an alert
Deleting an alert
The following sections describe these operations.
Viewing the list of alerts
View the list of alerts by choosing Alerts from the side menu, as shown in Figure 7‑29. An alert contains the following information:
Figure 7‑29 Viewing the list of alerts
Alert name
Name of the alert
Attribute
Name of the attribute identifying the item BIRT iHub monitors
Condition
Condition determining whether a monitored item reaches the alert threshold
Threshold
Limit that when met, triggers an alert
Enable
True if the alert is enabled, false if the alert is disabled
Email
E-mail address to send notification of an alert
Message
Message System Console sends when an alert occurs
Adding an alert
When adding an alert, the system administrator selects an attribute name from a list, and sets a threshold value that, when reached, causes System Console to trigger an alert. Monitoring displays the alert, and System Console sends an e‑mail to the address the system administrator specifies. The e-mail notifies the recipient that the monitored attribute for the item has met the specified value.
The value for Threshold that the system administrator specifies for most Alert attributes is a number from 0 (zero) to 100. For these Alert attributes, the administrator can specify one of the following values for determining whether the condition which triggers an alert has been met:
equal to (=)
greater than (>)
greater than or equal to (>=)
less than (<)
less than or equal to (<=)
For the remainder of the Alert attributes, the administrator specifies a string value for Threshold and a condition value of equal to (=).
Table 7‑2 displays the Condition and Threshold values that the administrator can specify for Alert attributes.
Table 7‑2 Alert attribute Condition and Threshold values
Alert attribute name
Threshold value data type
Permissible values for Condition
Permissible values for Threshold
Encyclopedia service status on server
String
=
ONLINE, OFFLINE
Factory service status on server
String
=
ONLINE, OFFLINE
Integration service status on server
String
=
ONLINE, OFFLINE
Server needs restart
String
=
YES, NO
Server status
String
=
ONLINE, OFFLINE
View service status on server
String
=
ONLINE, OFFLINE
Volume status
String
=
ONLINE, OFFLINE, ERROR
All other Alert attributes
Numeric
=, >, >=, <, <=
Any number from 0 through 100
This following section demonstrates adding an alert on the system attribute named Percent of server RAM used (MB).
How to add an alert
1 Choose Alerts from the Clusters side menu.
2 Choose Add Alert.
3 On Add Alert, perform the following tasks, as shown in Figure 7‑30. An asterisk (*) next to the property name means the property is required.
1 In Attribute Name, select an attribute.
2 In Condition, select a condition by which System Console determines whether the monitored item has reached the threshold.
3 In Threshold, specify a value that triggers an alert when reached.
4 In Email, specify an email address where System Console sends notification of an alert. You must enable e-mail notification. For more information, see Enabling e-mail notification.
5 In Message, type a message to display on Monitoring and to include in the notification e-mail when an alert is triggered, such as ‘Number of jobs running on the volume has reached the specified limit’.
6 In Alert Name, type a name for the alert. Choose OK.
Figure 7‑30 Adding an alert
Enabling e-mail notification
System Console supports e-mail notification when the following events occur:
The system administrator creates another system administrator.
The system administrator creates a volume.
System Console triggers an alert.
Information Console supports e-mail notification when a scheduled job completes.
To enable e-mail notification when System Console or Information Console is installed on a Windows machine, the administrator modifies acserverconfig.xml, the configuration file that all cluster nodes share, adding properties that support e-mail notification.
E-mail notification is enabled on a Linux machine if Sendmail is running on the machine, and the Linux administrator has set any necessary privileges for using Sendmail. It is not necessary to modify acserverconfig.xml to enable e-mail notification when running System Console or Information Console on a Linux machine.
How to enable e-mail notification
The procedure in this section is necessary only if System Console or Information Console runs on a Windows machine.
1 On Clusters, choose to edit the cluster for which you want to enable e-mail notification.
2 Stop the cluster by performing the following steps:
1 Choose Cluster Configuration from the side menu.
2 On Cluster Configuration, left-click the cog icon and choose Stop Cluster from the Manage Cluster menu.
3 Choose Refresh from the Manage Cluster menu. When all the services icons have turned red, continue to the next step.
3 Using Windows Explorer, navigate to AC_CONFIG_HOME. For example, if the system administrator created a folder for the shared configuration directory named config_cluster, then in a default BIRT iHub installation on Windows, performed using the installer, in which the install folder is C:\Actuate3, AC_CONFIG_HOME represents the following path:
Create a backup copy of acserverconfig.xml. Then, open acserverconfig.xml in a text editor. In acserverconfig.xml, navigate to the following string:
<SMTPServers/>
Create a child element of <SMTPServers> named <SMTPServer>. Using the following lines as an example, provide values for the attributes of the <SMTPServer> element:
<SMTPServers>
<SMTPServer
Name="mailhost.actuate.com"
SenderName="Notifications"
SMTPHostName="mailhost.actuate.com"
SenderAddress="support@actuate.com"/>
</SMTPServers>
The <SMTPServers> element appears in acserverconfig.xml as shown in Listing 7‑1.
Listing 7‑1 acserverconfig.xml with configured <SMTPServer> element
4 Start the cluster by performing the following steps:
1 Choose Cluster Configuration from the side menu.
2 In System Console, on Clusters—Cluster Configuration, left-click the cog icon and choose Start Cluster from the Manage Cluster menu.
3 Choose Refresh from the Manage Cluster menu. When all the services icons have turned green, the cluster is back online.
5 If your anti-virus software prevents processes from sending e-mail, you must disable the blocking of alert notification e-mails. Configure your anti‑virus software to allow processes such as java.exe, LMServer.exe, ihub.exe, and ihubc.exe to send e-mail.
6 Verify that you are receiving e-mail notification by performing any one of the following tasks. Completion of any of these tasks prompts System Console to send an e-mail notification.
Schedule a job in Information Console to run immediately. For more information, see Chapter 3, “Scheduling and Managing Jobs,” in Using Information Console.
Configure an alert. For example, add an alert having the following properties:
Attribute Name: Percent of server RAM used (MB)
Condition: Greater than or equal to
Threshold: 0 (zero)
For more information on configuring an alert, see Adding an alert.
Editing, deleting, disabling, and enabling an alert
Choose the icon next to an alert on Clusters—Alerts to access the alert menu. This menu contains the following options, as shown in Figure 7‑31:
Edit
Edit the alert.
Delete
Delete the alert.
Disable
If the alert is enabled, the menu contains Disable. If the alert is disabled, the menu contains Enable.
Figure 7‑31 Viewing the alert
When editing an existing alert, the system administrator can change any value except the attribute name and the alert name.
How to edit an alert
1 Point to the icon next to the name of an alert and choose Edit.
2 On Edit Alert, modify any properties as necessary, as shown in Figure 7‑32. Choose OK.
Figure 7‑32 Editing an alert
How to delete an alert
Point to the icon next to the name of an alert and choose Delete.
How to disable or enable an alert
Disable an enabled alert by left-clicking the icon next to the name of an enabled alert and choosing Disable.
Enable a disabled alert by left-clicking the icon next to the name of an disabled alert and choosing Enable.
Configuring Single Sign-On
Choose Single Sign-On to view the SAML identity and service provider information for the nodes in the cluster and optionally, to add a service provider, as shown in Figure 7‑33. Service provider information for a cluster node becomes visible to the cluster when the node joins the cluster.
Figure 7‑33 Choosing iHub User Management
Viewing the information in SAML Identity Provider (IdP) for this cluster
SAML Identity Provider (IdP) for this cluster specifies the following Security Assertion Markup Language (SAML) information:
Entity ID
The identity provider identifier. This is the value of the entityID attribute in the <EntityDescriptor> element in the identity provider metadata.
Metadata URI
The identifier for the identity provider metadata.
Metadata path
The path to the identity provider metadata on disk.
Viewing and adding service provider information
Service Provider Information displays the information for each service provider on each node in the cluster. The system administrator can also add additional service providers using Add Service Provider.
By default, each node uses the iportal service provider, which provides access to Information Console.
Choose the icon next to the service provider URL to view the following information for the service provider:
Entity ID
The service provider identifier. This is the value of the entityID attribute in the <md:EntityDescriptor> element in the service provider metadata.
Server URL
The URL of the login for a service provider. To enable https, set up a proxy that has https enabled.
Metadata path
The path of the metadata file for this service provider.
Metadata URI
The URI for the metadata for this service provider.
ACS Post URL
The URL for ACS Post.
Choose Add Service Provider to specify these properties, as shown in Figure 7‑34.
Server URL
The URL for the service provider
Entity ID
The service provider identifier
Figure 7‑34 Specifying Service Provider information
Configuring User Management
The system administrator specifies settings for managing user authentication and authorization on User Management. Select among the following ways that BIRT iHub manages users for this cluster:
iHub User Management (default)
LDAP/Active Directory Adapter
RSSE SOAP Service
iHub User Management is the default setting and requires no action.
Configuring LDAP/Active Directory Adapter
Choose LDAP/Active Directory Adapter to configure settings for user management using an LDAP server. Settings for LDAP/Active Directory Adapter are grouped into the following sections:
Search setting
LDAP connection settings
LDAP Performance Settings
LDAP Mapping
The following sections describe these property groups.
About Search setting
Search setting contains one property, Search Cache Only. Cache Only restricts any search for users and user groups that BIRT iHub performs to the open security cache, with the exception of user authentication. When performing user authentication, BIRT iHub always searches the external security source, such as the LDAP server. Searching the cache only improves performance because data retrieval from the cache is faster than from the external data source.
A user sync thread runs in the background, and refreshes the cache automatically, at an interval that the Performance Settings—Cache Timeout property specifies. To prevent BIRT iHub from refreshing the cache, set Performance Settings—Cache Timeout to -1 to prevent a user from ever expiring. If you want BIRT iHub to refresh the cache, Actuate recommends setting Performance Settings—Cache Timeout to 1440 minutes, which is 24 hours, or more, instead of the default 60 minutes.
To use the Search Cache Only feature, create a script that sends the SOAP request that executes the caching operation, an example of which is shown in Listing 7‑2. For more information, see “Chapter 24, Actuate Information Delivery API operations,” in Integrating Applications into BIRT iHub.
Listing 7‑2 The SOAP request for the operation that loads the cache
Perform this operation immediately after installing BIRT iHub, to load the open security cache. Subsequently, perform the operation to refresh the cache when information in the external data source has changed.
Actuate recommends selecting Search Cache Only only if you have a large number of users or user groups, when using the feature makes enough of a difference in performance to warrant the management task of refreshing the cache.
Configuring LDAP connection settings
Configure LDAP Connection settings to connect to the LDAP or Active Directory server by providing values for each of the following settings in LDAP Connection settings, as shown in Figure 7‑35. An asterisk next to the property name indicates that this property is required. Choose Test Connection to test the connection to the LDAP server after setting all the values in LDAP connection settings. A message displays, indicating whether the connection is successful.
LDAP Server
Name of the machine hosting the LDAP or Active Directory server. BIRT iHub must be able to resolve this name. For example, when using an LDAP server, specify:
ldap.company.com
For an Active Directory server, an example value is:
ad.company.com
LDAP Port
Port on which the LDAP or Active Directory server listens. Whether using an LDAP server or an Active Directory server, the default port is:
389
For an LDAP server with SSL (LDAPS), the default port is:
636
User DN
Distinguished name of the user that can log in to the LDAP or Active Directory server. The distinguished name with which BIRT iHub binds to the LDAP server. For example, when using an LDAP server, specify:
ou=Engineering,dc=company,dc=com
For an Active Directory server, an example value is:
user@company.com
Password
Password for the LDAP or Active Directory server.
SSL
Enables connecting to an LDAP server or an Active Directory server with SSL. An out-of-the-box (OOTB) BIRT iHub installation only connects to an LDAP or Active Directory server that has a signed certificate. To connect to a server without a signed certificate, use the Java keytool utility to add that certificate as a trusted certificate. For information on using the Java keytool utility, see:
Supports an LDAP implementation using Active Directory. Select if implementing LDAP using Active Directory.
Recursive Groups
Supports nested group membership. Leave this property deselected if not using an Active Directory LDAP implementation.
Figure 7‑35 Configuring LDAP connection settings
Configuring LDAP Performance Settings
Choose LDAP Performance Settings to set the following properties, as shown in Figure 7‑36. An asterisk next to the property name indicates that this property is required.
Timeout
The number of milliseconds before the time to perform an LDAP operation expires.
Maximum Pool Size
The maximum number of connections per connection identity that can be maintained concurrently.
Fetch Limit
The maximum number of entries to be returned from the directory.
Preferred Pool Size
The preferred number of connections per connection identity to maintain concurrently.
Cache Timeout
The number of minutes before BIRT iHub deletes cached data.
Configure LDAP Mapping to map BIRT iHub user data to the LDAP or Active Directory server by providing values for each of the following settings in LDAP Mapping, as shown in Figure 7‑37. An asterisk next to the property name indicates that this property is required.
Figure 7‑37 Configuring LDAP Mapping
Prefix
For simple authentication, a string value that LDAP prepends to the name with which the user logs on to the server. For LDAP servers requiring distinguished name (DN) login, set this property to the appropriate value, followed by an equal sign (=). For example, specify:
uid=
When using an Active Directory server, leave Prefix blank.
Suffix
For simple authentication, a string value that LDAP appends to the name with which the user logs on to the server. For LDAP servers requiring distinguished name (DN) login, set this property to the appropriate chain of values, preceded by a comma (,). For example, specify:
,ou=company users,dc=company,dc=com
When using an Active Directory server, which requires logging in with an e‑mail address, set Suffix to @ followed by the domain name of the Active Directory. For example, specify:
@company.com
User Base DN
The root of the tree that BIRT iHub searches for user information. A user name must be unique for each distinguished name BIRT iHub searches. Separate multiple distinguished names with a semicolon. For example, when using an LDAP server, specify:
Attribute that specifies the user login name. Cannot contain a space. For example, when using an LDAP server, specify:
uid
When using an Active Directory server, specify:
sAMAccountName
Note that if the LDAP or Active Directory server contains a user login name longer than 255 characters, BIRT iHub reads only the first 255 characters. User login names longer than 255 characters are not supported.
User Full Name Attribute
Attribute that specifies the user’s full name. For example, when using an LDAP server, specify:
cn
or:
displayName
When using an Active Directory server, specify:
cn
User Description Attribute
Attribute specifying a description of the user. For example, whether using an LDAP server or an Active Directory server, specify:
description
User Object
LDAP object class for users. For example, when using an LDAP server, specify:
person
When using an Active Directory server, specify:
user
User Search Filter
Use this property to identify which users can access BIRT iHub. Use the format appropriate to the indicated provider. For example, create a group for BIRT iHub users on your LDAP server. Then, specify this group as a filter to ensure that BIRT iHub imports only users belonging to the group of BIRT iHub users. For example, when using an LDAP server, specify:
cn=birtUsers
When using an Active Directory server, an example value is:
Be aware that for a distinguished name containing one or more special characters, LDAP stores the distinguished name with any special characters escaped with a backslash, so you must also escape any special character in the value you specify for User Search Filter with a backslash. For more information, see About searching when Active Directory implements LDAP.
Email Attribute
Attribute that stores a user’s e-mail address. For example, whether using an LDAP server or an Active Directory server, specify:
mail
Group Base DN
The root of the tree that BIRT iHub searches for user group information. Separate multiple distinguished names with a semicolon. For example, when using an LDAP server, specify:
The LDAP Role Member attribute. BIRT iHub uses this attribute to find a user in a group. Groups use this attribute to name a user to a group. For example, when using a Sun Directory LDAP server, specify:
uniqueMember
When using an Active Directory server, specify:
member
Member ID Type
The LDAP Role Member. Specifies the type of a member in a group. Whether using an LDAP server or an Active Directory server, specify the type as:
DN
or:
LoginID
Home Folder Attribute
Attribute key that maps to a user’s home folder. For example, when using an LDAP server or an Active Directory server, specify:
companyHomeFolder
When using an Active Directory server, leave this property blank.
Default Home Folder
Value that specifies the default parent folder of a user’s home folder.
If no Home Folder Attribute exists, BIRT iHub uses this property to construct the user's home folder. For example, whether using an LDAP server or an Active Directory server, specifying /home results in a home folder of /home/bHill for a user named bHill.
User Volume Filter Attribute
Specifies an attribute, for example, employeeType, that BIRT iHub uses to determine which users have access to a volume. Requires the Multi-Tenant license option. For more information, see Managing volume access by users and user groups when using LDAP.
Group Volume Filter Attribute
Specifies an attribute, for example, businessType, that BIRT iHub uses to determine which user groups have access to a volume. Requires the Multi-Tenant license option. For more information, see Managing volume access by users and user groups when using LDAP.
“Admin” Group
Specifies the name of a group of users to whom BIRT iHub gives Administrator-level privileges in Information Console. When using an LDAP or Active Directory server for user management, BIRT iHub does not use the default Administrators user group in Information Console—iHub Administration. For example, whether using an LDAP server or an Active Directory server, specify:
Managing volume access by users and user groups when using LDAP
The LDAP mapping attribute User Volume Filter Attribute identifies the users that can access a particular volume. The LDAP mapping attribute Group Volume Filter Attribute identifies user groups that can access a particular volume.
Whether using an LDAP server or an Active Directory server, the value the system administrator specifies for User Volume Filter Attribute is the name of an attribute having a value that is shared by a group of users to which the system administrator wants to give access to a particular volume. The system administrator specifies this attribute value for the Organization ID when creating a volume.
As an example, employeeType is an attribute for a user on an LDAP or Active Directory server. All users for which the value of employeeType is Sales can access a volume having an Organization ID of Sales.
Likewise, the value the system administrator specifies for Group Volume Filter Attribute is the name of an attribute having a value that is shared by a group of user groups to which the system administrator wants to give access to a particular volume. The system administrator specifies this attribute value for the Organization ID when creating a volume.
As an example, businessType is an attribute for a user group on an LDAP or Active Directory server. All user groups for which the value of businessType is Insurance can access a volume having an Organization ID of Insurance.
Multiple volumes can have the same Organization ID. When creating a volume, Organization ID can be only one value. If the system administrator specifies both User Volume Filter Attribute and Group Volume Filter Attribute, and on the LDAP or Active Directory the value for these two attributes is the same for a given user and user group, and the system administrator specifies this value as the Organization ID when creating a volume, both the user and the user group can access the volume.
As an example, the system administrator specifies employeeType for User Volume Filter Attribute and businessType for Group Volume Filter Attribute. If the value for each of these attributes is Sales, and the system administrator specifies Sales for the Organization ID when creating a volume, then the users for which the value of EmployeeType is Sales and the user groups for which the value of businessType is Sales can access the volume.
If the LDAP server is shut down or restarted, the volume associated with the LDAP server is disabled. When the LDAP server is back online, the system administrator must log in to System Console to re-enable the volume. Users do not have access to the volume until it is re-enabled.
About searching when Active Directory implements LDAP
Active Directory requires that the following characters be escaped with a backslash (\) if used in a Distinguished Name (DN):
Comma (,)
Backslash character (\)
Pound sign (#)
Plus sign (+)
Less than symbol (<)
Greater than symbol (>)
Semicolon (;)
Double quote (")
Equal sign (=)
Leading or trailing spaces
If any of these characters appear in a component of a DN, Active Directory stores the character escaped. For example, Active Directory stores the following DN:
memberOf=CN=\#QA,CN=Users,DC=actuate,DC=com
For Active Directory to recognize this DN in a search, you must escape the backslash escape character with another backslash. The following example query returns the users belonging to the #QA group:
memberOf=CN=\\#QA,CN=Users,DC=actuate,DC=com
Configuring RSSE SOAP Service
Choose RSSE SOAP Service to configure and view properties for user management using a RSSE web service application for a volume. RSSE SOAP Service is an appropriate choice if you manage user information using an external data source that does not implement LDAP. Configure the following properties for RSSE SOAP Service, as shown in Figure 7‑38:
Search setting
Contains Search Cache Only. Restricts searching to only the BIRT iHub metadata database
RSSE SOAP service settings
Contains the following properties:
Server Name
Machine name of the server that runs the RSSE web service.
Port Number
Port number for the RSSE web service.
Context Path
Specifies the location of the RSSE web service for BIRT iHub to use when sending messages to the web service. The path for the default volume is /acrsse/servlet/AxisServlet.
Cache Timeout
Number of minutes before BIRT iHub deletes cached data.
Figure 7‑38 Configuring security settings
Updating the license
Each BIRT iHub cluster uses a separate BIRT iHub license. Choose License to view the license options or update the license, as shown in Figure 7‑39.
Figure 7‑39 Choosing License
Choose Update License to browse for and select the license file, as shown in Figure 7‑40.
Create a volume, if also specifying an e-mail address for the volume administrator
