configEntities option
(Options are case sensitive)
Native tsm commandconfigKey
(Used with tsm configuration set command or in the configKeys section of a JSONÂ file)
ScenarioNotes
type N/A wgserver.authenticate AD, LDAP, Local Where you want to store user identity information. Values:local or activedirectory.
If you want to connect to any LDAP server, enter activedirectory.
Values:Â true or false.
Beginning with version 2021.2, this key is set to true by default when Tableau Server is configured to connect to Active Directory. As a result, simple bind to LDAPÂ directory is encrypted when a valid SSL/TLSÂ certificate is present in the Tableau key store. For more information, see Configure Encrypted Channel to LDAP External Identity Store.
This key is set to false by default when Tableau Server is configured to connect to a an arbitrary (but not Active Directory) LDAPÂ server.
This key was introduced (but not set) in version 2021.1.
port N/A wgserver.domain.port AD, LDAP Use this option to specify the non-secure port of the LDAP server. Plaintext is usually 389. domain domain wgserver.domain.default AD In Active Directory environments, specify the domain where Tableau Server is installed, for example, "example.lan".For non-ADÂ LDAP: the string you enter for this value is displayed in the "Domain"Â column of user management tools. You can enter an arbitrary string, but the key cannot be blank.
This key is redundant with wgserver.domain.fqdn. The values for both keys must be the same.
Native tsm command: Uses tsm user-identity-store set-connection [options] command.
username ldapusername wgserver.domain.username AD, LDAP The user name that you want to use to connect to the directory service.The account that you specify must have permission to query the directory service.
For Active Directory, enter the username, for example, jsmith.
For LDAP servers, enter the distinguished name (DN) of the user that you want to use to connect. For example, "cn=jsmith,dc=example,dc=lan".
Native tsm command: Uses tsm user-identity-store set-connection [options] command.
password ldappassword wgserver.domain.password AD, LDAP The password of the user account that you will use to connect to the LDAP server.Native tsm command: Uses tsm user-identity-store set-connection [options] command.
directoryServiceType N/A wgserver.domain.directoryservice.type AD, LDAP The type of LDAP directory service that you want to connect to. Values:activedirectory or openldap. kerberosPrincipal kerbprincipal wgserver.domain.ldap.principal AD, LDAP The service principal name for Tableau Server on the host machine. The keytab must have permission for this principal. Do not use the existing system keytab at /etc/krb5.keytab. Rather, we recommend that you register a new service principal name. To see principals in a given keytab, run the klist -k command. See Understanding Keytab Requirements.
Native tsm command: Uses tsm user-identity-store set-connection [options] command.
hostname hostname wgserver.domain.ldap.hostname AD, LDAP The hostname of the LDAP server. You can enter a hostname or an IP address for this value. The host that you specify here will be used for user/group queries on the primary domain. In the case where user/group queries are in other domains, Tableau Server will query DNS to identify the appropriate domain controller.Native tsm command: Uses tsm user-identity-store set-connection [options] command.
membersRetrievalPageSize N/A wgserver.domain.ldap.members.retrieval.page.size AD, LDAPThis option determines the maximum number of results returned by an LDAPÂ query.
For example, consider a scenario where Tableau Server is importing an LDAP group that contains 50,000 users. Attempting to import such a large number of users in a single operation is not a best practice. When this option is set to 1500, Tableau Server imports the first 1500 users in the first response. After those users are processed, Tableau Server requests the next 1500 users from the LDAPÂ server, and so forth.
We recommend that you modify this option only to accommodate the requirements of your LDAPÂ server.
N/A N/A wgserver.domain.ldap.connectionpool.enabled AD, LDAP When this options is set totrue, Tableau Server will attempt to reuse the same connection when sending queries to the LDAP server. This behavior decreases the overhead of having to re-authenticate with the LDAP server on each new request. Connection pooling only works with simple bind and TSL/SSL bind connections. Connection pooling is not supported for GSSAPI bind connections. N/A N/A wgserver.domain.accept_list AD Allows connection from Tableau Server to secondary Active Directory domains. A secondary domain is one that Tableau Server connects to for user synchronization, but is a domain where Tableau Server is not installed. To ensure that Tableau Server can connect to other Active Directory domains, you must specify the trusted domains by setting the wgserver.domain.accept_list option with TSM. For more information, see wgserver.domain.accept_list. N/A N/A
wgserver.domain.whitelist
ADImportant:Â Deprecated as of version 2020.4.0. Use wgserver.domain.accept_list instead.
Allows connection from Tableau Server to secondary Active Directory domains. A secondary domain is one that Tableau Server connects to for user synchronization, but is a domain where Tableau Server is not installed. To ensure that Tableau Server can connect to other Active Directory domains, you must specify the trusted domains by setting the wgserver.domain.whitelist option with TSM. For more information, see wgserver.domain.whitelist .
kerbconfig
No direct mapping AD, LDAPThe path to the Kerberos configuration file on the local computer. If you are installing into Active Directory, we don't recommend using the existing Kerberos configuration file or keytab file that may already be on the domain-joined computer. See Identity Store
Native tsm command: Uses tsm user-identity-store set-connection [options] command.
kerberosKeytab kerbkeytab No direct mapping AD, LDAPThe path to the Kerberos keytab file on the local computer. It is recommended that you create a keytab file with keys specifically for Tableau Server service and that you do not share the keytab file with other applications on the computer. For example, on Linux, you might place the keytab file in the /var/opt/tableau/keytab directory.
Native tsm command: Uses tsm user-identity-store set-connection [options] command.
nickname N/A wgserver.domain.nickname AD, LDAPThe nickname of the domain. This is also referred to as the NetBIOS name in Windows/Active Directory environments. The nickname option is required for all LDAPÂ entities. The value cannot be null. If your organization does not require a nickname/NetBIOS, then pass a blank key, for example:Â "".
example.lan, the root would be "o=example,u=lan". serverSideSorting N/A wgserver.domain.ldap.server_side_sorting LDAP Whether the LDAP server is configured for server-side sorting of query results. If your LDAPÂ server supports server-side sorting, set this option to true. If you are unsure whether your LDAPÂ server supports this, enter false, as misconfiguration may cause errors. rangeRetrieval N/A wgserver.domain.ldap.range_retrieval LDAP Whether the LDAP server is configured to return a range of query results for a request. This means that groups with many users will be requested in small sets instead of all at once. LDAPÂ servers that support range retrieval will perform better for large queries. If your LDAPÂ server supports range retrieval, set this option to true. If you are unsure whether your LDAPÂ server supports range retrieval, enter false, as misconfiguration may cause errors. bind N/A wgserver.domain.ldap.bind LDAP The way that you want to secure communication to the directory service. Enter simple for LDAP unless you are connecting to an LDAP server with Kerberos. For Kerberos, enter gssapi. N/A N/A wgserver.domain.ldap.domain_custom_ports LDAP
Note: This key is only supported for Tableau Server on Linux.
Allows you to map child domains and their LDAP ports. Domain and port are separated by a colon (:) and each domain:port pair is separated by a comma (,) using this format: FQDN1:port,FQDN2:port
Example: tsm configuration set -k wgserver.domain.ldap.domain_custom_ports -v childdomain1.lan:3269,childdomain2.lan:3269,childdomain3.lan:389
The attribute that stores the distinguished names of users. This attribute is optional, but it greatly improves the performance of LDAP queries.
Important:Â Do not set this option as part of the initial configuration. Only set this after you have validated overall LDAP functionality. You must have a dnAttribute set in your organization before setting this key.
groupBaseDn N/A wgserver.domain.ldap.group.baseDn LDAPUse this option to specify an alternative root for groups. For example, if all of your group are stored in the base organization called "groups," then enter "o=groups".
By Default, Tableau Server will look for "group", "groupOfNames", or "groupOfURLs". If your LDAP group objects do not fit the default class name, override the default by setting this value. You can provide multiple classnames separated by commas.
If your group names include commas, you must escape them with a backslash (\). For example, if you have a group name, groupOfNames, top, then enter "groupOfNames\, top".
Tableau LDAP implementation interprets LDAP objects as either user or group. Therefore, be sure that you are entering the most specific class name. Overlapping class names between users and groups may cause conflicts.
Native tsm command: Uses tsm user-identity-store set-group-mappings [options] command.
groupBaseFilter basefilter wgserver.domain.ldap.group.baseFilter LDAPThe filter that you want to use for groups of users of Tableau Server. You might specify an object class attribute and an organization unit attribute. For example:
"(&(objectClass=groupofNames)(ou=Group))"
If "(&(objectClass=inetOrgPerson)(ou=People))" doesn't work in your LDAPÂ implementation, then specify the base filter that works for your Tableau user base.
This is a required key. It cannot be blank.
Native tsm command: Uses tsm user-identity-store set-group-mappings [options] command.
groupName groupname wgserver.domain.ldap.group.name LDAPThe attribute that corresponds to group names on your LDAP server.
Native tsm command: Uses tsm user-identity-store set-group-mappings [options] command.
groupEmail groupemail wgserver.domain.ldap.group.email LDAPThe attribute that corresponds to group email addresses on your LDAP server.
Native tsm command: Uses tsm user-identity-store set-group-mappings [options] command.
groupDescription description wgserver.domain.ldap.group.description LDAPThe attribute that corresponds to group descriptions on your LDAP server.
Native tsm command: Uses tsm user-identity-store set-group-mappings [options] command.
member member wgserver.domain.ldap.group.member LDAPSpecify the LDAP attribute that contains a list of distinguished names of users that are part of that group.
Native tsm command: Uses tsm user-identity-store set-group-mappings [options] command.
N/A N/A wgserver.domain.ldap.group.memberURL LDAP Specify the name of the LDAP attribute that stores the LDAP query for dynamic groups. userBaseDn N/A wgserver.domain.ldap.user.baseDn LDAP Use this option to specify an alternative root for users. For example, if all of your users are stored in the base organization called "users," then enter"o=users". N/A classnames wgserver.domain.ldap.user.classnames LDAP
By default Tableau Server looks for LDAP user object classes containing the string âuserâ and âinetOrgPersonâ. If your LDAP user objects do not use these default class names, override the default by setting this value. You can provide multiple classnames separated by commas. For example: "userclass1, userclass2".
If your names include commas, you must escape them with a backslash (\). For example, if you have a name, Names, top, then enter "Names\, top".
Native tsm command: Uses tsm user-identity-store set-user-mappings [options] command.
userBaseFilter basefilter wgserver.domain.ldap.user.baseFilter LDAPThe filter that you want to use for users of Tableau Server. You might specify an object class attribute and an organization unit attribute.
For example:
"(&(objectClass=inetOrgPerson)(ou=People))"
Native tsm command: Uses tsm user-identity-store set-user-mappings [options] command.
userUsername ldapusername wgserver.domain.ldap.user.username LDAPThe attribute that corresponds to user names on your LDAP server.
Native tsm command: Uses tsm user-identity-store set-user-mappings [options] command.
userDisplayName displayname wgserver.domain.ldap.user.displayname LDAPThe attribute that corresponds to user display names on your LDAP server.
Native tsm command: Uses tsm user-identity-store set-user-mappings [options] command.
userEmail email wgserver.domain.ldap.user.email LDAPThe attribute that corresponds to user email addresses on your LDAP server.
Native tsm command: Uses tsm user-identity-store set-user-mappings [options] command.
userCertificate certificate wgserver.domain.ldap.user.usercertificate LDAPThe attribute that corresponds to user certificates on your LDAP server.
Native tsm command: Uses tsm user-identity-store set-user-mappings [options] command.
N/A thumbnail wgserver.domain.ldap.user.thumbnail LDAPThe attribute that corresponds to user thumbnail images on your LDAP server.
Native tsm command: Uses tsm user-identity-store set-user-mappings [options] command.
userJpegPhoto jpegphoto wgserver.domain.ldap.user.jpegphoto LDAPThe attribute that corresponds to user profile images on your LDAP server.
Native tsm command: Uses tsm user-identity-store set-user-mappings [options] command.
memberOf memberof wgserver.domain.ldap.user.memberof LDAPGroup that the user is a member of.
Native tsm command: Uses tsm user-identity-store set-user-mappings [options] command.
groupClassNames N/A wgserver.domain.ldap.group.classnames LDAPBy Default, Tableau Server will look for "group", "groupOfNames", or "groupOfURLs". If your LDAP group objects do not fit the default class name, override the default by setting this value.
For configEntity: This option takes a list of strings, which requires passing each class in quotes, separated by a comma (no space) and within brackets. For example: ["basegroup","othergroup"].
For configKey: Enter each class, separated by a comma (no space) and within double quotes. For example: "basegroup,othergroupâ.
By default Tableau Server looks for LDAP user object classes containing the string âuserâ and âinetOrgPersonâ. If your LDAP user objects do not use these default class names, override the default by setting this value.
For configEntity: This option takes a list of strings, which requires passing each class in quotes, separated by a comma (no space) and within brackets. For example: ["userclass1",userclass2â].
For configKey: Enter each class, separated by a comma (no space) and within double quotes. For example: "userclass1,userclass2â.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4