A customer had the following scenario:
- Users are managed in an LDAP directory
- they are synced via a customized application in to Project Server 2007
- they authenticate via Form Based Authentication
- but users cannot access DataAnalysis views in Project Web Access (PWA)
The reason is when you open the DataAnalysis page in PWA your client communicates directly to Analysis Services.
With Windows Integrated Authentication users with permissions to view DataAnalysis in PWA are granted the appropriate rights to connect to Analysis Services.
But LDAP users don’t have an Active Directory account ….
The solution is: HTTP Pump (which reminds me to one famous Aerosmith album …)
Let’s see how we get this running.
I already extended my PWA web application for using forms authentication, if you haven’t done this yet, do it now.
After that the web applications in IIS look like the following:
In my case:
- The URL for Active Directory users is: http://win2008/pwa
- The URL for Forms Authentication (LDAP) users is: http://pwafba/pwa
To configure HTTP Pump there is an excellent blog for Windows Server 2008 and SQL Server 2008, so read and do this first:
I created the application for OLAP HTTP Pump (named olap on my screenshot above) under the original web application for PWA (the one with windows integrated authentication).
The application pool for the olap web application runs under a specific domain account that has access to the analysis services. If this authentication fails you get this DSO connection string error in PWA when creating the cube:
Error: The connection string to repository Needs To Be Specified in the 9.0 server properties (see <DSO> … </ DSO> section in msmdsrv.ini file from Analysis Services 9.0
In the authentication settings for the olap application I activated the anonymous authentication and used the application pool identity for logon:
So after that the URL for my new “Analysis Server” is http://win2008/olap/msmdpump.dll. If you can open this URL (without the dll at the end) it should be fine with authentication.
Now how to tell Project Server?
We have to change the standard Analysis Services server and create a new cube.
Open the cube generation settings in PWA and use the URL to your olap pump as the server name and the extranet-URL.
In my case http://win2008/olap/msmdpump.dll
Give the Analysis Services database a name and hit save and create.
If the cube generation finished logon as an admin (or an account that has rights to create views) via Forms Authentication and create a new data analysis view:
As you can see the standard server for analysis services is now the msmdpump.dll and you have access to your cubes.
So access to DataAnalysis views works also for non AD users.