P. 1
OBIEE Security Enforcement-LDAP Authentication

OBIEE Security Enforcement-LDAP Authentication

|Views: 9|Likes:
Published by Narayana Reddy A

More info:

Published by: Narayana Reddy A on May 29, 2011
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as DOCX, PDF, TXT or read online from Scribd
See more
See less





OBIEE Security Enforcement ± LDAP Authentication Authentication in OBIEE

Some authentication methods used by Oracle BI server are 1. Database 2. LDAP 3. Oracle BI server (repository users) ± I do not recommend this method for medium to large implementations. It will be difficult to manage. I will discuss on setting up LDAP in this article.

Setting up LDAP or Windows ADSI in OBIEE
Microsoft ADSI (Active Directory Service Interface) is Microsoft version of LDAP server. Most of the steps to setup of either Microsoft ADSI or LDAP server are similar. In either case, you would need help from your network security group/admin to configure LDAP. They should provide you with the following information regarding the LDAP server 1. 2. 3. 4. 5. 6. 7. 8. LDAP server host name LDAP Server port number Base DN Bind DN Bind Password LDAP version Domain identifier, if any User name attribute type (in most cases this is default)

Registering an LDAP server in OBIEE
In Oracle BI repository, go to manage security.

Create a new LDAP server in OBIEE Security Manager With the help from your network security group/administration. fill out the following information .

for most of the LDAP servers it is uid or cn. . make the necessary changes. Check with your network security group/administrator on what is the username attribute for your LDAP server. For Microsoft ADSI (Active Directory Service Interface).Next in the Advanced tab. For Microsoft ADSI It is sAMAccountName. Make a note of the user name attribute you will need it later. Username attribute would be automatically generated. based on the kind of LDAP server you have and its configuration. Most of the times. choose ADSI and for all others leave it unchecked.

under Manage go to Variables. In administration tool.Now we need to create an Authentication initialization block. go to New -> Session -> Initialization Block . Under Action.

Give it a name and click on Edit Data Source. In the pop up window. You can also configure a LDAP server here by clicking on ³New´. .Configure the session initialization block. In the browse pop up window choose the LDAP server you would like to use. choose LDAP from the drop down box and then click on Browse.

Next we need to create variables. . User and Email are the common variables normally in play.


Next enter the LDAP variable for username. a warning pops up on the usage of User session variable (User session variable has a special purpose. depending on you need. sAMAccountName in the case of ADSI as configured in the LDAP. you can bring additional variables from the LDAP server. . Next following similar steps create a variable for Email. Click yes. Are you sure you want to use this name). In addition.Upon clicking on OK.

.Now bounce your services.

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->