Upload
narayana-reddy-a
View
221
Download
0
Embed Size (px)
Citation preview
8/6/2019 OBIEE Security Enforcement-LDAP Authentication
1/9
OBIEE Security Enforcement LDAP Authentication
Authentication in OBIEE
Some authentication methods used by Oracle BI server are
1. D atabase2. LDAP 3. Oracle BI server (repository users) I do not recommend this method for medium to
large implementations. It will be difficult to manage.
I will discuss on setting up L DAP in this article.
Setting up LDAP or Windows ADSI in OBIEEM icrosoft AD SI ( A ctive D irectory Service Interface) is M icrosoft version of L DAP server. M ostof the steps to setup of either M icrosoft AD SI or L DAP server are similar. In either case, youwould need help from your network security group/admin to configure L DAP . They should
provide you with the following information regarding the L DAP server
1. LDAP server host name2. LDAP Server port number 3. Base DN 4. Bind DN 5. Bind P assword6. LDAP version7. D omain identifier, if any8. User name attribute type (in most cases this is default)
R egistering an LDAP server in OBIEE
In Oracle BI repository, go to manage security.
8/6/2019 OBIEE Security Enforcement-LDAP Authentication
2/9
Create a new L DAP server in OBIEE Security M anager
With the help from your network security group/administration, fill out the followinginformation
8/6/2019 OBIEE Security Enforcement-LDAP Authentication
3/9
N ext in the A dvanced tab, based on the kind of L DAP server you have and its configuration,make the necessary changes.
For M icrosoft AD SI ( A ctive D irectory Service Interface), choose AD SI and for all others leave itunchecked.
M ost of the times, Username attribute would be automatically generated. For M icrosoft AD SI Itis s A M A ccount N ame; for most of the L DAP servers it is uid or cn. Check with your network
security group/administrator on what is the username attribute for your L DAP server. M ake anote of the user name attribute you will need it later.
8/6/2019 OBIEE Security Enforcement-LDAP Authentication
4/9
N ow we need to create an A uthentication initialization block. In administration tool, under M anage go to Variables.
Under A ction, go to N ew -> Session -> Initialization Block
8/6/2019 OBIEE Security Enforcement-LDAP Authentication
5/9
Configure the session initialization block. Give it a name and click on Edit D ata Source. In the pop up window, choose L DAP from the drop down box and then click on Browse. You can alsoconfigure a L DAP server here by clicking on N ew. In the browse pop up window choose theLDAP server you would like to use.
8/6/2019 OBIEE Security Enforcement-LDAP Authentication
6/9
N ext we need to create variables. User and Email are the common variables normally in play.
8/6/2019 OBIEE Security Enforcement-LDAP Authentication
7/9
8/6/2019 OBIEE Security Enforcement-LDAP Authentication
8/9
Upon clicking on OK, a warning pops up on the usage of User session variable (User sessionvariable has a special purpose. A re you sure you want to use this name). Click yes.
N ext enter the L DAP variable for username. s A M A ccount N ame in the case of AD SI asconfigured in the L DAP .
N ext following similar steps create a variable for Email. In addition, depending on you need, youcan bring additional variables from the L DAP server.
8/6/2019 OBIEE Security Enforcement-LDAP Authentication
9/9
N ow bounce your services.