-
8/6/2019 OBIEE Security Enforcement-LDAP Authentication
1/9
OBIEE Security Enforcement LDAP Authentication
Authentication in OBIEE
Some authentication methods used by Oracle BI server are
1. D atabase2. LDAP 3. Oracle BI server (repository users) I do
not recommend this method for medium to
large implementations. It will be difficult to manage.
I will discuss on setting up L DAP in this article.
Setting up LDAP or Windows ADSI in OBIEEM icrosoft AD SI ( A
ctive D irectory Service Interface) is M icrosoft version of L DAP
server. M ostof the steps to setup of either M icrosoft AD SI or L
DAP server are similar. In either case, youwould need help from
your network security group/admin to configure L DAP . They
should
provide you with the following information regarding the L DAP
server
1. LDAP server host name2. LDAP Server port number 3. Base DN 4.
Bind DN 5. Bind P assword6. LDAP version7. D omain identifier, if
any8. User name attribute type (in most cases this is default)
R egistering an LDAP server in OBIEE
In Oracle BI repository, go to manage security.
-
8/6/2019 OBIEE Security Enforcement-LDAP Authentication
2/9
Create a new L DAP server in OBIEE Security M anager
With the help from your network security group/administration,
fill out the followinginformation
-
8/6/2019 OBIEE Security Enforcement-LDAP Authentication
3/9
N ext in the A dvanced tab, based on the kind of L DAP server
you have and its configuration,make the necessary changes.
For M icrosoft AD SI ( A ctive D irectory Service Interface),
choose AD SI and for all others leave itunchecked.
M ost of the times, Username attribute would be automatically
generated. For M icrosoft AD SI Itis s A M A ccount N ame; for most
of the L DAP servers it is uid or cn. Check with your network
security group/administrator on what is the username attribute
for your L DAP server. M ake anote of the user name attribute you
will need it later.
-
8/6/2019 OBIEE Security Enforcement-LDAP Authentication
4/9
N ow we need to create an A uthentication initialization block.
In administration tool, under M anage go to Variables.
Under A ction, go to N ew -> Session -> Initialization
Block
-
8/6/2019 OBIEE Security Enforcement-LDAP Authentication
5/9
Configure the session initialization block. Give it a name and
click on Edit D ata Source. In the pop up window, choose L DAP from
the drop down box and then click on Browse. You can alsoconfigure a
L DAP server here by clicking on N ew. In the browse pop up window
choose theLDAP server you would like to use.
-
8/6/2019 OBIEE Security Enforcement-LDAP Authentication
6/9
N ext we need to create variables. User and Email are the common
variables normally in play.
-
8/6/2019 OBIEE Security Enforcement-LDAP Authentication
7/9
-
8/6/2019 OBIEE Security Enforcement-LDAP Authentication
8/9
Upon clicking on OK, a warning pops up on the usage of User
session variable (User sessionvariable has a special purpose. A re
you sure you want to use this name). Click yes.
N ext enter the L DAP variable for username. s A M A ccount N
ame in the case of AD SI asconfigured in the L DAP .
N ext following similar steps create a variable for Email. In
addition, depending on you need, youcan bring additional variables
from the L DAP server.
-
8/6/2019 OBIEE Security Enforcement-LDAP Authentication
9/9
N ow bounce your services.
