OBIEE Security Enforcement – LDAP Authentication | The Big Data - Business Intelligence by Sandeep Venu

Enter key word

OBIEE Security Enforcement – LDAP Authentication

Authentication in OBIEE
Some authentication methods used by Oracle BI server are
  1. Database
  2. LDAP
  3. Oracle BI server (repository users) – I do not recommend this method for medium to large implementations. It will be difficult to manage.
I will discuss on setting up LDAP in this article.

Setting up LDAP or Windows ADSI in OBIEE
Microsoft ADSI (Active Directory Service Interface) is Microsoft version of LDAP server. Most of the steps to setup of either Microsoft ADSI or LDAP server are similar. In either case, you would need help from your network security group/admin to configure LDAP. They should provide you with the following information regarding the LDAP server
  1. LDAP server host name
  2. LDAP Server port number
  3. Base DN
  4. Bind DN
  5. Bind Password
  6. LDAP version
  7. Domain identifier, if any
  8. User name attribute type (in most cases this is default)
Registering an LDAP server in OBIEE
In Oracle BI repository, go to manage security.

Create a new LDAP server in OBIEE Security Manager

With the help from your network security group/administration, fill out the following information

Next in the Advanced tab, based on the kind of LDAP server you have and its configuration, make the necessary changes.
For Microsoft ADSI (Active Directory Service Interface), choose ADSI and for all others leave it unchecked.
Most of the times, Username attribute would be automatically generated. For Microsoft ADSI It is sAMAccountName; for most of the LDAP servers it is uid or cn. Check with your network security group/administrator on what is the username attribute for your LDAP server. Make a note of the user name attribute you will need it later.

Now we need to create an Authentication initialization block. In administration tool, under Manage go to Variables.

Under Action, go to New -> Session -> Initialization Block

Configure the session initialization block. Give it a name and click on Edit Data Source. In the pop up window, choose LDAP from the drop down box and then click on Browse. You can also configure a LDAP server here by clicking on “New”. In the browse pop up window choose the LDAP server you would like to use.

Next we need to create variables. User and Email are the common variables normally in play.

Upon clicking on OK, a warning pops up on the usage of User session variable (User session variable has a special purpose. Are you sure you want to use this name). Click yes.

Next enter the LDAP variable for username. sAMAccountName in the case of ADSI as configured in the LDAP.

Next following similar steps create a variable for Email. In addition, depending on you need, you can bring additional variables from the LDAP server.

Now bounce your services.


About Sandeep Venu

    Blogger Comment
    Facebook Comment


21st Century Software Solutions said...

LDAP - Overview
A brief History of LDAP
LDAP Overview
LDAP vs. Database
LDAP Usage Summary
LDAP Data (Object) Model
Object Tree Structure
Object Classes
Describing the Tree and Adding Data
Navigating the Tree (DNs and RDNs)
LDAP Replication and Referrals
Call Us-91-900-044-4287 21st Century Software Solutions Online Training

Top Links

Upgrading BI Publisher

Add Google Search


Change Admin Password

Best Practices


Host Files



Bug Fixes

Setting Default

OBIEE Installation failed

OBIEE Installation

Oracle Databse

Oracle In Linux

Loopback Adapter

Weblogic Failed

Yum Commands

Weblogic Admin

Linux Static IP


Admin Paswword


Weblogic Starting Error

Localizing BI

Physical Schemas

Multimedia Dashboard

Video in OBIEE

Variables in OBIEE

Ago 30 Days

Email Link

ODI Installation

AGO Function

Sort Pivote table


Reset Sys password

Date Calculation

Add Row in Report

Increase Row limit

OBIEE with Essbase

Reset Weblogic

BIP Login Error

MDS and BI Platform

ORA 28001 Error

ORA 12560 TNS Protocal Error

ORA 12154 TNS Error


Pre Requsite

AIX Commands