Oracle Business Intelligence 11gR2 11.1.1.7 authentication to Microsoft Active Directory

This will take you through the steps to have BI users authenticate against Active Directory. The users already defined in BI can still login. For example, the user “weblogic”.

Open the admin console http://obiee.example-domain.com:7001/console.

Go to Security Realms/myRealm/Providers tab/Authentication [Lock & Edit]

OBIEE-MSAD

Click New. type ActiveDirectoryAuthenticator, eg myADAuthenticator

OBIEE-MSAD1

Set the control flag to Sufficient. This ensures that either authentication in AD or in BI is sufficient to let a user login. It means you’ll still be able to use the “weblogic” account. For that, you must set to Sufficient the control flag of the default authenticator. If you forget this, the AD users will not be able to login.

OBIEE-MSAD2

Click on myADAuthenticator, go to Provider Specific tab

Input host of AD server and a user

userbase DN: ou=wlsusers,dc=example-domain,dc=com

If you can’t get it to work with “ou=wlsusers,dc=…”, you can also try only “dc=example-domain,dc=com”, but this means that all your AD users will be able to login into BI.

All users filter: (&(sAMAccountName=*)(objectclass=user))

User From Name Filter: (&(sAMAccountName=*)(objectclass=user))

Now restart the admin server.

Then you have to add three keys in the identity store provider.

Enterprise Manager, WebLogic Domain, bifoundation_domain, Security, Security Provider Configuration, Identity Store Provider, Configure

OBIEE-MSAD3

These are the keys:

  1. user.login.attr=sAMAccountName
  2. username.attr=sAMAccountName
  3. virtualize=true

OBIEE-MSAD4

Then you should define three groups in AD and add them to the corresponding roles in BI.

  1. AD_BIAdministrator
  2. AD_BIAuthor
  3. AD_BIConsumer

OBIEE-MSAD5

This was all, you should be able to login now into BI with your domain user.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s