Monday, April 30, 2012

How to: OBIEE 10g LDAP Authentication in Repository

4:51 PM

Share it Please
Recent challenge at a client site :

How to configure OBIEE 10g to authenticate using LDAP.

There are 2 main steps to configure OBIEE 10g to authenticate users via LDAP:

1) Create LDAP Server connection:

Manage -> Security
Within Security Manager : Action -> New -> LDAP Server

At the minimum, you will need to identify your company's LDAP server, version, port # and base DN. Base DN identifies the starting point of your authentication search. For example, if you want to search all entries under the subtree of the directory, is the base DN

If you leave Bind DN and Bind password blank , anonymous binding is assumed. Note that LDAP v2 does not support anonymous binding.

Hit the test connection button to confirm your settings are correct:

2) Create a LDAP initialization block that points to the LDAP server you just created:

Manage -> Variables
Within Variable Manager: Action -> New -> Session -> Initialization Block

 Specify LDAP as your data source type, click browse and select the LDAP server you just created (as seen below)

Hit OK, then click 'Edit Data Target'. You will have to create at a minimum: 2 session variables - "USER" and "DISPLAYNAME" with the corresponding LDAP variables.

If LDAP successfully authenticates, the USER and DISPLAYNAME variable be passed data which you can use for data-level authorization.
Click the 'New' button below, and create the 2 variables as specified in the image.

Row-wise initialization will allow you to create session variables dynamically at the initialization of the session. For Basic LDAP authorization, this can remain unchecked

Hit OK to navigate back to the main screen 'Session Variable Initialization Block'. On the bottom left hand corner you will see a button labeled test:

Click 'Test' and type in a valid LDAP username & password:

If successful, your session variables will return valid values:

If Invalid, you will get the following values:

Now restart OBIEE presentation services , and your user should be able to authenticate via Answers.
You will still need to be create an Authorization policy for this user, by assigning them to applicable groups. You can find that covered in this guide  - OBIEE 10g LDAP Authorization using an external database as the source

In Summary:

1) Create LDAP Connection
2) Create Init Block
3) Create LDAP USER and DISPLAYNAME session variables
4) Associate session variables with LDAP Init Block.

keywords:  obiee ldap authentication, obiee security, obiee repository authentication,  obiee user authentication ldap,   configure ldap authentication obiee


Post a Comment