Integrate Oracle BI Server with LDAP Server (OID – Oracle Internet Directory)

In this post we are going to cover steps to integrate OBIEE with OID. By default BI users are stored locally and authenticate against BI Server.
OBIEE support authentication via LDAP Server (OID, iPlanet, openldap server).

.

Integration of OBIEE with OID is required if

1. You wish to use OID as user repository for OBIEE or
2.
You wish to authenticate OBIEE users against OID or
3.
You wish to integrate OBIEE (analytics) with Oracle Single Sign-On Server
To know more about OID   click here   and   here .

.
There are two ways to integrate OBIEE with OID

1. To authenticate against OID or
2. Synchronize users/groups from OID to OBIEE Server .

.
Configure OID for User Authentication in Oracle BI

1. Create LDAP (OID) entry in Repository of BI
2.
Configure initialization block for user authentication .

.

1. Create LDAP entry in Repository of BI
To create LDAP (OID) entry in BI Repository

a) Open repository (offline/online mode) from OBI Administration Tool (To know more about BI Administration Tool, Click Here)
Manage
-> Security to open Security Manager in BI Administration Tool
Action
-> New -> LDAP Server to add new ldap server

.

b) In new pop up window enter OID server details where

HostName is machine name on which OID is running
Port Number is Port on which OID is listening, if you are planning to use SSL port of OID change select SSL in Advanced Tab as shown below
Base Dn is location in OID tree under which all users sit  (user who wish to login through OBI should be under this tree in OID)
Bind Dn is distinguished name of supeuser usually orcladmin (super user)
Bind Password – is password of orcladmin user

.

.

Test OID connection by clicking on “Test Connection” button

– If UserName is OID is recognized by cn and NOT uid then change it in advanced name. (OID is using cn or uid as its userName is determined by orclcommonnicknameattribute value in OID)
– If OID is listening on SSL only and you entered SSL port in General Tab then select SSL checkbox in above screen
.
Note
– OBI Server should be able to connect to OID server (If there is any firewall between BI Server and OID server open OID port across firewall) .

.

.

2. Configure initialization block for user authentication

2.1 Administration Tool -> Manage -> Variables ->

.

2.2 Action -> New -> Session -> Initialization Block

2.3 In Session Variable Initialization Block window, enter Name for session variable and select “Required for Authentication” check box as shown in screenshot

2.4 Now click on “Edit Data Source” button as shows in above screen shot

2.5 From drop down list select “LDAP” as datasource and select Browse as shown in below screenshot

2.6 Select OID server which you created in step1 above and click OK

2.7 Click OK on next screen

2.8 Now click on “Edit Data Target” button on Session Variable Initialization Block screen

2.9 Click on New and enter Name as USER in “System Session Variable” and click OK as shows in screenshot below

2.10 Enter the value of LDAP variable . This value is usually uid or cn (check value of orclcommonnicknameattribute in OID) and click OK as shown in below screenshot

2.11 Finally test your setup by clicking on Test button . Enter any valid Username, Password when prompted

.

.

Related

Configure/Integration of Oracle Single Sign-On with Oracle Business Intelligence coming soon…

About the Author Atul Kumar

Oracle ACE, Author, Speaker and Founder of K21 Technologies & K21 Academy : Oracle Gold Partner specialising in Design, Implement, and Trainings.

follow me on:

Leave a Comment:

37 comments
lakshmikanthan says September 22, 2008

Hi atul,

i have done all the process but i could not connect final stage of OID user id and password(2.11 Finally test your setup by clicking on Test button . Enter any valid Username, Password when prompted).

which userid and password i want give?

Thanks
lakshmi

Reply
lakshmikanthan says September 22, 2008

hi,

I am telling about regarding LDAP connection.

I could not connect final stage of user id and password(2.11 Finally test your setup by clicking on Test button . Enter any valid Username, Password when prompted).

which user name and password i want to give.

thanks
lakshmi

Reply
Atul says September 22, 2008

Use LDAP Server (OID) username password here, one under default realm > users

Reply
Koneksi BIEE - OpenLDAP « Akuardit’s Weblog says October 20, 2008

[…] di om google ada referensi di sini. Tapi yang dikoneksikan adalah OID….mmm.yang terpenting adalah setting seperti di gambar di […]

Reply
Emilio Petrangeli says November 14, 2008

I’must connect to LDAP server over SSL, i’ve this error:
The IBM LDAP SSL client library initialization failed. Reason Bad keyfile password

Reply
Atul Kumar says November 15, 2008

Which LDAP server you are using ?
Are you connecting from BIEE (which version) ?

Reply
Emilio Petrangeli says November 16, 2008

1) I must connect to OID LDAP, on SSL
2) the biee versione is 10.1.3.3.3

Thank you!!!

Reply
Atul Kumar says November 16, 2008

Which document you are using to integrate BIEE 101333 with OID on ssl ?

As per 7.1 guide here
http://download.oracle.com/docs/cd/E05553_01/books/AnyMsg/AnyMsg_Messages22.html

Cause: The key database file does not exist or it is a wrong file. Or the password is wrong.

Response. Make sure that the key database file specified in the Administration tool does exist and is the correct one.

Reply
Emilio Petrangeli says November 16, 2008

ok but WATH IS the key database? it`s a CERT FILE?? where it is located???

Reply
Atul Kumar says November 16, 2008

Which documentation you are using to integrate ?

Reply
Emilio Petrangeli says November 16, 2008

nothing in special, i`m using metalink/google/oracle forum ecc…. i find ALL for integration to OID (NOT SSL), but nothing in special for OID in SSL…can you suggest me some documentations about it?

Reply
Atul Kumar says November 16, 2008

Check this guide

http://download.oracle.com/docs/cd/E10415_01/doc/bi.1013/b40058.pdf

Chapter 5 , 7 and 10

Reply
Emilio Petrangeli says November 17, 2008

I’m follow the guide http://download.oracle.com/docs/cd/E10415_01/doc/bi.1013/b40058.pdf , but i dont find anything about generate KEYFILE for ldap connection….

my question is:
1) how can i generate this KEYFILE?
2) where i must put the file on the server?

Reply
Emilio Petrangeli says November 17, 2008

I`m solved.

1) i’ve generated the file from gsk7ikm , importing the CA cert.
2) i’ve put the file key.kdb in the $BIEE_HOME/server/Config

Thanks!!!

Reply
Atul Kumar says November 17, 2008

Good, which doc 😉 you used to generate file

Reply
Shri says November 19, 2008

Hi Emillio,

Any success in resolving the key_file problem?

Even I am facing the same problem while configuring LDAP.

Thanks….

Reply
shri says November 19, 2008

Hi Emilio,

Could you pls explain me in detail about this solution..

We are still facing this problem…

Thanks in Advance…

Reply
Emilio Petrangeli says November 19, 2008

Hi Shri,
you must:

1) Install GSKit 7 on client and server machine
2) Create key_file whit the IBM utility sk7ikm ( you can read this for the creation http://download.oracle.com/docs/cd/B40099_02/books/Secur/Secur_SecAdaptAuth18.html).
When you create the key_file you must import the OCA of OID!
3) put the file created (ex key.kdb) in $BIEE_HOME/server/Config
4) Follow the instruction of THIS page, but chek SSL option
5) In BIee Administrator`s Menu go to: Tools –> Options –> Repository and complete the form whit the Key File Name and password!!!

Now you can test the LDAP SSL connection!!

Bye bye!
Emilio

Reply
venralla says April 1, 2009

Hi Atul,

Can you provide some detail steps to enable SSO with siteminder for OBIEE. I believe i need to know configuring obiee, siteminder and web server sides.

Appreciate your help in advance.

Regards

Reply
shahzad says September 29, 2009

Hi Atul

Could you pls let me know which user id and password I have to provide to test the connection.

Do these user id and password need to be present in the ldap server . OR I can give the user name and password created in OBI rpd.

Reply
shahzad says September 29, 2009

Also could you pls. let me know where I can see this Default realm> Users …

I tried giving the username / password (supplied to me to connect to LDAP server/box) but says authentication failure.

Reply
Atul Kumar says September 29, 2009

@ Shahzad

1. Do these user id and password need to be present in the ldap server ?

Yes

2. Where/How can I see Default realm ?

OID_HOME/bin/ldapsearch -h oid_host \
-p oid_port -D cn=orcladmin -w orcladmin_passwd \
-b “cn=common, cn=products, cn=oracleContext” \
-s base “objectclass=*” orcldefaultSubscriber

If output is like

orcldefaultsubscriber = dc=uk, dc=focusthread, dc=com

Then users should be under cn=users, dc=uk, dc=focusthread, dc=com

Reply
Shahzad says October 20, 2009

Atul

Thanks for the response.

Could you tell me How I can connect to ldap server . I only have the host name and port name. Do we need some console to connect to ldap.

Reply
Shahzad says October 20, 2009

Hi Atul

Could you pls. tell me how I can login to OBI Answers with the ldap user credentials. I tried that but says invalid user name and password.

Reply
Rubia says December 3, 2009

Hi Atul,

Can you please provide steps on how to enable SSO and integrate OBIEE with Oracle Portal 10.1.4. I have configured OBIEE against OID and want to enable SSO so whenever a user logs in Portal ca access the reports authorized. I am not able to find any document around this. Thanks for any help.

Reply
Atul Kumar says December 10, 2009

@ Rubia
Its chapter 8 in “BI Deployment Guide” – mentioned under related section.

Reply
Venu says April 19, 2010

Hi All,

CAn some one suggest how to make multiple connects of LDAP using SSL, I Followed Atuls rep’s and was was able to configure 1 LDAP over SSL, but i need 2 more.. any suggestions!!

Reply
asmnk says September 21, 2010

Hi all,

I am new to Oracle and I am facing issue with AD authentication. I have insatlled OBIEE in windows 2003. I want to configure AD authenticain for the page, http://hostname:port/analytics. I don’t know about OID. Our AD server name is dc02. Please help me to fix the issue.

Thanks,
ASM

Reply
Atul Kumar says September 21, 2010

@ ASM,
Procedure for AD server is same except few changes like

1. Username attribute type/ldap variable : uid – change it with your logon name in AD : This samaccountname or something similar check your AD team
2. Base DN to your AD path where your users sit
3. Bind DN : change this to your AD user like Administrator (full path of your AD including domainname)
4. Bind Password

Reply
» Unable to login to OBIEE /Anylytics after OID integration : %user% was authenticated but could not be located within the identity store Online Apps DBA: One Stop Shop for Apps DBA’s says June 21, 2011

[…] This Post OBIEE 11g integration with external LDAP servers like OID or AD is well documented here and […]

Reply
shailesh says August 15, 2011

HI All,

Please help me . below error message coming when iam trying to test connection.

53005 – ldap server referral is not supported fix

Regards,
Shailesh Kulkarni

Reply
Atul Kumar says August 15, 2011

@ shailesh,
Is this with OBIEE 10g or 11g ?

Which ldap server OID, AD or something else ?

Do you have multiple domains ? Is LDAP referral configured in your LDAP server (where one object referer to other ldap server or different domain)

Reply
shailesh says August 16, 2011

hi Atul,
Thanks for the response.
we are using Ldap server AD with multiple domains.
eg: Main Domain
–> sub Domain1
–> Sub Domain2

but iam referring the user from Main Domain

iam using OBIEE 10g (10.1.3.4.1) and trying to integrate ldap server with OBIEE by follwoing above steps.
————————–
Host:xx.xx.xx.xx
Port:389
LDAP Version: 3
Base DN: CN=Users,DC=xxx,DC=xxx
Bind DN: CN=xxx x (Computer),OU=Computer Dept,DC=xxxx,DC=xxx
Bind Password: xxxxx
Test Connection= LDAP Server connected successfully.
————
After this Created initialization block and assigned ldap server finally failed at the time of test.
(53005 – ldap server referral is not supported)
————–
Please suggest.

Thanks,
Shailesh

Reply
anubiz says September 12, 2012

Hi all
I same issue 53005 – ldap server referral is not supported fix
but I set on OBIEE 11.1.1.6

Thanks
weraphan

Reply
Gill Lima says November 5, 2013

Hi Im trying to setup but it keeps giving me the error: LDAP Object “Servername.domain” does not exists on the server side.

Do I have to contact the LDAP Admins to find out the LDAP Name?

Reply
    Atul Kumar says November 5, 2013

    @Gilll Lima,
    At what stage you are getting this error and where do you see this error ?

    Reply
Deng Xiaohui says April 21, 2014

Hi all,
I met an error when trying to convert SSL for LDAP, the error message :The IBM LDAP SSL client library initialization failed. Reason:Keyring file open error.
our OBIEE version is 10.1.3.4 and we don’t use GSKit tool to generate key file,instead we use cacerts file.
please help me out, thanks!

Reply
Add Your Reply