In this post we are going to cover steps to integrate OBIEE with OID. By default BI users are stored locally and authenticate against BI Server.
OBIEE support authentication via LDAP Server (OID, iPlanet, openldap server).
.
Integration of OBIEE with OID is required if
1. You wish to use OID as user repository for OBIEE or
2. You wish to authenticate OBIEE users against OID or
3. You wish to integrate OBIEE (analytics) with Oracle Single Sign-On Server
To know more about OID click here and here .
.
There are two ways to integrate OBIEE with OID
1. To authenticate against OID or
2. Synchronize users/groups from OID to OBIEE Server .
.
Configure OID for User Authentication in Oracle BI
1. Create LDAP (OID) entry in Repository of BI
2. Configure initialization block for user authentication .
.
1. Create LDAP entry in Repository of BI
To create LDAP (OID) entry in BI Repository
a) Open repository (offline/online mode) from OBI Administration Tool (To know more about BI Administration Tool, Click Here)
Manage -> Security to open Security Manager in BI Administration Tool
Action -> New -> LDAP Server to add new ldap server
.
b) In new pop up window enter OID server details where
- HostName is machine name on which OID is running
- Port Number is Port on which OID is listening, if you are planning to use SSL port of OID change select SSL in Advanced Tab as shown below
- Base Dn is location in OID tree under which all users sit (user who wish to login through OBI should be under this tree in OID)
- Bind Dn is distinguished name of supeuser usually orcladmin (super user)
- Bind Password – is password of orcladmin user
.
.
Test OID connection by clicking on “Test Connection” button
- If UserName is OID is recognized by cn and NOT uid then change it in advanced name. (OID is using cn or uid as its userName is determined by orclcommonnicknameattribute value in OID)
- If OID is listening on SSL only and you entered SSL port in General Tab then select SSL checkbox in above screen
.
Note – OBI Server should be able to connect to OID server (If there is any firewall between BI Server and OID server open OID port across firewall) .
.
.
2. Configure initialization block for user authentication
2.1 Administration Tool -> Manage -> Variables ->
.
2.2 Action -> New -> Session -> Initialization Block
2.3 In Session Variable Initialization Block window, enter Name for session variable and select “Required for Authentication” check box as shown in screenshot
2.4 Now click on “Edit Data Source” button as shows in above screen shot
2.5 From drop down list select “LDAP” as datasource and select Browse as shown in below screenshot
2.6 Select OID server which you created in step1 above and click OK
2.7 Click OK on next screen
2.8 Now click on “Edit Data Target” button on Session Variable Initialization Block screen
2.9 Click on New and enter Name as USER in “System Session Variable” and click OK as shows in screenshot below
2.10 Enter the value of LDAP variable . This value is usually uid or cn (check value of orclcommonnicknameattribute in OID) and click OK as shown in below screenshot
2.11 Finally test your setup by clicking on Test button . Enter any valid Username, Password when prompted
.
.
Related
Configure/Integration of Oracle Single Sign-On with Oracle Business Intelligence coming soon…
Related Posts for Business Intelligence
- Oracle Business Intelligence Enterprise Edition Overview
- BIEE Installation on Linux (Business Intelligence Enterprise Edition)
- Oracle BI Publisher Cluster / HA
- Clustering Oracle Business Intelligence , BI Server, Presentation Services, Plug-In, Scheduler & Javahost
- OBIEE – Step by Step Installation
- User Management in OBIEE using BI Administration Tool
- Integrate Oracle BI Server with LDAP Server (OID – Oracle Internet Directory)
- Oracle BI Publisher Admin Console (xmlpserver) Login Issue : Administrator/Administrator
- How to install OBIEE on windows 7 (OBIEE Training)
- OBIEE 11g (11.1.1.3.0) Download & Installation
- OBIEE 11g Installation : High Level Steps
- Unable to login to OBIEE /Analytics after OID integration : %user% was authenticated but could not be located within the identity store
- Configure OBIEE 11g Client to connect to 11g RPD in online mode
- Integrate OBIEE 11g with OAM 11g for Single Sign-On in 13 steps
Oracle WebLogic Administrator [USD 399]- 03rd Dec, 2011
Good hands-on exercises (installation, patching, cloning), very experienced trainer worth every penny 
33 users commented in " Integrate Oracle BI Server with LDAP Server (OID – Oracle Internet Directory) "
Follow-up comment rss or Leave a TrackbackHi atul,
i have done all the process but i could not connect final stage of OID user id and password(2.11 Finally test your setup by clicking on Test button . Enter any valid Username, Password when prompted).
which userid and password i want give?
Thanks
lakshmi
hi,
I am telling about regarding LDAP connection.
I could not connect final stage of user id and password(2.11 Finally test your setup by clicking on Test button . Enter any valid Username, Password when prompted).
which user name and password i want to give.
thanks
lakshmi
Use LDAP Server (OID) username password here, one under default realm > users
[...] di om google ada referensi di sini. Tapi yang dikoneksikan adalah OID….mmm.yang terpenting adalah setting seperti di gambar di [...]
I’must connect to LDAP server over SSL, i’ve this error:
The IBM LDAP SSL client library initialization failed. Reason Bad keyfile password
Which LDAP server you are using ?
Are you connecting from BIEE (which version) ?
1) I must connect to OID LDAP, on SSL
2) the biee versione is 10.1.3.3.3
Thank you!!!
Which document you are using to integrate BIEE 101333 with OID on ssl ?
As per 7.1 guide here
http://download.oracle.com/docs/cd/E05553_01/books/AnyMsg/AnyMsg_Messages22.html
Cause: The key database file does not exist or it is a wrong file. Or the password is wrong.
Response. Make sure that the key database file specified in the Administration tool does exist and is the correct one.
ok but WATH IS the key database? it`s a CERT FILE?? where it is located???
Which documentation you are using to integrate ?
nothing in special, i`m using metalink/google/oracle forum ecc…. i find ALL for integration to OID (NOT SSL), but nothing in special for OID in SSL…can you suggest me some documentations about it?
Check this guide
http://download.oracle.com/docs/cd/E10415_01/doc/bi.1013/b40058.pdf
Chapter 5 , 7 and 10
I’m follow the guide http://download.oracle.com/docs/cd/E10415_01/doc/bi.1013/b40058.pdf , but i dont find anything about generate KEYFILE for ldap connection….
my question is:
1) how can i generate this KEYFILE?
2) where i must put the file on the server?
I`m solved.
1) i’ve generated the file from gsk7ikm , importing the CA cert.
2) i’ve put the file key.kdb in the $BIEE_HOME/server/Config
Thanks!!!
Good, which doc
you used to generate file
Hi Emillio,
Any success in resolving the key_file problem?
Even I am facing the same problem while configuring LDAP.
Thanks….
Hi Emilio,
Could you pls explain me in detail about this solution..
We are still facing this problem…
Thanks in Advance…
Hi Shri,
you must:
1) Install GSKit 7 on client and server machine
2) Create key_file whit the IBM utility sk7ikm ( you can read this for the creation http://download.oracle.com/docs/cd/B40099_02/books/Secur/Secur_SecAdaptAuth18.html).
When you create the key_file you must import the OCA of OID!
3) put the file created (ex key.kdb) in $BIEE_HOME/server/Config
4) Follow the instruction of THIS page, but chek SSL option
5) In BIee Administrator`s Menu go to: Tools –> Options –> Repository and complete the form whit the Key File Name and password!!!
Now you can test the LDAP SSL connection!!
Bye bye!
Emilio
Hi Atul,
Can you provide some detail steps to enable SSO with siteminder for OBIEE. I believe i need to know configuring obiee, siteminder and web server sides.
Appreciate your help in advance.
Regards
Hi Atul
Could you pls let me know which user id and password I have to provide to test the connection.
Do these user id and password need to be present in the ldap server . OR I can give the user name and password created in OBI rpd.
Also could you pls. let me know where I can see this Default realm> Users …
I tried giving the username / password (supplied to me to connect to LDAP server/box) but says authentication failure.
@ Shahzad
1. Do these user id and password need to be present in the ldap server ?
Yes
2. Where/How can I see Default realm ?
OID_HOME/bin/ldapsearch -h oid_host \
-p oid_port -D cn=orcladmin -w orcladmin_passwd \
-b “cn=common, cn=products, cn=oracleContext” \
-s base “objectclass=*” orcldefaultSubscriber
If output is like
orcldefaultsubscriber = dc=uk, dc=focusthread, dc=com
Then users should be under cn=users, dc=uk, dc=focusthread, dc=com
Atul
Thanks for the response.
Could you tell me How I can connect to ldap server . I only have the host name and port name. Do we need some console to connect to ldap.
Hi Atul
Could you pls. tell me how I can login to OBI Answers with the ldap user credentials. I tried that but says invalid user name and password.
Hi Atul,
Can you please provide steps on how to enable SSO and integrate OBIEE with Oracle Portal 10.1.4. I have configured OBIEE against OID and want to enable SSO so whenever a user logs in Portal ca access the reports authorized. I am not able to find any document around this. Thanks for any help.
@ Rubia
Its chapter 8 in “BI Deployment Guide” – mentioned under related section.
Hi All,
CAn some one suggest how to make multiple connects of LDAP using SSL, I Followed Atuls rep’s and was was able to configure 1 LDAP over SSL, but i need 2 more.. any suggestions!!
Hi all,
I am new to Oracle and I am facing issue with AD authentication. I have insatlled OBIEE in windows 2003. I want to configure AD authenticain for the page, http://hostname:port/analytics. I don’t know about OID. Our AD server name is dc02. Please help me to fix the issue.
Thanks,
ASM
@ ASM,
Procedure for AD server is same except few changes like
1. Username attribute type/ldap variable : uid – change it with your logon name in AD : This samaccountname or something similar check your AD team
2. Base DN to your AD path where your users sit
3. Bind DN : change this to your AD user like Administrator (full path of your AD including domainname)
4. Bind Password
[...] This Post OBIEE 11g integration with external LDAP servers like OID or AD is well documented here and [...]
HI All,
Please help me . below error message coming when iam trying to test connection.
53005 – ldap server referral is not supported fix
Regards,
Shailesh Kulkarni
@ shailesh,
Is this with OBIEE 10g or 11g ?
Which ldap server OID, AD or something else ?
Do you have multiple domains ? Is LDAP referral configured in your LDAP server (where one object referer to other ldap server or different domain)
hi Atul,
Thanks for the response.
we are using Ldap server AD with multiple domains.
eg: Main Domain
–> sub Domain1
–> Sub Domain2
but iam referring the user from Main Domain
iam using OBIEE 10g (10.1.3.4.1) and trying to integrate ldap server with OBIEE by follwoing above steps.
————————–
Host:xx.xx.xx.xx
Port:389
LDAP Version: 3
Base DN: CN=Users,DC=xxx,DC=xxx
Bind DN: CN=xxx x (Computer),OU=Computer Dept,DC=xxxx,DC=xxx
Bind Password: xxxxx
Test Connection= LDAP Server connected successfully.
————
After this Created initialization block and assigned ldap server finally failed at the time of test.
(53005 – ldap server referral is not supported)
————–
Please suggest.
Thanks,
Shailesh
Leave A Reply