How to configure OBIEE 11g to authenticate using LDAP.
There are 2 main steps to configure OBIEE 11g to authenticate users via LDAP:
1) Create LDAP Server connection:
Manage -> Security
Within Security Manager : Action -> New -> LDAP Server
At the minimum, you will need to identify your company's LDAP server, version, port # and base DN. Base DN identifies the starting point of your authentication search. For example, if you want to search all entries under the o=test.com subtree of the directory, o=test.com is the base DN
If you leave Bind DN and Bind password blank , anonymous binding is assumed. Note that LDAP v2 does not support anonymous binding.
Hit the test connection button to confirm your settings are correct:
2) Create a LDAP initialization block that points to the LDAP server you just created:Manage -> Variables
Within Variable Manager: Action -> New -> Session -> Initialization Block
Specify LDAP as your data source type, click browse and select the LDAP server you just created (as seen below)
Hit OK, then click 'Edit Data Target'. You will have to create at a minimum: 2 session variables - "USER" and "DISPLAYNAME" with the corresponding LDAP variables.
If LDAP successfully authenticates, the USER and DISPLAYNAME variable be passed data which you can use for data-level authorization.
Click the 'New' button below, and create the 2 variables as specified in the image.
Row-wise initialization will allow you to create session variables dynamically at the initialization of the session. For Basic LDAP authorization, this can remain unchecked 
Hit OK to navigate back to the main screen 'Session Variable Initialization Block'. On the bottom left hand corner you will see a button labeled test:
Click 'Test' and type in a valid LDAP username & password:
If successful, your session variables will return valid values:
If successful, your session variables will return valid values:
If Invalid, you will get the following values:
Now restart OBIEE presentation services , and your user should be able to authenticate via Answers.
You will still need to be create an Authorization policy for this user, by assigning them to applicable groups. You can find that covered in this guide - OBIEE 11g LDAP Authorization using an external database as the source
In Summary:
1) Create LDAP Connection
2) Create Init Block
3) Create LDAP USER and DISPLAYNAME session variables
4) Associate session variables with LDAP Init Block.
No comments:
Post a Comment