OBIEE 11g: Configuring LDAP Server


Published on

This document is part of OBIEE 11g Training program from Adiva Consulting Inc.

Let we take care of your corporate training needs and you save 75% of on your Training budget.


Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

OBIEE 11g: Configuring LDAP Server

  1. 1. OBIEE11g Training [Type the company name] OBIEE 11g - Configuring LDAP Server to provide OBIEE users Prerequisites and best practices before starting any LDAP related changes • LDAP Server is installed and running • Users and groups and configured within the LDAP • Backup is taken for the following files : o C:OBIEE11Guser_projectsdomainsbifoundation_domainconfigconfig.xml o C:OBIEE11Guser_projectsdomainsbifoundation_domainconfigfmwconfig*.XML (i.e. All xml files in that directory) o Some developers prefer to take the backup of the whole domain folder C:OBIEE11Guser_projectsdomainsbifoundation_domain , instead of just a few XML's if massive security changes are being tested. • Post the LDAP related changes if the weblogic server fails to bootup (which means an Administrator is locked out of whe WLS Console), the above files can be restored back (which is a last known good configuration) and previous state is restored. The errors look somewhat like this : ####<Sep 30, 2012 8:04:35 AM IST> <Notice> <WebLogicServer> <my-laptop> <AdminServer> <main> <<WLS Kernel>> <> <> <1354242875438> <BEA-000365> <Server state changed to FAILED> ####<Sep 30, 2012 8:04:35 AM IST> <Error> <WebLogicServer> < my-laptop> <AdminServer> <main> <<WLS Kernel>> <> <> <1354242875440> <BEA-000383> <A critical service failed. The server will shut itself down> ####<Sep 30, 2012 8:04:35 AM IST> <Notice> <WebLogicServer> < my-laptop> <AdminServer> <main> <<WLS Kernel>> <> <> <1354242875445> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN> ####<Sep 30, 2012 8:04:35 AM IST> <Info> <WebLogicServer> < my-laptop> <AdminServer> <main> <<WLS Kernel>> <> <> <1354242875473> <BEA-000236> <Stopping execute threads.> C:OBIEE11g> The above log can be found at : C:OBIEE11Guser_projectsdomainsbifoundation_domainserversAdminServerlogs AdminServer.log In the same folder bifoundation_domain.log and AdminServer-diagnostic.log files provide further trouble shooting information which is quite self explanatory and can be googled in case of errors. These are all weblogic server logs. The current document describes integration with an OpenLDAP directory. However it would be same for other kinds of LDAP directories. OpenLDAP for windows can be downloaded from : A LDAP browser can be downloaded from : This can be used for browsing through the LDAP directory entries
  2. 2. OBIEE11g Training [Type the company name] The following snap shows the users in a LDAP explorer tool Login to Weblogic Server Admin Console and Navigate to your Security Realm
  3. 3. OBIEE11g Training [Type the company name] Go to the provider tab. This tab is used to add a new provider, e,g, a new LDAP Server that will "provide" users for OBIEE system. Click on Lock and edit and New under the providers table, to add a new Provider, which in this case is an OpenLDAP Directory Name the LDAP provider as "OpenLDAPAuthenticator" (or whatever you wish) and select the Type of Authenticator as " OpenLDAPAuthenticator" and Click OK.
  4. 4. OBIEE11g Training [Type the company name] This authenticator now appears in the list of WLS authenticators as shown below. This must be reordered to be the first Authenticator. Reorder by using the up keys
  5. 5. OBIEE11g Training [Type the company name] This is how it looks post reorder And the below snap shows how this looks in the Authenticator Providers Table: Click on the newly created Provider to configure it for handshaking with our OpenLDAP Server
  6. 6. OBIEE11g Training [Type the company name] An important step here, Mark control flag as OPTIONAL. This step is not to be missed else the Administrator will be locked out of Weblogic Server. Do the same for the other Authenticator.(i.e. mark control flag as OPTIONAL) DefaultAuthenticator(WebLogic Authentication Provider). Skipping this step will prove to be disastrous ☺
  7. 7. OBIEE11g Training [Type the company name] Next in the "Provider Specific" Tab the LDAP specific configurations will be applied. Enter the Host,Port,Principal(admin user of LDAP),Password to connect to LDAP,User Base DN (Distinguished Name), Group Base DN etc. Note: The LDAP admin is the best person to talk to and get it filled as deemed appropriate.
  8. 8. OBIEE11g Training [Type the company name] Say OK to Save and Click on Release Cofiguration. Then Reboot the whole BI System (Stop BI Services--> Start BI Services) from Start menu Once booted up, login to EM. In the EM, Navigate to Security Provider Configuration as shown below
  9. 9. OBIEE11g Training [Type the company name] Go to Identity store click Configure as shown below Add a property as
  10. 10. OBIEE11g Training [Type the company name] Property Name : virtualize Value : true Reboot the whole BI System from Windows Start Menu (Not just the BI server using opmnctl stopall/startall) Check that LDAP users are available now in Weblogic server
  11. 11. OBIEE11g Training [Type the company name] Try to login now Login should be successful