This document is part of OBIEE 11g Training program from Adiva Consulting Inc.
Let we take care of your corporate training needs and you save 75% of on your Training budget.
Contact info@adivaconsulting.com
WordPress Websites for Engineers: Elevate Your Brand
OBIEE 11g: Configuring LDAP Server
1. OBIEE11g Training
www.adivaconsulting.com
[Type the company name]
OBIEE 11g - Configuring LDAP Server to provide OBIEE users
Prerequisites and best practices before starting any LDAP related changes
• LDAP Server is installed and running
• Users and groups and configured within the LDAP
• Backup is taken for the following files :
o C:OBIEE11Guser_projectsdomainsbifoundation_domainconfigconfig.xml
o C:OBIEE11Guser_projectsdomainsbifoundation_domainconfigfmwconfig*.XML
(i.e. All xml files in that directory)
o Some developers prefer to take the backup of the whole domain folder
C:OBIEE11Guser_projectsdomainsbifoundation_domain , instead of just a few
XML's if massive security changes are being tested.
• Post the LDAP related changes if the weblogic server fails to bootup (which means an
Administrator is locked out of whe WLS Console), the above files can be restored back (which is
a last known good configuration) and previous state is restored. The errors look somewhat like
this :
####<Sep 30, 2012 8:04:35 AM IST> <Notice> <WebLogicServer> <my-laptop> <AdminServer> <main> <<WLS Kernel>> <>
<> <1354242875438> <BEA-000365> <Server state changed to FAILED>
####<Sep 30, 2012 8:04:35 AM IST> <Error> <WebLogicServer> < my-laptop> <AdminServer> <main> <<WLS Kernel>> <>
<> <1354242875440> <BEA-000383> <A critical service failed. The server will shut itself down>
####<Sep 30, 2012 8:04:35 AM IST> <Notice> <WebLogicServer> < my-laptop> <AdminServer> <main> <<WLS Kernel>> <>
<> <1354242875445> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>
####<Sep 30, 2012 8:04:35 AM IST> <Info> <WebLogicServer> < my-laptop> <AdminServer> <main> <<WLS Kernel>> <>
<> <1354242875473> <BEA-000236> <Stopping execute threads.>
C:OBIEE11g>
The above log can be found at :
C:OBIEE11Guser_projectsdomainsbifoundation_domainserversAdminServerlogs AdminServer.log
In the same folder bifoundation_domain.log and AdminServer-diagnostic.log files provide further trouble
shooting information which is quite self explanatory and can be googled in case of errors. These are all
weblogic server logs.
The current document describes integration with an OpenLDAP directory. However it would be same for
other kinds of LDAP directories.
OpenLDAP for windows can be downloaded from :
http://www.userbooster.de/en/download/openldap-for-windows.aspx
A LDAP browser can be downloaded from :
http://jxplorer.org/downloads/index.html
This can be used for browsing through the LDAP directory entries
3. OBIEE11g Training
www.adivaconsulting.com
[Type the company name]
Go to the provider tab. This tab is used to add a new provider, e,g, a new LDAP Server that will "provide"
users for OBIEE system. Click on Lock and edit and New under the providers table, to add a new
Provider, which in this case is an OpenLDAP Directory
Name the LDAP provider as "OpenLDAPAuthenticator" (or whatever you wish) and select the Type of
Authenticator as " OpenLDAPAuthenticator" and Click OK.
4. OBIEE11g Training
www.adivaconsulting.com
[Type the company name]
This authenticator now appears in the list of WLS authenticators as shown below. This must be
reordered to be the first Authenticator.
Reorder by using the up keys
5. OBIEE11g Training
www.adivaconsulting.com
[Type the company name]
This is how it looks post reorder
And the below snap shows how this looks in the Authenticator Providers Table:
Click on the newly created Provider to configure it for handshaking with our OpenLDAP Server
6. OBIEE11g Training
www.adivaconsulting.com
[Type the company name]
An important step here, Mark control flag as OPTIONAL. This step is not to be missed else the
Administrator will be locked out of Weblogic Server. Do the same for the other Authenticator.(i.e. mark
control flag as OPTIONAL) DefaultAuthenticator(WebLogic Authentication Provider). Skipping this
step will prove to be disastrous ☺
7. OBIEE11g Training
www.adivaconsulting.com
[Type the company name]
Next in the "Provider Specific" Tab the LDAP specific configurations will be applied. Enter the
Host,Port,Principal(admin user of LDAP),Password to connect to LDAP,User Base DN (Distinguished
Name), Group Base DN etc. Note: The LDAP admin is the best person to talk to and get it filled as
deemed appropriate.
8. OBIEE11g Training
www.adivaconsulting.com
[Type the company name]
Say OK to Save and Click on Release Cofiguration. Then Reboot the whole BI System (Stop BI Services-->
Start BI Services) from Start menu
Once booted up, login to EM. In the EM, Navigate to Security Provider Configuration as shown below
10. OBIEE11g Training
www.adivaconsulting.com
[Type the company name]
Property Name : virtualize
Value : true
Reboot the whole BI System from Windows Start Menu (Not just the BI server using opmnctl
stopall/startall)
Check that LDAP users are available now in Weblogic server