Search code examples
authenticationactive-directoryldapauthorizationobiee

OBIEE LDAP authorization

I have a question similiar to LDAP authorization but more specifically to OBIEE and Microsoft AD.

As described in documentation, if I use BI Publisher I only need to create a couple of XMLP_% roles in Active Directory and grant them to users after AD authentication is set up.

My questions are:

  1. Can I use similiar approach to using Analytics?
  2. Am I obligated to use external store for user roles?
  3. Can I use DefaultAthenticator provider for roles and grant them to Active Directory users?
  4. I want to use existing tools only if possible. Which options do I have for storing roles apart from database tables?
Solution

  • You don't need to create anything inside the AD at all. You just map whatever AD groups you want to OBI application roles.

    DefaultAuthenticator is the WLS-embedded LDAP. Leave that alone, otherwise you lock out your "weblogic" admin account.