14 December, 2016

Integrate Oracle BI with AD (via repository file)


Everywhere on other blogs is explained how to integrate Weblogic server with Active directory. Ok, I will be sincere, I was writing about this too. :) There is one best and faster solution. All you need is repository file and "Administration tool". 

 First, you need to "download" repository file with "data-model-cmd.cmd" script on BI server.

Example: data-model-cmd.cmd downloadrpd -Y -U yourUsername -P yourPassword -SI ssi -S BIserverHostname -N 9502 -O C:\Tmp\filename.rpd

 P.S. - "data-model-cmd.cmd" script is by default located on Windows host at "%OMW%\user_projects\domains\bi\bitools\bin" directory.

As you can see in script above, you need to modify "username", "password", "BI server hostname" and "path" where you want to save RPD file. Once you have downloaded it successfully, you need to open this file with Administration tool.

When you try to open file (with "Open offline" option) downloaded before ("C:\Tmp\filename.rpd") Administration tool will ask you to enter password. This is the same password you have entered in script above. 
In Administration tool you need to do this:
  • Manage -> Identity
  • In "tree view" select "Identity management"
  • Right click on the right side of window and select "New LDAP server..."
  • At this moment you will be prompted to enter those values:

    Name: Enter name of LDAP server definition (ex. LDAPSRV1)
    Hostname: Enter server FQDN or IP address
    Port number: 389 (this is default value)
    LDAP version: 3 (this is default value)
    Base DN: dc=domainname,dc=extensions
             ex. dc=company,dc=com
    Bind DN: Here you need to enter any user on domain
             ex. administrator@company.com
    Bind password: enter password for domain account written before

    Every parameter in "Advanced" tab muste be default. You don't need to make any change in that tab. Just to be sure, you can test connection with click on the button "Test connection". If test is OK, you can save this LDAP connection.
Now, when you are finished with all steps above, you must create new "Initialization block". Follow steps below.
  • Manage -> Variables
  • In "tree view" select  Session -> Initialization blocks
  • Right click on the right side of window and click on "New initialization block..."
  • Enter the name of initialization block. ex. "LDAP INIT Block"
  • Click on "Edit data source"
  • In drop down list "Data source type..." choose "LDAP Server". Click on "Browse" and choose LDAP server created before in first part of this article.
  • Now, click on "Edit Data Target..." and create four variables (USER, LOGLEVEL, DISPLAYNAME and EMAIL) like those on picture below:


Checkbox "Required for authentication" must be checked.
If everything is done correctly, you must have Initialization block 
set like this in picture:


Now, the last thing you must do is to upload previously saved repository (RPD) file back on the BI instance. You can do this again with "data-model-cmd.cmd" script on BI server.

Example: data-model-cmd.cmd uploadrpd -U yourUsername -P yourPassword -SI ssi -S BIserverHostname  -N 9502 -I C:\Tmp\filename.rpd

At this step, you need to enter repository password you have entered in download process. If everything is done correctly, you will get the message "Upload successfully completed". You can open your BI portal now and try to login with your username and password from Active directory.

Cheers!

at
Labels: , , , , , , , , , , , , , ,
Location: Zagreb, Croatia

8 comments:

  1. UnknownApril 10, 2018 at 5:41 PM

    Hi
    once authentication is done. NT login users can't see any reports. Only login successful.
    How to enable for AD users to see the reports same as admin user.
    Any help will be much appreciated.

    Regards
    Gopal

    ReplyDelete
  2. UnknownApril 10, 2018 at 5:42 PM

    This is for obiee 12c

    ReplyDelete
  3. UnknownApril 10, 2018 at 5:43 PM

    My mail id: gopal.sri21@gmail.com

    ReplyDelete
    Replies
    1. Drazen KovacevicJuly 28, 2019 at 1:39 PM

      Hi Gopal,

      I described all details below, to Maggie's post.
      You must integrate Weblogic with AD, after you will be able to set ACL on catalog to users/groups from AD.

      Regards,
      Drazen

      Delete
  4. MaggieFebruary 19, 2019 at 3:33 PM

    Hi Drazen,

    Is it possible to configure in the same way SSL AD Provider?

    Thanks in advance

    ReplyDelete
    Replies
    1. Drazen KovacevicJuly 28, 2019 at 1:37 PM

      Hi Maggie,

      yes, you can configure SSL AD provider in the same way I wrote above but I advise to integrate OBIEE and AD via Weblogic. Reason for that is because in the future will have situation when you must create groups of users and configure ACL for this groups. When you have users in Weblogic, you will be able to do that.


      Regards,
      Drazen

      Delete
  5. ShrutiOctober 3, 2019 at 8:45 AM

    Hi Drazan,Does it work for OBIEE 12c ? I have migrated From OBIEE 11g to OBIEE 12c.after doing all the steps u mentioned ,I am not able to login with active directory users.Do I need to do some more steps?

    ReplyDelete
  6. Drazen KovacevicNovember 12, 2019 at 2:08 PM

    Hi Shruti,

    yes, it works perfect in OBIEE 12c but the configuration is little bit different. I will write new post in next few days where I will explain everything.

    Stay tuned!

    Regards,
    Drazen

    ReplyDelete

Subscribe to: Post Comments (Atom)

Moving OBIEE to new enviroment

  OBI migration to new enviroment   Everyone has at least once had the need to migrate Oracle Business Intelligence (OBI) to a new enviro...