OBIEE LDAP authorization

Question

I have a question similiar to LDAP authorization but more specifically to OBIEE and Microsoft AD.

As described in documentation, if I use BI Publisher I only need to create a couple of XMLP_% roles in Active Directory and grant them to users after AD authentication is set up.

My questions are:

Can I use similiar approach to using Analytics?
Am I obligated to use external store for user roles?
Can I use DefaultAthenticator provider for roles and grant them to Active Directory users?
I want to use existing tools only if possible. Which options do I have for storing roles apart from database tables?

score 0 · Accepted Answer · answered Aug 13 '20 at 15:53

0

You don't need to create anything inside the AD at all. You just map whatever AD groups you want to OBI application roles.

DefaultAuthenticator is the WLS-embedded LDAP. Leave that alone, otherwise you lock out your "weblogic" admin account.

answered Aug 13 '20 at 15:53

Chris

2,706
2
13
15

Oh... OH!... You just map them! Ahah, I'm so dumb, thank you! :) – elfcheg Aug 14 '20 at 10:30
No worries. If you want a complete overview, I held a workshop on that a while ago: https://www.youtube.com/watch?v=JUCZwQOmBn8 – Chris Aug 14 '20 at 12:21
Yes I do, please :) Thanks again! – elfcheg Aug 17 '20 at 10:29

OBIEE LDAP authorization

1 Answers1