External authentication on Essbase 9.3.1

I am migrating from Essbase 7.3.x on 32-bit Windows to System9 on 64-bit windows. External authentication works on both Shared Services and EAS. I have successfully registered EAS and Essbase with shared services however I do not see Essbase in "User console" of Shared Services as an application. I am able to create native authenticated users in Essbase but unable to externalise the security. I get the following error messages when trying to externalise:
Error: 1051549: Can not convert Analytic Services to Shared Services mode when Analytic Services is not configured with Shared Services or the initialization process has failed
On starting Essbase, I see the following error message when I use the same CSSconfig file as used by shared services:
[Wed Jul 16 10:26:45 2008]Local/ESSBASE0///Error(1051223)
Single Sign On function call [css_init] failed with error [getOSVersion]
[Wed Jul 16 10:26:45 2008]Local/ESSBASE0///Info(1051198)
Single Sign-On Initialization Failed !
If I point to the current CSS file used in production Essbase 7, I get the following message:
[Wed Jul 16 10:33:26 2008]Local/ESSBASE0///Error(1051223)
Single Sign On function call [css_init] failed with error [-1]
[Wed Jul 16 10:33:26 2008]Local/ESSBASE0///Info(1051198)
Single Sign-On Initialization Failed !
In either case everything except External Authentication on System9 for Essbase works.
Both shared services and Essbase are on the same 64-bit Windows box.
Any help in resolving this will be greatly appreciated.
Thanks,
Vikram.

HI:
I recommand following these steps:
1. Go to the box where you have your Essbase installed
2. Pull up the Shared Services Configuration Utility
3. Select COmponent to be registered as Essbase
4. Remeber to stop the essbase - i assume you are getting the error hence essbae would not have loaded.
5. Re-register Essbase with Shared services
6.Start essbase in Foreground
It shuld Start :) good Luck..let me know If this failed..
Thanks,
Sriram

Similar Messages

External authentication for Essbase 7.1.6.

Hi all,
We are trying to set up external authentication for Essbase 7.1.6. We have a customized version of Essbase which does not use DLL. we do not have a Hyperion Hub or any CSS set up. All we have is an authentication module from the vendor to be used instead of the DLL. As per the documents provided to us all we have to do is change the cfg file to include the AUTHENTICATIONMODULE setting. Does anyone has any experience with this? What all parameters do we need to pass to Active Directory for this to work? Please help.
Thanks.
Vish.

You could create a maxl script that replaces the filters, when you call the maxl script you could pass in a variable such as YR08 and use that variable in the script.
Cheers
John
http://john-goodwin.blogspot.com/

Use of LDAP group external authentication in Essbase v7.16

Hello Experts,
One of my customer wants an answer for his query -
They currently use LDAP external authentificaiton with userid only and would like to use LDAP groups. Is this supported in version 7.1.6 (Heard that It is a known limitation in version 7.x that LDAP / MSAD groups are not supported. MSAD groups are supported in System 9.x)
My Research:
I read in the Essbase v7 documentation the following 2 examples of using groups, under Essbase.CFG Configuration Settings > AUTHENTICATIONMODULE
Can you explain how this works
Thank you
Example 1
The entries in this example allow users in the group Engineers from domain yahoo.com to be authenticated on host Gorky, via port number 389, with a timeout period of 30 seconds.
AuthenticationModule LDAP essldap.dll 30 cn=Engineers, ou=Groups, dc=yahoo, dc=com@Gorky:389
Example 2
The entries in this example allow users in the group Engineers from domain yahoo.com to be authenticated on host 129.63.140.122, via port number 389, with a timeout period of 45 seconds.
AuthenticationModule MSAD essmsad.dll essmsad.lib 45 cn=Engineers, ou=Groups, dc=yahoo, dc=[email protected]:389
Regards,
Sonal
Edited by: 637223 on Oct 23, 2009 7:16 PM

I do not believe using LDAP groups is supported in 716.

External Authentication with LDAP

Has anyone integrated external authentication of Essbase with LDAP? I've searched discussion groups, websites with no luck, and of course, Essbase documentation doesn't help either. Any additional documentation will help.Thanks in advance!

Thanks for the info. Is this sample code part of the default implementation that comes installed with the product (essldap.dll)? Or is this something completely different.Also, has anyone done anything similar in visual basic? We have a shortage of v c++ skills around here.Thanks again!

Essbase 6.5 External Authentication Issue!! Urgent Please!!

Hi all,
I am great trouble over an external authentication issue in Essbase 6.5. I request you all to please give me your feedback on the same as soon as possible.
I am in a situation where I need to get my Essbase 6.5 external Authentication converted from LDAP to Active Directory services.
I suppose there has been necessary changes done to the .cfg file for the same. However, I think I am getting an error
"User [vikc]'c external authentication protocol [MSEX]'s password check module is not loaded".
Please let me know if you have come across such an issue earlier and can anybody to able to help me with the same.
Its kinda Urgent. so any replies for the same will be appreciated.
Thanks and Regards,
Vikram

Vikram,
Yes you will have to reconfigure the CSS.xml and cfg file for external auth.
Here is the Sample CSS
<spi>
 <provider>
 <msad name="full360">
 <trusted>false</trusted>
 <url>ldap://192.168.1.100:389/DC=full360,DC=com</url>
 <userDN>CN=Ravinder Singh,DC=full360,DC=com</userDN>
 <password>full@360</password>
 <authType>simple</authType>
 <identityAttribute>dn</identityAttribute>
 <maxSize>1000</maxSize>
 <user>
 <loginAttribute>sAMAccountName</loginAttribute>
 <nameAttribute>dn</nameAttribute>
 </user>
 <group>
 <nameAttribute>cn</nameAttribute>
 <objectclass>
 <entry>group?member</entry>
 </objectclass>
 </group>
 </msad>
Download this toll "http://www.ldapbrowser.com/download.htm"
LDAP browser to get the perfact DN information.
Let me know the status
Ravikant

Essbase security Migration from native mode to external authentication

Hi!!
I want some guidance on setting up security, all the users are currently in Native user mode and Native groups.
Now we want to migrate to external mode, current version of hyperion is 11.1.1.3, any steps to follow in
this direction would be really helpful.
What is the best way of migrating huge user base from native directory to setting up for external authentication,
this is the first time move from native to external authentication, If anyone who has done this will be helpful.
steps to setup , maxl based migration will be helpful or utility based.
Thanks

When you say native mode do you mean that that essbase security is in native mode and you want to convert to shared services security mode,or do you mean you are using shared services securtiy with native users and you want to use an external directory like MSAD.
For your question ::
Yes the first piece is correct, our security is in native mode.
and we want to convert to shared services security mode,
The request involves moving from essbase native mode to Shared services native user mode (moving all the existing users, groups and existing provisioning)
The next stage is moving from Shared services native user mode to external directory. (moving all the existing users, groups and existing provisioning)
Your input will guide me in the direction.
Thanks

Error: 1051203: Single Sign On External Authentication is Disabled - When connecting to Essbase Server

We have installed newly EPM Product suite in Windows server.......After loggin into Essbase Administration Services, on connecting to the Essbase servers, i am getting the below error........"Error: 1051203: Single Sign On External Authentication is Disabled"....because of this i am also not able to configure the Data Source in Planning Application..
Error: 1051203: Single Sign On External Authentication is Disabled

Check the essbase.log, do you see the following when Essbase was first started up.
User Migration to Shared Services Completed Successfully and Refresh from Shared Services Starts
Refresh from Shared Services Completed Successfully
If not you may need to stop essbase, rename the essbase.sec and start up again, check the log for the above.
Cheers
John
http://john-goodwin.blogspot.com/

Essbase analytic services 7.1.5 & external authentication

Hi,
first off, you have to excuse me for being a total newbie in the field of Essbase ;)
We are currently trying to move our external authetication from Novell eDirectory via LDAP to Microsoft Active Directory. We use the LDAP authentication module with the following string in essbase.cfg "AuthenticationModule LDAP essldap.dll x".
Reading the documentation for external authentication (x_auth.pdf) we came to the conclusion that we "needed" the Hub installed. Talking to Hyperion support told us that use of the Hub with our version was very unusual.
Is it possible to configure the CSS authentication module to use a .xml file configured for our Microsoft AD and simply forget about the hub? If so, does the following lines look correct to you:
essbase.cfg:
"AuthenticationModule CSS file://localhost/D:/Program/ESSBASE/bin/css_config.xml"
css_config.xml:
<msad name="msad1">
<trusted>false</trusted>
<url>ldap://ADDC_server:389/ou=contoso, dc=COMPANY, DC=LOCAL</url>
<userDN>cn=Administrator</userDN>
<password>wordpass</password>
<authType>simple</authType>
<authProtocol>ssl</authProtocol>
<identityAttribute>dn</identityAttribute>
<user>
<url>ou=Users</url>
<loginAttribute>cn</loginAttribute>
<fnAttribute>givenname</fnAttribute>
<snAttribute>sn</snAttribute>
<emailAttribute>mail</emailAttribute>
<objectclass>
<entry>person</entry>
<entry>organizationalPerson</entry>
<entry>user</entry>
</objectclass>
Trying to add or copy a user in the Essbase Administration Services enterprise view gives us the following error:
"Error: 1051203 Single Sign On External Authentication is Disabled"
That tells me that we need to configure SSO in the css_config.xml file, but i have not found any examples for Analyzer but only for OBIEE.
Is there anybody at this forum that have achieved what we are striving for?
Best Regards,
Johannes

Hi,
Something must wrong in your css.xml, I am not sure if you can get any further logging...
here is an example of a css.xml
<?xml version="1.0" encoding="UTF-8"?>
<css xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<spi>
<provider>
<msad name="msad1"> <trusted>false</trusted>
<url>ldap://ldapserver:389/dc=CompanyName,dc=com</url>
<userDN>CN=#######,OU=Security Accounts,OU=IT,DC=CompanyName,DC=com</userDN>
<password>########</password>
<authType>simple</authType>
<identityAttribute>dn</identityAttribute>
<user>
<loginAttribute>sAMAccountName</loginAttribute>
<fnAttribute>givenname</fnAttribute>
<snAttribute>sn</snAttribute>
<emailAttribute>mail</emailAttribute>
<objectclass>
</objectclass>
</user>
<group>
<url>cn=LostAndFound</url>
</group>
</msad>
</provider>
</spi>
<searchOrder>
<el>msad1</el>
</searchOrder>
<token>
<timeout>60</timeout>
</token>
<logger>
<priority>ERROR</priority>
</logger>
</css>
If you are still struggling you could try an ldap browser to see if you can connect with the details you are trying.
Cheers
John
http://john-goodwin.blogspot.com/

Essbase External Authentication

Anybody know where can I find more information about Essbase External Authentication?Particularly about LDAP Authentication?I read about it from dbag.pdf,but there is little resource.And I can't correctly set our "cognos LDAP Authentication" as new Essbasee application Authentication.I don't know whether it is because the AUTHENTICATIONMODULE parameter I wroten is wrong.Our cognos LDAP setting is: Default Directory Server: Host: 192.168.2.120:389 BaseDN: o=Cognos,c=CA Default Namespace: Use irectory server default Your local cache is disabled.In essbase.cfg file I write:AuthenticationModule LDAP essldap.dll x o=Cognos,c=CA,@192.168.2.120:389Is it right?Any help is appreciated.

Hi,
Remember, order of the user repositories does matter when you have same username in both of them.
You need to set MSAD repository in the first order here, I understand.
than you need to copy provisions from native directory to MSAD.
Regards,
Ahmet

External Authentication in EAS using MSAD

We use MSAD for our external authentication and it works fine ifthe user logon names are set up a certain way in MSAD. However,some of them are set up differently and Essbase won't allow us touse external authentication for them. Is there a setting somewherein Essbase that can be changed to allow more than one user logonname format coming from MSAD?

Hi Krista, Unfortunately u cannot specify two formats to authenticate. If iunderstand correclty you want to identify a user in MSAD by morethan one feild, as far as i know essbase external authenticationthe xml file cannot use more than one feild. your most probable solution to this would be to add the feildyou are using in your xml file to all users using essbase inMSAD. Please use the following link if you need furtherinformation. http://dev.hyperion.com/techdocs/essbase/essbase_712/Docs/techref/techref.htm#config/security/configure/config.htm here is the sample active directory format. <msad name="<a href="ldapserver.htm">msadServer</a>"> <trusted><ahref="trust.htm">false</a></trusted> <url><ahref="provurl.htm">ldap://host<img src="i/expressions/face-icon-small-tongue.gif" border="0">ortNo/DIT</a></url><userDN>cn=UserName</userDN><password>UserPassword</password> <user><url>ou=people</url></user> <group> <url>ou=Groups</url> </group></msad>

Hyperion Hub Required for External Authentication?

Need to use external authentication for three products, Essbase 7.1.2, Analyzer and Reports. Do you have to use Hyperion Hub?

Also, can you use mixed mode, some users using Essbase Native and some using Active Directory or a combination of Active Directory and NTML?

Mass conversion to external authentication

We are currently in the process of upgrading from Essbase 6542 to 715. We are also implementing external authentication. Tried ASM from OLAP Underground but it can?t convert to external authentication. Tried reading Admin/Tech doc?s to see if there was a utility application but found nothing. Did find that using EAS I can copy a single user from 6542 to 715 and convert to using external authentication but I can?t do more than one at a time. Is there any way to copy more than one user and convert to external authentication.

Vince
Don't feel you need to jump all at once - quite the contrary. Convert a few images to DNG as tests, work them through all the things you'd ever need to do, view them in all the programs you ever use, and check the metadata and the appearance in all those environments. Then you can answer the question for yourself.
(When I decided to move over to DNG, it was after 2 weeks of putting all new shots through a DNG workflow. It wouldn't have been too much work to redo.)
I'd archive the NEFs. You may never need them again, but space is cheap and you never know when you might want to test a program that won't read DNGs.
John

Error while Configuring AD external authentication plug in

Hi
While configuring Active directory external authentication plug I am getting following error
OID Active Directory Plug-in Configuration
Please make sure Database and OID are up and running.
Please enter Active Directory host name: clmad101.ad.company.com
Do you want to use SSL to connect to Active Directory? (y/n) n
Please enter Active Directory port number [389]: 389
Please enter DB connect string:SQLPLUS sys/manager1 @infradb.ad.company-.com @md61nthiims1.ad.company.com:1521
Please enter ODS password:
Please enter confirmed ODS password:
Please enter OID host name: md61nthiims1.ad.company.com
Please enter OID port number [389]: 389
Please enter orcladmin password:
Please enter confirmed orcladmin password:
Please enter the subscriber common user search base [orclcommonusersearchbase]:
CN=Users,dc=ad,dc=company,dc=com
Please enter the Plug-in Request Group DN:
Please enter the exception entry property [(!(objectclass=orcladuser))]: (|(!obj
ectclass=orcladuser))(cn=orcladmin))
Do you want to setup the backup Active Directory for failover? (y/n) n
Installing Plug-in Packages ...
Usage: SQLPLUS [ [<option>] [<logon>] [<start>] ]
where <option> ::= -H | -V | [ [-C <v>] [-L] [-M <o>] [-R <n>] [-S] ]
<logon> ::= <username>[<password>][@<connect_identifier>] | / | /NOLOG
<start> ::= @<URL>|<filename>[.<ext>] [<parameter> ...]
"-H" displays the SQL*Plus version banner and usage syntax
"-V" displays the SQL*Plus version banner
"-C" sets SQL*Plus compatibility version <v>
"-L" attempts log on just once
"-M <o>" uses HTML markup options <o>
"-R <n>" uses restricted mode <n>
"-S" uses silent mode
Usage: SQLPLUS [ [<option>] [<logon>] [<start>] ]
where <option> ::= -H | -V | [ [-C <v>] [-L] [-M <o>] [-R <n>] [-S] ]
<logon> ::= <username>[<password>][@<connect_identifier>] | / | /NOLOG
<start> ::= @<URL>|<filename>[.<ext>] [<parameter> ...]
"-H" displays the SQL*Plus version banner and usage syntax
"-V" displays the SQL*Plus version banner
"-C" sets SQL*Plus compatibility version <v>
"-L" attempts log on just once
"-M <o>" uses HTML markup options <o>
"-R <n>" uses restricted mode <n>
"-S" uses silent mode
Usage: SQLPLUS [ [<option>] [<logon>] [<start>] ]
where <option> ::= -H | -V | [ [-C <v>] [-L] [-M <o>] [-R <n>] [-S] ]
<logon> ::= <username>[<password>][@<connect_identifier>] | / | /NOLOG
<start> ::= @<URL>|<filename>[.<ext>] [<parameter> ...]
"-H" displays the SQL*Plus version banner and usage syntax
"-V" displays the SQL*Plus version banner
"-C" sets SQL*Plus compatibility version <v>
"-L" attempts log on just once
"-M <o>" uses HTML markup options <o>
"-R <n>" uses restricted mode <n>
"-S" uses silent mode
Registering Plug-ins ...
adding new entry cn=adwhencompare,cn=plugin,cn=subconfigsubentry
adding new entry cn=adwhenbind,cn=plugin,cn=subconfigsubentry
Done.
Is there anythign wrong in the DB connect string??
Thanks

Did you check the debug information from the external auth plugin.?
This is mentioned in metalink note https://metalink.oracle.com/metalink/plsql/showdoc?db=NOT&id=277382.1
here an excerpt:
D) Enabled plug in debugging at the database level. Reference documentation: Oracle Internet Directory Administrator's Guide 10g (9.0.4) Chapter 43 Integration with the Microsoft Windows Environment - Troubleshooting Integration with Microsoft Windows Under section "Debugging the Microsoft Active Directory External Authentication Plug-in"
...enable the plug-in debugging. To do this, enter:
> sqlplus ods/odspassword @$ORACLE_HOME/ldap/admin/oidspdon.pls
To check the plug-in debugging log, enter:
> sqlplus system/manager
SQL> select * from ods.plg_debug_log order by id;
(To delete the plug-in debugging log:
> sqlplus system/manager
SQL> truncate table ods.plg_debug_log
To disable the plug-in debugging:
> sqlplus ods/ods @$ORACLE_HOME/ldap/admin/oidspdof.pls
E) Dump the plug-in profile to make sure it is enabled and configured correctly:
> ldapsearch -h <OID host> -p <OID port> -D "cn=orcladmin" -w <orcladmin password> -b "cn=plugin,cn=subconfigsubentry" -L -s sub "(objectclass=*)" "*"
please take also a look into the DIPTESTER tool available in
http://www.oracle.com/technology/sample_code/products/oid/java_diptester.tar
regards
--Olaf

Plug-in Request Group field into the external authentication plug-in

Hi all,
I'd like to know if anyone has already tried to filter who can have the permission to call the external authentication plug-in setting it into Plug-in Request Group field.
I've made some tests adding some users into groups OracleDASAdminGroup, OracleUserSecurityAdmins and groups that I've created under my DC settings. Unfortunatly, I've had no success.
Is possible to do this?
Thank you.
Message was edited by:
user571491

Hi all,
I'd like to know if anyone has already tried to filter who can have the permission to call the external authentication plug-in setting it into Plug-in Request Group field.
I've made some tests adding some users into groups OracleDASAdminGroup, OracleUserSecurityAdmins and groups that I've created under my DC settings. Unfortunatly, I've had no success.
Is possible to do this?
Thank you.
Message was edited by:
user571491

External Authentication on Windows

Guys, this is driving me crazy.
I had an external user configured on my Oracle 9.2.0.5 database on a Windows 2003 Server.
It was working, I use it to make dump backups.
Now, without any change on any oracle param or bounce it just stoped working.
I have two instances, for one it's working, for the other it's not.
Both instances are on the same server (so I'm using the same sqlnet.ora file with NTS authentication).
Today I removed and recreate the user on both instances, but I keep getting the same problem.
create user "OPS$DOMAIN\ORABACKUP" identified externally
default tablespace users
temporary tablespace temp
The parameters are the same on both instances:
os_authent_prefix string OPS$
os_roles boolean FALSE
remote_login_passwordfile string EXCLUSIVE
remote_os_authent boolean FALSE
remote_os_roles boolean FALSE
Do you have any ideas of why this could happen??
Is there another parameter related to external authentication that I don't know?
Thanks!

Was there ever an answer on this, having problems with setup using same versions

External authentication on Essbase 9.3.1

Similar Messages

Maybe you are looking for