LDAP In OBIEE 11g

Similar Messages

• Configration of LDAP in OBIEE 11g

  Hi All,
  Client has asked me to de the LDAP configuration. I will be doing first time. I have gone through the different posts the information is enough to do the same.
  But i have one question on this. It might be funny for all of you :-) but it keep meaning for me.
  There are few parameter need to be passed while configuration.
  Base DN: Generally we give the value like. (CN=Users,DC=venkatad,DC=venkatlap,DC=com) , My question here is: The value for CN and DC will be provided from the client(or any specific value) or we can put any thing.
  Bind DN: (CN=Administrator,CN=Users,DC=venkatad,DC=venkatlap,DC=com) here also my questing is same.
  Bind password: is it generic? or any LDAP server releted?
  port: 389 (Default LDAP port without SSL) 389 is the default, without SSL. So here my question is: If there is SSL then what would be the value for Port no.
  And lastly could you please let me know what are the different parameters i need to ask from the client for LDAP authentication configuration.
  Regards
  Niraj

  Hi,
  Refer the below
  Reuired info from LDAP team:
  1) LDAP server Host name and Platform(OS Type)
  2) LDAP Server IP
  3) LDAP Server Port no
  4) User Path structure (Object )
  ex.: like user and group(object of the user and group canonical name) path structure (Path : Functional user ID)
  my group info got it from LDAP team
  GROUP:
  CN=deva,OU=SG,OU=OBIEE,OU=Groups,DC=reg9,DC=Hex1,DC=OPM,DC=com
  5) Group Path Structure (Object)
  like e.x: (Path : Functional usergroup)
  6) Access required for our functional ID: deva
  1) ldifd.tex files ---> permission required for our functional IDdeva
  2) Windows Active Directory access required for our functional ID(deva)
  3) Access requred for functional id user (deva) to properties of the user in AD
  for more refer my blog:
  http://obieeelegant.blogspot.com/2012/01/obiee-11g-integration-with-ldap.html
  Thanks
  Deva
  Edited by: Devarasu on Mar 30, 2012 10:30 AM

• Integrating Active Directory LDAP in OBIEE 11g

  Hi All,
  I Have Configured Active Directory LDAP in OBIEE.
  Steps i have Followed are,
  1) configured Active Directory in providers under Scurity Releam.
  2) Restarted BI Services to Load the Ldap Users.
  3) login to the EM under bifoundation domain selected securitues->security configuration provider.created user.login.attr and username.attr.
  4) under Credentials->oracle.bi.system map->system.user->deleted BISystemUser and Created key with the Existing name in Active Directory.
  5) assigned System user to BISystem role in em.
  6) in Console Roles and Polocies->Global Roles->Roles->Admin->view Role Condition (User = Active Directory User or Group=Administrators).
  7) Restarted BI Server and Presentation Services.
  Now I am Unable to Login to Presentation Services.
  Please Reply ASAP.
  Thanks and Regards
  Kiran Kumar

  Kiran, Is there a specific reason for using RPD for LDAP authentication? From 11g onwards, the best practice is to use Weblogic (or external Authentication providers). Is it correct to say that for "Authentication' without proper RPD LDAP config for "USER" variable, users cannot login via presentation layer?
  Cheers!
  BK

• Restricting  access to some of the LDAP users in obiee 11g.

  Hi Experts,
  I have successfully integrated LDAP with OBIEE 11g and user's are Authenticated to login to obiee using their LDAP credentials.
  But the case is All the employees in the company who have ldap are able to login(any way this is expected as we integrated ldap with OBIEE)
  Is there any way that we can restrict the access to users who don't need OBIEE. If so please suggest me the required steps.
  Edited by: MKC on Oct 5, 2012 7:43 AM

  Handle it in LDAP side, try to create a group in LDAP for BI users and use it in integration so that only this specific group uses sit in bi side.
  Pls mark if helps

• Users and Group in OBIEE 11g

  Hi,
  I am trying to bind LDAP with OBIEE 11G. I am using following Rittman Blog
  http://www.rittmanmead.com/2010/11/oracle-bi-ee-11g-security-integration-with-microsoft-active-directory/
  whenever i click USERs and GROUPs it takes a hell of time(more than 30 mins) to display users and groups, Please suggest if any thing can be done abou it
  All other tabs and setting are working fine.
  I did not find any thing in Adminserver.log
  Please suggest
  Regards
  Saurabh

  Hi Kishore,
  In 'All User Filter' field is left blank
  In 'User Name Attribute' I filled sAMAccountName.
  Also i check Adminserver-stdout log, the one which we create after we create windows services. There i can see following error
  Jan 18, 2012 6:00:16 PM GMT+05:30> <Error> <Console> <BEA-240003> <Console encountered the following error java.lang.RuntimeException: netscape.ldap.LDAPException: Server or network error (81); Cannot contact LDAP server     
  I guess its not able to connect LDAP server. But I checked all the attribues twice (on 10G LDAP configuration) they are working. I am not sure if there is problem in attributes or there is some setting I am not aware about.
  Please suggest!

• Security service error in OBIEE 11G LDAP configuration

  Hello
  I've recently set up some OBIEE 11G installations and they appear to work ok.
  I've more recently been using various guides on the internet to configure OBIEE 11G and Active Directory and can see the users and groups within Weblogic that belong the to the Provider that i've configured.
  However, when I attempt to start up OPMN, it always gives me the error like the following: 
  <Jun 24, 2013 1:45:38 PM NZST> <Warning> <oracle.jps.idmgmt> <BEA-000000> <Requested Object Class (user)not found in cache.
  oracle.security.idm.OperationFailureException: Requested Object Class (user)not found in cache.
  <Jun 24, 2013 1:52:20 PM NZST> <Error> <oracle.bi.security.service> <OBI-SEC-00004> <Unable to initialize oracle.bi.security.service.SecurityWebService>
  I initially had the User Object Class as User in the Provider configuration and noticed it wasn't in the LDAP directory so I tried changing it to a Object Class that did exist for one of the users but it made no difference.  It still says the same error message even though I have no reference to User in the configuration.
  Can anyone suggest something I might be doing wrong or missing?

  I have followed the same configuration. However i am getting the following error when i try to login
  Caused by: oracle.bi.security.service.SecurityServiceException: SecurityService::authenticateUserWithLanguage - '<LDAP user>' was authenticated but could not located within the Identity Store.
  I guess some configuration issue, but cannot be able to spot the error. Please let me know your idea
  Thanks

• LDAP configuration error for SampleLiteApp in OBIEE 11g

  Hi Experts,
  I am trying to configure the LDAP for "SampleAppLite" application which comes with OBIEE 11g default installation in OBIEE11g. I followed the following steps in the oracle document,
  http://download.oracle.com/docs/cd/E14571_01/bi.1111/e10543/privileges.htm#BABCDCFE
  Unfortunately i am getting the following exception when i start my OBIEE server, not only that after this also i am getting same error when i try to login using the any of the user (User is LDAP).
  (initially MyBISystemUser as <user_id> )
  ++java.security.PrivilegedActionException: oracle.bi.security.service.SecurityServiceException: SecurityService::authenticateUserWithLanguage - '<user_id>' was authenticated but could not located within the Identity Store.++
  ++at oracle.bi.security.service.SecurityWebService.authenticateWithLanguage(SecurityWebService.java:185)++
  ++at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)++
  ++at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)++
  ++at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)++
  ++at java.lang.reflect.Method.invoke(Method.java:597)++
  ++at weblogic.wsee.jaxws.WLSInstanceResolver$WLSInvoker.invoke(WLSInstanceResolver.java:92)++
  ++at weblogic.wsee.jaxws.WLSInstanceResolver$WLSInvoker.invoke(WLSInstanceResolver.java:74)++
  ++at com.sun.xml.ws.server.InvokerTube$2.invoke(InvokerTube.java:151)++
  ++at com.sun.xml.ws.server.sei.EndpointMethodHandlerImpl.invoke(EndpointMethodHandlerImpl.java:265)++
  ++at com.sun.xml.ws.server.sei.SEIInvokerTube.processRequest(SEIInvokerTube.java:100)++
  ++at weblogic.wsee.jaxws.tubeline.FlowControlTube$FlowControlAwareTube.processRequest(FlowControlTube.java:155)++
  ++at weblogic.wsee.jaxws.tubeline.FlowControlTube$1.run(FlowControlTube.java:94)++
  ++at weblogic.wsee.jaxws.tubeline.FlowControlTube$1.run(FlowControlTube.java:92)++
  ++at javax.security.auth.Subject.doAs(Subject.java:337)++
  ++at weblogic.wsee.jaxws.tubeline.FlowControlTube.processRequest(FlowControlTube.java:91)++
  ++at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:604)++
  ++at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:563)++
  ++at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:548)++
  ++at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:445)++
  ++at com.sun.xml.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:373)++
  ++at com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:524)++
  ++at com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:255)++
  ++at com.sun.xml.ws.transport.http.servlet.ServletAdapter.handle(ServletAdapter.java:141)++
  ++at weblogic.wsee.jaxws.WLSServletAdapter.handle(WLSServletAdapter.java:210)++
  ++at weblogic.wsee.jaxws.HttpServletAdapter$AuthorizedInvoke.run(HttpServletAdapter.java:311)++
  am i missing any configuration? Or is it a bug in oracle OBIEE 11g? Can anyone guide me to resolve this issue.
  Much appreciate your answer

  Though this is little late for you but may help others.
  Check default authenticator and ensure that control flag is NOT set to REQUIRED
  Check here http://onlineappsdba.com/index.php/2011/06/21/unable-to-login-to-obiee-anylytics-after-oid-integration-user-was-authenticated-but-could-not-be-located-within-the-identity-store/

• How to allow user chaning his password in OBIEE 11g weblogic custom LDAP?

  Hi,
  How to allow user chaning his password in OBIEE 11g weblogic custom LDAP?
  I need to give user an option to do so, without the intervention of any Administrator. I also do not want to make user a Administrator else he will be able to login in weblogic and can do any damages unknowingly.....
  Regards,
  Rahul

  Hi,
  Replace the line in the instantconfig.xml
  <WebMessage name=”kmsgChangePasswordLink”><!–<HTML><sawm:messageRef name=”kmsgUIChangePassword”/></HTML>–></WebMessage>
  with
  <WebMessage name=”kmsgChangePasswordLink”><HTML><sawm:messageRef name=”kmsgUIChangePassword”/></HTML></WebMessage>

• Multiple LDAP Servers in Fusion Middleware (OBIEE 11g)

  Hello,
  I have a question, regarding integration of multiple LDAP servers with single Weblogic Server of Fusion Middleware (OBIEE 11g). We are currently using OBIEE 10g. We are on verge of migrating to 11g. However, I have a question regarding the LDAP server.
  Our two applications run on two distinct LDAP servers. The plan is to provide a single sign on link for OBIEE 11g reports to the end users and depending on what application they are using, they must be authenticated against the respective LDAP server.
  So, my question, is it possible to Integrate two different LDAP servers in the Weblogic of Fusion Middleware (OBIEE 11g). If so, what would be the steps. Any helpful document will also be appreciated.
  Thank you,
  Chandu.

  Yes, you can configure multiple authentication providers one by one as you generally do.
  When you configure multiple Authentication providers, use the JAAS Control Flag for each provider to control how the Authentication providers are used in the login sequence. You can set the JAAS Control Flag in the WebLogic Administration Console.
  REQUIRED—The Authentication provider is always called, and the user must always pass its authentication test. If authentication succeeds or fails, authentication still continues down the list of providers.
  REQUISITE—The user is required to pass the authentication test of the Authentication provider. If the user passes the authentication test of this Authentication provider, subsequent providers are executed but can fail (except for Authentication providers with the JAAS Control Flag set to REQUIRED).
  SUFFICIENT—The user is not required to pass the authentication test of the Authentication provider. If authentication succeeds, no subsequent Authentication providers are executed. If authentication fails, authentication continues down the list of providers.
  OPTIONAL—The user is allowed to pass or fail the authentication test of this Authentication provider. However, if all Authentication providers configured in a security realm have the JAAS Control Flag set to OPTIONAL, the user must pass the authentication test of one of the configured providers.
  refer - http://docs.oracle.com/cd/E13222_01/wls/docs92/secmanage/atn.html
  Regards
  Mukesh Negi
  http://weblogicserveradministration.blogspot.in/

• OBIEE 11G 64-Bit Windows LDAP Admin Server Startup Issue

  All,
  I have OBIEE 11G installed on 64-bit Windows, and can see all my LDAP users inside Admin Console just fine. When I reorder my LDAP above the DefaultAuthenticator, and make them both 'SUFFICIENT', my Admin Server no longer starts. It hangs on a line in the AdminServer.log that roughly says '<Security initializing using security realm myrealm.>'. Has anyone ran into this? If so, how do you get the Admin Server to start with a non default LDAP authenticator? I've tried re-ordering numerous ways with the DefaultIdentityAsserter in the middle and at the bottom; I've also tried switching the Control Flags on both with REQUIRED and OPTIONAL, all to no avail. Finally, I tried deleting out the DefaultAuthenticator all together, and it still won't start. At this point, I'm assuming this is another 64-bit issue that was not tested properly. Any thoughts/help will be greatly appreciated.
  Thanks in Advance,
  Josh

  Paul,
  Unfortunately that made no difference. I have pasted in the startup log below. Perhaps someone has some insight into what's happening?
  ####<Apr 12, 2011 8:58:31 AM EDT> <Info> <WebLogicServer> <HQ200-HYPPROD03> <> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1302613111266> <BEA-000000> <WebLogic Server "AdminServer" version:
  WebLogic Server 10.3.3.0 Fri Apr 9 00:05:28 PDT 2010 1321401 Copyright (c) 1995, 2009, Oracle and/or its affiliates. All rights reserved.>
  ####<Apr 12, 2011 8:58:31 AM EDT> <Notice> <Log Management> <HQ200-HYPPROD03> <> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1302613111344> <BEA-170019> <The server log file D:\Oracle\Middleware\user_projects\domains\bifoundation_domain\servers\AdminServer\logs\AdminServer.log is opened. All server side log events will be written to this file.>
  ####<Apr 12, 2011 8:58:31 AM EDT> <Info> <Log Management> <HQ200-HYPPROD03> <> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1302613111360> <BEA-170023> <The Server Logging is initialized with Java Logging API implementation.>
  ####<Apr 12, 2011 8:58:31 AM EDT> <Info> <Diagnostics> <HQ200-HYPPROD03> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1302613111438> <BEA-320001> <The ServerDebug service initialized successfully.>
  ####<Apr 12, 2011 8:58:31 AM EDT> <Info> <Server> <HQ200-HYPPROD03> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1302613111594> <BEA-002622> <The protocol "t3" is now configured.>
  ####<Apr 12, 2011 8:58:31 AM EDT> <Info> <Server> <HQ200-HYPPROD03> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1302613111594> <BEA-002622> <The protocol "t3s" is now configured.>
  ####<Apr 12, 2011 8:58:31 AM EDT> <Info> <Server> <HQ200-HYPPROD03> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1302613111594> <BEA-002622> <The protocol "http" is now configured.>
  ####<Apr 12, 2011 8:58:31 AM EDT> <Info> <Server> <HQ200-HYPPROD03> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1302613111594> <BEA-002622> <The protocol "https" is now configured.>
  ####<Apr 12, 2011 8:58:31 AM EDT> <Info> <Server> <HQ200-HYPPROD03> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1302613111594> <BEA-002622> <The protocol "iiop" is now configured.>
  ####<Apr 12, 2011 8:58:31 AM EDT> <Info> <Server> <HQ200-HYPPROD03> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1302613111610> <BEA-002622> <The protocol "iiops" is now configured.>
  ####<Apr 12, 2011 8:58:31 AM EDT> <Info> <Server> <HQ200-HYPPROD03> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1302613111610> <BEA-002622> <The protocol "ldap" is now configured.>
  ####<Apr 12, 2011 8:58:31 AM EDT> <Info> <Server> <HQ200-HYPPROD03> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1302613111610> <BEA-002622> <The protocol "ldaps" is now configured.>
  ####<Apr 12, 2011 8:58:31 AM EDT> <Info> <Server> <HQ200-HYPPROD03> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1302613111610> <BEA-002622> <The protocol "cluster" is now configured.>
  ####<Apr 12, 2011 8:58:31 AM EDT> <Info> <Server> <HQ200-HYPPROD03> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1302613111610> <BEA-002622> <The protocol "clusters" is now configured.>
  ####<Apr 12, 2011 8:58:31 AM EDT> <Info> <Server> <HQ200-HYPPROD03> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1302613111610> <BEA-002622> <The protocol "snmp" is now configured.>
  ####<Apr 12, 2011 8:58:31 AM EDT> <Info> <Server> <HQ200-HYPPROD03> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1302613111610> <BEA-002622> <The protocol "admin" is now configured.>
  ####<Apr 12, 2011 8:58:31 AM EDT> <Info> <Server> <HQ200-HYPPROD03> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1302613111610> <BEA-002624> <The administration protocol is "t3s" and is now configured.>
  ####<Apr 12, 2011 8:58:31 AM EDT> <Info> <RJVM> <HQ200-HYPPROD03> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1302613111657> <BEA-000570> <Network Configuration for Channel "AdminServer"
  Listen Address          :7002
  Public Address          N/A
  Http Enabled          true
  Tunneling Enabled     false
  Outbound Enabled     false
  Admin Traffic Enabled     true>
  ####<Apr 12, 2011 8:58:31 AM EDT> <Info> <Server> <HQ200-HYPPROD03> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1302613111688> <BEA-002609> <Channel Service initialized.>
  ####<Apr 12, 2011 8:58:31 AM EDT> <Info> <Socket> <HQ200-HYPPROD03> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1302613111719> <BEA-000406> <NTSocketMuxer was built on Jan 24 2006 20:40:35
  >
  ####<Apr 12, 2011 8:58:31 AM EDT> <Info> <Socket> <HQ200-HYPPROD03> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1302613111751> <BEA-000436> <Allocating 3 reader threads.>
  ####<Apr 12, 2011 8:58:31 AM EDT> <Info> <Socket> <HQ200-HYPPROD03> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1302613111751> <BEA-000446> <Native IO Enabled.>
  ####<Apr 12, 2011 8:58:31 AM EDT> <Info> <IIOP> <HQ200-HYPPROD03> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1302613111907> <BEA-002014> <IIOP subsystem enabled.>
  ####<Apr 12, 2011 8:58:35 AM EDT> <Info> <Security> <HQ200-HYPPROD03> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1302613115079> <BEA-090894> <Successfully loaded the OPSS Policy Provider using oracle.security.jps.internal.policystore.JavaPolicyProvider.>
  ####<Apr 12, 2011 8:58:35 AM EDT> <Info> <Security> <HQ200-HYPPROD03> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1302613115704> <BEA-000000> <Starting OpenJPA 1.1.1-SNAPSHOT>
  ####<Apr 12, 2011 8:58:35 AM EDT> <Info> <Security> <HQ200-HYPPROD03> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1302613115797> <BEA-000000> <StoreServiceImpl.initJDO - StoreService is initialized with Id = ldap_m7FMisDU3HeeJX/MUK4nqmEiSqI=>
  ####<Apr 12, 2011 8:58:36 AM EDT> <Info> <Security> <HQ200-HYPPROD03> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1302613116266> <BEA-090516> <The Authenticator provider has preexisting LDAP data.>
  ####<Apr 12, 2011 8:58:36 AM EDT> <Info> <Security> <HQ200-HYPPROD03> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1302613116594> <BEA-090516> <The Authorizer provider has preexisting LDAP data.>
  ####<Apr 12, 2011 8:58:36 AM EDT> <Info> <Security> <HQ200-HYPPROD03> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1302613116704> <BEA-000000> <Parsing class "com.bea.common.security.store.data.Top".>
  ####<Apr 12, 2011 8:58:36 AM EDT> <Info> <Security> <HQ200-HYPPROD03> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1302613116735> <BEA-000000> <Parsing class "com.bea.common.security.store.data.DomainRealmScope".>
  ####<Apr 12, 2011 8:58:36 AM EDT> <Info> <Security> <HQ200-HYPPROD03> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1302613116735> <BEA-000000> <Parsing class "com.bea.common.security.store.data.RegistryScope".>
  ####<Apr 12, 2011 8:58:36 AM EDT> <Info> <Security> <HQ200-HYPPROD03> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1302613116735> <BEA-000000> <Parsing class "com.bea.common.security.store.data.PKITypeScope".>
  ####<Apr 12, 2011 8:58:36 AM EDT> <Info> <Security> <HQ200-HYPPROD03> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1302613116735> <BEA-000000> <Parsing class "com.bea.common.security.store.data.XACMLTypeScope".>
  ####<Apr 12, 2011 8:58:36 AM EDT> <Info> <Security> <HQ200-HYPPROD03> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1302613116735> <BEA-000000> <Parsing class "com.bea.common.security.store.data.BEASAMLPartner".>
  ####<Apr 12, 2011 8:58:36 AM EDT> <Info> <Security> <HQ200-HYPPROD03> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1302613116735> <BEA-000000> <Parsing class "com.bea.common.security.store.data.Credential".>
  ####<Apr 12, 2011 8:58:36 AM EDT> <Info> <Security> <HQ200-HYPPROD03> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1302613116751> <BEA-000000> <Parsing class "com.bea.common.security.store.data.CredentialMap".>
  ####<Apr 12, 2011 8:58:36 AM EDT> <Info> <Security> <HQ200-HYPPROD03> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1302613116751> <BEA-000000> <Parsing class "com.bea.common.security.store.data.XACMLEntry".>
  ####<Apr 12, 2011 8:58:36 AM EDT> <Info> <Security> <HQ200-HYPPROD03> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1302613116751> <BEA-000000> <Parsing class "com.bea.common.security.store.data.BEASAMLAssertingParty".>
  ####<Apr 12, 2011 8:58:36 AM EDT> <Info> <Security> <HQ200-HYPPROD03> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1302613116766> <BEA-000000> <Parsing class "com.bea.common.security.store.data.BEASAMLRelyingParty".>
  ####<Apr 12, 2011 8:58:36 AM EDT> <Info> <Security> <HQ200-HYPPROD03> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1302613116782> <BEA-000000> <Parsing class "com.bea.common.security.store.data.PasswordCredential".>
  ####<Apr 12, 2011 8:58:36 AM EDT> <Info> <Security> <HQ200-HYPPROD03> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1302613116782> <BEA-000000> <Parsing class "com.bea.common.security.store.data.UserPasswordCredential".>
  ####<Apr 12, 2011 8:58:36 AM EDT> <Info> <Security> <HQ200-HYPPROD03> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1302613116782> <BEA-000000> <Parsing class "com.bea.common.security.store.data.PasswordCredentialMap".>
  ####<Apr 12, 2011 8:58:36 AM EDT> <Info> <Security> <HQ200-HYPPROD03> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1302613116797> <BEA-000000> <Parsing class "com.bea.common.security.store.data.ResourceMap".>
  ####<Apr 12, 2011 8:58:36 AM EDT> <Info> <Security> <HQ200-HYPPROD03> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1302613116797> <BEA-000000> <Parsing class "com.bea.common.security.store.data.PKIResourceMap".>
  ####<Apr 12, 2011 8:58:36 AM EDT> <Info> <Security> <HQ200-HYPPROD03> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1302613116797> <BEA-000000> <Parsing class "com.bea.common.security.store.data.WLSCertRegEntry".>
  ####<Apr 12, 2011 8:58:36 AM EDT> <Info> <Security> <HQ200-HYPPROD03> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1302613116813> <BEA-000000> <Parsing class "com.bea.common.security.store.data.WLSCredMapCollectionInfo".>
  ####<Apr 12, 2011 8:58:36 AM EDT> <Info> <Security> <HQ200-HYPPROD03> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1302613116813> <BEA-000000> <Parsing class "com.bea.common.security.store.data.WLSPolicyCollectionInfo".>
  ####<Apr 12, 2011 8:58:36 AM EDT> <Info> <Security> <HQ200-HYPPROD03> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1302613116813> <BEA-000000> <Parsing class "com.bea.common.security.store.data.WLSRoleCollectionInfo".>
  ####<Apr 12, 2011 8:58:36 AM EDT> <Info> <Security> <HQ200-HYPPROD03> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1302613116813> <BEA-000000> <Parsing class "com.bea.common.security.store.data.XACMLAuthorizationPolicy".>
  ####<Apr 12, 2011 8:58:36 AM EDT> <Info> <Security> <HQ200-HYPPROD03> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1302613116829> <BEA-000000> <Parsing class "com.bea.common.security.store.data.XACMLRoleAssignmentPolicy".>
  ####<Apr 12, 2011 8:58:36 AM EDT> <Info> <Security> <HQ200-HYPPROD03> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1302613116844> <BEA-000000> <Parsing class "com.bea.common.security.store.data.Endpoint".>
  ####<Apr 12, 2011 8:58:36 AM EDT> <Info> <Security> <HQ200-HYPPROD03> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1302613116844> <BEA-000000> <Parsing class "com.bea.common.security.store.data.Partner".>
  ####<Apr 12, 2011 8:58:36 AM EDT> <Info> <Security> <HQ200-HYPPROD03> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1302613116860> <BEA-000000> <Parsing class "com.bea.common.security.store.data.SPPartner".>
  ####<Apr 12, 2011 8:58:36 AM EDT> <Info> <Security> <HQ200-HYPPROD03> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1302613116876> <BEA-000000> <Parsing class "com.bea.common.security.store.data.IdPPartner".>
  ####<Apr 12, 2011 8:58:36 AM EDT> <Info> <Security> <HQ200-HYPPROD03> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1302613116907> <BEA-000000> <Parsing class "com.bea.common.security.store.data.SAML2CacheEntry".>
  ####<Apr 12, 2011 8:58:36 AM EDT> <Info> <Security> <HQ200-HYPPROD03> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1302613116922> <BEA-000000> <Parsing class "com.bea.common.security.store.data.SchemaVersion".>
  ####<Apr 12, 2011 8:58:37 AM EDT> <Info> <Security> <HQ200-HYPPROD03> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1302613117516> <BEA-090516> <The CredentialMapper provider has preexisting LDAP data.>
  ####<Apr 12, 2011 8:58:37 AM EDT> <Info> <Security> <HQ200-HYPPROD03> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1302613117532> <BEA-090516> <The RoleMapper provider has preexisting LDAP data.>
  ####<Apr 12, 2011 8:58:37 AM EDT> <Info> <Security> <HQ200-HYPPROD03> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1302613117766> <BEA-090093> <No pre-WLS 8.1 Keystore providers are configured for server AdminServer for security realm myrealm.>
  ####<Apr 12, 2011 8:58:37 AM EDT> <Notice> <Security> <HQ200-HYPPROD03> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1302613117766> <BEA-090082> <Security initializing using security realm myrealm.>
  Thanks,
  Josh

• Not able to import the data in OBIEE 11g

  Hi Gurus,
  I had just build a new development instance from scratch.
  Q1) I am getting database connnection error on the Dashboard and when i tried to update row count from physical layer it also throws me an error, as i test i tried to import but i also got an error " The connection has failed", i am able to connect thru SQL Developer. Where does OBIEE 11g look for the tnsnames.ora file.
  Q2.) Where and what setting do i need to so that i can add the users in the application roles by searching them in the EM, means the LDAP users. I had gone thru most of the stuff in the web but could not get thru.
  Regards,
  Amit

  Ans 1. This is one of the most commonly asked questions on the Forum. I hope you'd search through available posts on the Forum before creating a new discussion. In any case, this might help: http://123obi.com/2011/03/error-the-connection-has-failed-in-obiee-11g/
  Ans 2. Have you set up the integration with the LDAP provider or are you looking for help with that too? These should help:
  http://docs.oracle.com/cd/E21764_01/bi.1111/e10543/privileges.htm
  http://www.rittmanmead.com/2012/03/obiee-11g-security-week-understanding-obiee-11g-security-application-roles-and-applic…
  http://www.rittmanmead.com/2012/03/obiee-11g-security-week-managing-application-roles-and-policies-and-managing-security…

• OBIEE 11g - Integrating via external corporate website to OBIEE

  Hi all -
  Unusual challenge, our we offer a hosted application (SaaS) where our users are authenticated on our application. Recently, we've invested in OBIEE 11g and have successfully deployed recommended Oracle Enterprise Deployment. We have a custom security solution (user permissions in Oracle tables, not LDAP), and have not implemented Oracle Identity Mgmt and don't plan to.
  We would like to use GoURL / Action Framework to access Report content, dashboard content, content as port lets embedded in an app dashboard to an iFrame.
  My Question: can we configure OBIEE to accept just "username" without password in a trusted login scenario? we are trying not to expose password in URL (encrypted or clear text).
  We done an exhaustive search to review GoUrl, web service / soap calls, reviewing impersonator passcode techniques (everyone having same pad in initialization block), etc.
  Thank you in advance for your most needed responses,

  There is a good post that lead me on the way to solving this problem here:
  http://obiee101.blogspot.com/2010/07/obiee-remove-whole-portalbanner.html
  The code he posts won't work for 11g, but it's close.
  Paste this code into a text box on each page of your dashboard, make sure you check the box that says "contains HTML"
  <script type="text/javascript">
  var tds = document.getElementsByTagName('table');
  for (var td = 0; td < tds.length; td++) {
  if (tds[td].className != 'HeaderTopBar' && tds[td].className != 'HeaderSecondBar' ) {
  continue;
  if (tds[td].className == 'HeaderTopBar') {
  //alert (tds[td].className);
  var x = tds[td].parentNode;
  //alert (x.className);
  x.removeChild(tds[td]);}
  if (tds[td].className == 'HeaderSecondBar') {
  //alert (tds[td].className);
  var x = tds[td].parentNode;
  //alert (x.className);
  x.removeChild(tds[td]);}
  </script>

• Is there a way to deny access to BI Publisher -Report job in OBIEE 11g?

  Thank you all for the helpful information in the posts. I am trying to disable or not to display Report job under published reporting in OBIEE 11g. Could any one of you you please help me with the steps?
  My issue:
  I am pretty new to OBIEE and we are using OBIEE 11g when the user clicks on the new drop down, i am trying to disable or turnoff Report job under published reporting for a user group. I tried to find the relevant components for published reporting to deny access to report job under manage privileges but no luck i couldn't find any and i realized that i should be looking into Manage Bi publisher roles and responsibilities but i cannot remove the roles. Please help me with the steps and the options where i need to go and what i should do to not to display the report job. Your help is greatly appreciated, if i am not clear please let me know i will try to rephrase or explain it better
  FYI
  We are using LDAP for user creation and we have created a new group and created a test user belongs to that group and that user should not see the Report job. When i am seeing the users roles and responsibilities it is also showing me other two roles authenticated user role and BI consumer role for the test user, when i asked the admin guy dealing with LDAP he said he only associated the user with that only new group. Please advice
  Thanks,
  Ravi
  Edited by: user1146711 on Aug 18, 2011 2:00 PM
  Edited by: user1146711 on Aug 18, 2011 2:02 PM
  Edited by: user1146711 on Aug 18, 2011 2:03 PM

  In EM, go to Weblogic Domain, right click on bifoundation_domain and on the Security menu choose Application Policies.
  Set Application Stripe to obi and click the blue arrow search button.
  Highlight BIConsumer and click Edit.
  Under Permissions locate Resource Name oracle.bi.publisher.scheduleReport. Highlight this and click Delete...
  Click OK (top right corner).
  Now log your user out of OBIEE and back in again, and the option should have disappeared from their New menu.

• Security question in obiee 11g

  Hi,
  I have a question on security configuration on what we have in 10 and deploying to 11g.
  Q1. how deploy external database security(users, groups) to OBIEE 11g.
  we used external database security in 10g. all the users and groups maintained in database and obiee rpd has security groups. repository has group information only so it is deployed groups information to obiee 11g by upgrade assistant but how can it deploy users in external database?
  Q2. all the users and roles in LDAP server. in this case how obiee 11g read users and group information?
  Thanks
  Jay.

  Q1. how deploy external database security(users, groups) to OBIEE 11g.
  we used external database security in 10g. all the users and groups maintained in database and obiee rpd has security groups. repository has group information only so it is deployed groups information to obiee 11g by upgrade assistant but how can it deploy users in external database?
  Solution:
  http://www.varanasisaichand.com/2011/09/external-table-authenticationorder-of.html
  http://www.rittmanmead.com/2012/03/obiee-11g-security-week-connecting-to-active-directory-and-obtaining-group-membership-from-database-tables/
  http://obieeblog.wordpress.com/2009/06/18/obiee-security-enforcement-%E2%80%93-external-database-table-authorization/
  Q2. all the users and roles in LDAP server. in this case how obiee 11g read users and group information?
  Obiee11g is intergated with weblogic fusion middleware (Console,EM). in that console have feature to enable mulitiple LDAP authentication
  while configuring AD via weblogic console we need to give the users and group info
  Solution refer:
  http://obieeelegant.blogspot.com/2012/01/obiee-11g-integration-with-ldap.html
  http://docs.oracle.com/cd/E23943_01/bi.1111/e10543/privileges.htm#BABCDCFE
  Thanks
  Deva

• OBIEE 11G: Issue with Agent

  Hello All,
  I am trying to make agent work in OBIEE 11G together with Active Directory settings but the agent are failling for some users. Some users are not able to send the ibots:
  We get the following message with Agent Failed:
  Agent ID: XXXXXXX
  No devices for user: XXXX
  Agent ID: XXXXXXXX
  No Content for user: XXXX
  Kindly note that I have already checked the My Account of these users and the email address is well present there.
  Can anyone help us investigate on this issue.
  Thanks and Regards

  Where do you have your LDAP configured
  Is it in RPD or in Weblogic?