Escolar Documentos
Profissional Documentos
Cultura Documentos
Page 1
www.peakindicators.com enquiries@peakindicators.com
TABLE OF CONTENTS 1. Authentication With Active Directory ............................................................................................................... 3 1.1 Overview ...................................................................................................................................................... 3 1.2 Set WebLogic LDAP to Sufficient ............................................................................................................... 4 1.3 Create New Identity Provider ....................................................................................................................... 6 1.4 Enable Virtualization ............................................................................................................................... 11 1.5 Tuning Active Directory for Large Organisations (Optional) ...................................................................... 13 1.6 Restart Oracle BI ......................................................................................................................................... 15
Page 2
www.peakindicators.com enquiries@peakindicators.com
Page 3
www.peakindicators.com enquiries@peakindicators.com
Page 4
www.peakindicators.com enquiries@peakindicators.com
Click on the Providers tab and then click on the Lock and Edit button:
Page 5
www.peakindicators.com enquiries@peakindicators.com
Set the following Name and Type before hitting the OK button: Name: ADAuthenticator Type: ActiveDirectoryAuthenticator
Page 6
www.peakindicators.com enquiries@peakindicators.com
You should see you new Identity Provider listed, click on the ADAuthenticator link to do some further configuration:
Set the Control Flag parameter to SUFFICIENT and then click the Save button
Page 7
www.peakindicators.com enquiries@peakindicators.com
Set the Active Directory configuration parameters as follows: Host: Port: Principle: [AD Server Hostname or IP address] [AD port e.g. 389] [DN for OBI service account, used for connecting to AD to authenticate] e.g. CN=BIAdmin, OU=Users, DC=mycompany, DC=com [password for OBI service account] [password OBI service account] [DN for the location of users within AD] e.g. OU=Users, DC=mycompany, DC=com
All Users Filter: (&(sAMAccountName=*)(objectclass=user)) User From Name Filter: (&(sAMAccountName=%u)(objectclass=user)) User Name Attribute: sAMAccountName Group Base DN: [DN for the location of groups within AD] OU=Groups, DC=mycompany, DC=com
Page 8
www.peakindicators.com enquiries@peakindicators.com
Return back to the Providers tab (by clicking the link at the top) and then click the Reorder button:
Page 9
www.peakindicators.com enquiries@peakindicators.com
Page 10
www.peakindicators.com enquiries@peakindicators.com
Expand WebLogic Domain, right-mouse click on bifoundation_domain and then choose the following menu option: Security > Security Provider Configuration
Page 11
www.peakindicators.com enquiries@peakindicators.com
Click the Add button to add the following 3 custom properties: user.login.attr username.attr virtualize sAMAccountName sAMAccountName true
Click the OK button at the top-right Observe the success message to confirm the parameters have been applied:
Page 12
www.peakindicators.com enquiries@peakindicators.com
Click the Lock and Edit button Go to the Provider Specific tab and change the following parameters: Use Token Groups For Group Membership Lookup: [Enable] Cache Size: 3200
Page 13
www.peakindicators.com enquiries@peakindicators.com
Click the Save button Now go to the Performance tab of your authenticator and set the parameters as follows: Max Group Hierarchies in Cache: Group Hierarchy Cache TTL: Enable SID to Group Lookup Caching: Max SID TO Group Lookups In Cache: 1000 600 [Enable] 5000
NOTE: You will need to restart, this will be done in the next section
Page 14
www.peakindicators.com enquiries@peakindicators.com
Page 15
www.peakindicators.com enquiries@peakindicators.com