OBIEE 11g Configuring LDAP Server

Step 1:

Login to Weblogic server admin console and navigate to Secutrity Realm

Note: In URL we should enter: localhost:7001/console

Step 2 :

Click on lock and edit and Go to the provider tab then add a new provider,which in this case is an Open Ldap
Directory.
d

Step 3:
Name the LDAP provider as PRODAuthenticator and select the type of authenticator as open
LDAP Authenticator and click ok

Step 4:
This authenticator now appears in the list of WLS authenticator as shown below.This must be
reordered to be the first Authenticator .

Step 5:

An important step here.Mark control flags as SUFFICIENT.This step is not be missed else the
administrator will be locked out of Weblogic server.Do the same for the other Authenticator(i.e.,mark
control flag as Sufficient )Default Authenticator (Weblogic Authentication Provider)
Step 6:

Next in the 'Provider Specific' Tab the LDAP specific configuration will be applied .
Enter the host,port,principal user of LDAP),Password to connect to LDAP,User Base DN(Distinguished
Name),Group Base DN etc.
Step 7:
Say ok to save and click on release configuration .Then Reboot the whole BI System(Stop BI Services
Start Bi Services) from Start menu.
Go to identity store click configure as shown below.
Step 7:
After finishing above steps save it and restart all BI Services then login weblogic console then
check it whether the PRODAuthenticator
is integrated or not.below screen we can find the provider type as PRODAuthenticator and
Defaultauthenticator .
Step 8 :
Now go to security realm roles and policies roles
Go to the global roles in that Admin role and view the conditions.
As shown in the below screenshot.Go to the below weblogic console then set global admin role to the
obieeldap user
Step 9:

Select view role condition and add condition then select user then add it our obieeldapuser
Step 10:
Restart weblogic server and login in Enterprise Manager

Step 11:

Login to Enterprise Manager and navigate to bifoundation credentials

Step 12:

In the edit application role screen ,scroll down to the users section and click on the button
marke add user. An add user dialog will appear.Either type system user username into the user
name box or for a full list of users,leave it blank
Step 13:
Screen and select the configure button to bring up the identity store configuration screen.Click
on the green + icon to add the new properties to the identity store and as stated above, two new
properties need to be added,user.login and username.attr,both set to the value of the alternate user
name attribute