3 Replies Latest reply: Dec 13, 2012 8:17 AM by 979530 RSS

    Multiple LDAP Servers in Fusion Middleware (OBIEE 11g)

    979530
      Hello,

      I have a question, regarding integration of multiple LDAP servers with single Weblogic Server of Fusion Middleware (OBIEE 11g). We are currently using OBIEE 10g. We are on verge of migrating to 11g. However, I have a question regarding the LDAP server.

      Our two applications run on two distinct LDAP servers. The plan is to provide a single sign on link for OBIEE 11g reports to the end users and depending on what application they are using, they must be authenticated against the respective LDAP server.

      So, my question, is it possible to Integrate two different LDAP servers in the Weblogic of Fusion Middleware (OBIEE 11g). If so, what would be the steps. Any helpful document will also be appreciated.

      Thank you,
      Chandu.
        • 1. Re: Multiple LDAP Servers in Fusion Middleware (OBIEE 11g)
          Jeets-Oracle
          Hello Chandu,

          Yes! you can add multiple ldap servers to singe weblogic instance, provided you have the proper control flag settings.

          As the authentication has to fail over to the other ldap server, control flag play vital role here.

          There are no specific steps in doing it, it is as simple as adding another ldap server(same steps which you used to add the first ldap server), and set the control flag.

          Support request would be help ful in this case.

          Hope this helps.

          Jeets.
          • 2. Re: Multiple LDAP Servers in Fusion Middleware (OBIEE 11g)
            746690
            Yes, you can configure multiple authentication providers one by one as you generally do.

            When you configure multiple Authentication providers, use the JAAS Control Flag for each provider to control how the Authentication providers are used in the login sequence. You can set the JAAS Control Flag in the WebLogic Administration Console.

            --------------------------------------------------------
            REQUIRED—The Authentication provider is always called, and the user must always pass its authentication test. If authentication succeeds or fails, authentication still continues down the list of providers.

            REQUISITE—The user is required to pass the authentication test of the Authentication provider. If the user passes the authentication test of this Authentication provider, subsequent providers are executed but can fail (except for Authentication providers with the JAAS Control Flag set to REQUIRED).

            SUFFICIENT—The user is not required to pass the authentication test of the Authentication provider. If authentication succeeds, no subsequent Authentication providers are executed. If authentication fails, authentication continues down the list of providers.

            OPTIONAL—The user is allowed to pass or fail the authentication test of this Authentication provider. However, if all Authentication providers configured in a security realm have the JAAS Control Flag set to OPTIONAL, the user must pass the authentication test of one of the configured providers.
            -------------------------------------------------------

            refer - http://docs.oracle.com/cd/E13222_01/wls/docs92/secmanage/atn.html

            Regards
            Mukesh Negi
            http://weblogicserveradministration.blogspot.in/
            • 3. Re: Multiple LDAP Servers in Fusion Middleware (OBIEE 11g)
              979530
              Thank you, Jeets and Mukesh, for your replies. I will try out as you have suggested.