This discussion is archived
3 Replies Latest reply: Sep 11, 2013 1:11 AM by Christian Berg RSS

LDAP Configuration OBIEE 11g

RR Newbie
Currently Being Moderated

Hi all,

 

I have upgraded OBIEE 11.1.1.5 to 11.1.1.7 in windows machine. I have configured LDAD configuration in OBIEE.

 

Field

Value

Host

localhost

Port

389

Principal

serviceadmin

Credential & Confirm Credential

xxxx

SSLEnabled

No

User Base DN

DC=CORP,DC=NET

All Users Filter

(&(memberof=CN=BIUsers,OU=BIUsers,DC=CORP,DC=NET)(sAMAccountName=*)(objectclass=user))

User From Name Filter

(&(memberof=CN=BIUsers,OU=BIUsers,DC=CORP,DC=NET)(sAMAccountName=%u)(objectclass=user))

User Search Scope

subtree

User Name Attribute

sAMAccountName

User Object Class

User

Use Retrieved User Name as Principal

No

Group Base DN

OU=BIUsers,DC=CORP,DC=NET

All Groups Filter

(&(uid=*)

Group From Name Filter

(&(cn=%g)(objectclass=group))

Group Search Scope

subtree

Group Membership Searching

unlimited

Max Group Membership Search Level

0

Ignore Duplicate Membership

No

Static Group Name Attribute

cn

Static Group Object Class

group

Static Member DN Attribute

member

Static Group DNs from Member DN Filter

(&(member=%M)(objectclass=group))

Dynamic Group Name Attribute

Leave blank

Dynamic Group Object Class

Leave blank

Dynamic Member URL Attribute

Leave blank

User Dynamic Group DN Attribute

Leave blank

Connection Pool Size

6

Connect Timeout

0

Connection Retry Limit

1

Parallel Connect Delay

0

Results Time Limit

0

Keep Alive Enabled

No

Follow Referrals

Yes

Bind Anonymously On Referrals

No

Propagate Cause For Login Exception

No

Cache Enabled

yes

Cache Size

32

Cache TTL

60

GUID Attribute

Objectguid

 

These are the things i gave in console.

 

In EM and grating One role to this AD users. While searching users in EM it will display users along with PC numbers too. I need to restrict in this list. Please help me how can i achieve this.

 

And one more All Groups Filter i cant leave this as blank.

 

Reply ASAP.

 

Tahnks in advance.

  • 1. Re: LDAP Configuration OBIEE 11g
    Christian Berg Guru
    Currently Being Moderated

    Well how are users and PC numbers distinguished in your LDAP? That's the question. If you know that, you can adapt the query expression "(&(memberof=CN=BIUsers,OU=BIUsers,DC=CORP,DC=NET)(sAMAccountName=*)(objectclass=user))" to match your actual LDAP and only retrieve human users rather than just objectclass=user which seems to mix humans and machines from what you're describing.

  • 2. Re: LDAP Configuration OBIEE 11g
    RR Newbie
    Currently Being Moderated

    Thanks for your quick reply.

     

    I need to restrict in EM. In colsole its lising only the users which is reside under BIuser.

     

    How can i restrict in EM. Please guide me regarding this.

     


  • 3. Re: LDAP Configuration OBIEE 11g
    Christian Berg Guru
    Currently Being Moderated

    EM will pull every single user instance it finds in any of the security providers over your security realm. The place to constrain is there. You have no way of "configuring" Enterprise Manager to display "a constrained list".

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points