3 Replies Latest reply: Sep 11, 2013 3:11 AM by Christian Berg RSS

    LDAP Configuration OBIEE 11g

    RR

      Hi all,

       

      I have upgraded OBIEE 11.1.1.5 to 11.1.1.7 in windows machine. I have configured LDAD configuration in OBIEE.

       

      Field

      Value

      Host

      localhost

      Port

      389

      Principal

      serviceadmin

      Credential & Confirm Credential

      xxxx

      SSLEnabled

      No

      User Base DN

      DC=CORP,DC=NET

      All Users Filter

      (&(memberof=CN=BIUsers,OU=BIUsers,DC=CORP,DC=NET)(sAMAccountName=*)(objectclass=user))

      User From Name Filter

      (&(memberof=CN=BIUsers,OU=BIUsers,DC=CORP,DC=NET)(sAMAccountName=%u)(objectclass=user))

      User Search Scope

      subtree

      User Name Attribute

      sAMAccountName

      User Object Class

      User

      Use Retrieved User Name as Principal

      No

      Group Base DN

      OU=BIUsers,DC=CORP,DC=NET

      All Groups Filter

      (&(uid=*)

      Group From Name Filter

      (&(cn=%g)(objectclass=group))

      Group Search Scope

      subtree

      Group Membership Searching

      unlimited

      Max Group Membership Search Level

      0

      Ignore Duplicate Membership

      No

      Static Group Name Attribute

      cn

      Static Group Object Class

      group

      Static Member DN Attribute

      member

      Static Group DNs from Member DN Filter

      (&(member=%M)(objectclass=group))

      Dynamic Group Name Attribute

      Leave blank

      Dynamic Group Object Class

      Leave blank

      Dynamic Member URL Attribute

      Leave blank

      User Dynamic Group DN Attribute

      Leave blank

      Connection Pool Size

      6

      Connect Timeout

      0

      Connection Retry Limit

      1

      Parallel Connect Delay

      0

      Results Time Limit

      0

      Keep Alive Enabled

      No

      Follow Referrals

      Yes

      Bind Anonymously On Referrals

      No

      Propagate Cause For Login Exception

      No

      Cache Enabled

      yes

      Cache Size

      32

      Cache TTL

      60

      GUID Attribute

      Objectguid

       

      These are the things i gave in console.

       

      In EM and grating One role to this AD users. While searching users in EM it will display users along with PC numbers too. I need to restrict in this list. Please help me how can i achieve this.

       

      And one more All Groups Filter i cant leave this as blank.

       

      Reply ASAP.

       

      Tahnks in advance.

        • 1. Re: LDAP Configuration OBIEE 11g
          Christian Berg

          Well how are users and PC numbers distinguished in your LDAP? That's the question. If you know that, you can adapt the query expression "(&(memberof=CN=BIUsers,OU=BIUsers,DC=CORP,DC=NET)(sAMAccountName=*)(objectclass=user))" to match your actual LDAP and only retrieve human users rather than just objectclass=user which seems to mix humans and machines from what you're describing.

          • 2. Re: LDAP Configuration OBIEE 11g
            RR

            Thanks for your quick reply.

             

            I need to restrict in EM. In colsole its lising only the users which is reside under BIuser.

             

            How can i restrict in EM. Please guide me regarding this.

             


            • 3. Re: LDAP Configuration OBIEE 11g
              Christian Berg

              EM will pull every single user instance it finds in any of the security providers over your security realm. The place to constrain is there. You have no way of "configuring" Enterprise Manager to display "a constrained list".