difference between active directory implementation and oracle internet directory in obiee 11g

Gianni Ceresa

Amol Palkar wrote:They want to reduce manual effort to add group in Microsoft AD , in OID it is automatically added through sailpoint as soon as employee joins in organization.This is what answer i was looking from both of you.

Sorry if I don't have my crystal call to guess how your organization works and what you do as business, what kind of setup you have etc.

And again, you are asking in the Business Intelligence Suite Enterprise Edition (OBIEE) forum while there is   which is probably the place you have to look for these things.

From an OBIEE point of view groups from AD or groups from OID doesn't change anything !

Sandeep Kumar sk

>>How OID is different from LDAP and whose performance is better for long term ?

OID is an LDAP compliant server. Other LDAP compliant servers from Oracle include ODSSE and OUD.

>>Why we have to go for OID instead of LDAP ?

LDAP is name of protocol, whereas OID is ldap compliant Directory server from Oracle.

>>What is the roles of Oracle Access manager in OID ?

OAM is Oracle Access Manager and it provides authentication and authorization services to applications. In your case (as far as reading through your posts), you would use OAM to provide authentication services to OBIEE application. In other words your Oracle environment would be something like, Protected application being OBIEE, Directory server being OID and OAM providing authentication.

>>what is Oracle HTTP Server 11g Webgate ?

Now lets come to your web tier, meaning where your OBIEE application url will be made accessible. You cannot put your OBIEE server on the perimeter. Hence you use a webserver which hosts the OBIEE url for a user to access. This webserver here is OHS, or Oracle HTTP server. Webgate is a software component (it is part of the OAM), which will serve as an agent and protect the OBIEE url which is hosted on the OHS server. So you configure policy in OAM for authentication/authorization purposes and which has an agent residing on the webserver (OHS server). 11g refers to the version, e.g. 11gR2 is version of Oracle Identity and Access Management suite of products containing Oracle Access Manager (OAM), Oracle Identity Manager (OIM), Oracle Internet Directory (OID) etc.

>>What MOD_WL_OHS configuration file contains ?

Refer to this link Configuring the mod_wl_ohs Plug-In for Oracle HTTP Server    The mod_wl_ohs module is included in the Oracle HTTP Server installation. You need not download and install it separately. mod_wl_ohs is a plug-in for proxying requests from Oracle HTTP Server to Oracle WebLogic server.

>>Why OAM Identity Asserter is important for both AD and OID , what exactly it does ?

OAM Identity Asserter is required so that your WebLogic server (OBIEE application is deployed on a WebLogic server) can be provided with information/token so that it can map to a valid user. This is just a short answer, but you will require this configuration during OBIEE configuration. As mentioned above OBIEE is protected by OAM. So you see the big picture. Here is link for details about Identity asserter. In order to enable SSO for Weblogic applications (meaning web applications that are deployed on Weblogic server), you need to add and configure OAM Authentication Provider for WebLogic Server.

>>Do I have to enable SSO mandatorily for OID ?

It depends on your requirement. But generally requirement is to secure applications like OBIEE. In your case for authentication/SSO for OBIEE makes sense. However you could also enable SSO for OID if you really have to.

>>What is HWLB URL , what is its function ?

HWLB means Hardware Load Balancer. HWLB URL would mean the URL which is hosted on the load balancer. Typically what this means that Load Balancer is like your front-end sitting on the dmz which captures the url requested by a user to access an application URL. The Load Balancer is configured to forward the request to any of the servers. For example, say your application, OBIEE for example is hosted on two separate servers for High Availability purposes. Since these two servers will have different IP addresses, a load balancer can be configured to publish a public URL which user can access, and load balancer will forward to one of the OBIEE server, depending upon the rules, e.g. round-robin or number of requests etc or availability of the server.

Joel

A quick google search brought back this document

https://docs.oracle.com/cd/E14571_01/bi.1111/e10543/privileges.htm

Sent from my iPhone