OBIEE 12c - LDAP config - Page 2 — Oracle Analytics

Oracle Analytics Cloud and Server

Home Oracle Analytics Oracle Analytics Forums Oracle Analytics Cloud and Server Oracle Analytics Cloud and Server

Categories

Welcome to the Oracle Analytics Community: Please complete your User Profile and upload your Profile Picture

OBIEE 12c - LDAP config

Received Response
201
Views
17
Comments
2»

Answers

  • 3310714
    3310714 Rank 6 - Analytics Lead

    I was able to reduce to a smaller set of users by using the MEMBEROF syntax.   My AD users are logging in fast now!

    HOWEVER, my "weblogic" user occasionally takes about 1 minute to log into console/EM.  Any idea? 

  • jepva
    jepva Rank 5 - Community Champion

    That is nothing to do with the authentication itself but in general the console, and particularly EM, can take a while to load into memory and run on the server.

  • 3310714
    3310714 Rank 6 - Analytics Lead

    I said it was authentication because when logging into EM, it displays a small message of what it's doing (Login in progress, Identifying Targets, etc.).  In my case, it was stuck at "Authentication..." for about 1 minute and then goes through.

    Anyway, the issue seem to have gone away by reordering the Authentication Provider.  I put the DefaultAuthenticator first, then MSAD.   Previously, I had MSAD, then DefaultAuthenticator.

  • jepva
    jepva Rank 5 - Community Champion

    Yes, when using internal and external authenticator, you want to have weblogic authenticator first.  They should also both be set to "sufficient". 

    Like in the other answers above, to do what you desire to do (have external LDAP users but control roles/groups in OBIEE) you just set up custom application roles and assign the LDAP users to those roles.  Then you can control access in catalog manager based on the different roles.

  • 3310714
    3310714 Rank 6 - Analytics Lead

    Most of the documents/articles I've read suggested using the external authenticator (AD) first.  That's why I had it that way.  Anyway, I'll be keeping an eye on the authentication performance.  But so far so good!

    Yes, you are right I could also manage users using the app roles in OBIEE.  However, I'll just stick with the standard practice by using groups in AD.  That way when a new user needs access, someone from AD can add him/her to the group and I don't need to do anything.   

  • Venkata Rachuri
    Venkata Rachuri Rank 5 - Community Champion

    May be its tooo late to answer this question. In my experiecen The slowness happens because of nested groups a user belongs to in AD.

    Try to change this setting  to zero

    pastedImage_0.png

    It should speed up the process.

    Thanks

    Venkata Rachuri

  • 3310714
    3310714 Rank 6 - Analytics Lead

    It was set to 0.