OBI SQL Authenticator users and groups are not seen in BI server

Tilen

Hi,

I have created SQL Athenticator provider in WLS console. I have set descriptor to SUFFICIENT and set it in the first plase of providers. All OK in WLS console. I can see new users and groups.

Later I set in BI EM Identity Store provider two attributes- OPTIMIZE_SEARCH=true and virtaulize=true.

My issue is when I try to add new user groups into BI Application roles I don't see new users or groups. Ony from DefaultAuthenicator. Also users can't login to analytics. What did I miss?

I would appreciate any help.

I have one user tilen2 from DefaultAuthenicator and second user TILEN1 from SQLAuthenicator. This is screenshot from console - Users and Groups:

But in WLS EM I see only user from DefaultAuthenicator:

BR,

Tilen

Joel

Can you see users from both the default authenticator and the SQL authenticator in the user listing?

Tilen

Yes, in the WLS console under Users and groups I can see all users and all groups from both authenticators.

But I don't see users and group from SQL authenticator in EM where you can add users/groups into aplication roles.

[Deleted User]

There's a lot of detail information missing from your question, so all we can do is guess.

1.)

What is the exact version number you're running? "12c" isn't a valid answer. "12.2.1.4" isn't either. 12.2.1.4.YYMMDD <== This is a version number.

2.) How EXACTLY did you configrue the SQL Authenticator?

3.) Including what you put into the adapter config template

4.) And by extension what's in your adapters.os_xml for that authenticator?

Tilen

OK, I'll try to give you more information:

Oracle Enterprise Manager Fusion Middleware Control 12c - 12.2.1.3.0

Oracle BIEE 12.2.1.4.0

I was working by the https://docs.oracle.com/middleware/1221/biee/BIESC/privileges.htm#BABHAGHH

I have created new provider:

Both RMLogin (SQLAuthenticator) and DeafultAuthenticator have flag SUFFICIENT.

All select statments are default (except table name) since I have created tables with the same columns as default.

I guess that this part is set OK since I get all the users, groups and membership information from the tables to WLS.

Later I enabled virtualization in Identity store.

In my adapters.os_xml is the following part:

   <dataBase id="userGroupAdapter1" version="0" xmlns="http://www.octetstring.com/schemas/Adapters">

      <root>cn=users,dc=rne,dc=eu</root>

      <active>true</active>

      <serverType>directoryType</serverType>

      <routing>

         <critical>true</critical>

         <priority>50</priority>

         <inclusionFilter/>

         <exclusionFilter/>

         <plugin/>

         <retrieve/>

         <store/>

         <visible>Yes</visible>

         <levels>-1</levels>

         <bind>true</bind>

         <bind-adapters/>

         <views/>

         <dnpattern/>

      </routing>

      <pluginChains xmlns="http://xmlns.oracle.com/iam/management/ovd/config/plugins">

         <plugins>

            <plugin>

               <name>DBGUID</name>

               <class>oracle.ods.virtualization.engine.chain.plugins.dbguid.DBGuidPlugin</class>

               <initParams>

                  <param name="guidAttribute" value="orclguid"/>

               </initParams>

            </plugin>

         </plugins>

         <default>

            <plugin name="DBGUID"/>

         </default>

         <add/>

         <bind/>

         <delete/>

         <get/>

         <modify/>

         <rename/>

      </pluginChains>

      <driver>oracle.jdbc.driver.OracleDriver</driver>

      <url>datasource://DWH</url>

      <user>%USER%</user>

      <password>%PASSWORD%</password>

      <ignoreObjectClassOnModify>false</ignoreObjectClassOnModify>

      <includeInheritedObjectClasses>true</includeInheritedObjectClasses>

      <maxConnections>10</maxConnections>

      <mapping>

         <joins/>

         <objectClass name="person" rdn="cn">

            <attribute ldap="cn" table="V_BI_USERS" field="U_NAME" type=""/>

            <attribute ldap="uid" table="V_BI_USERS" field="U_NAME" type=""/>

            <attribute ldap="usernameattr" table="V_BI_USERS" field="U_NAME" type=""/>

            <attribute ldap="loginid" table="V_BI_USERS" field="U_NAME" type=""/>

            <attribute ldap="description" table="V_BI_USERS" field="U_DESCRIPTION" type=""/>

            <attribute ldap="orclguid" table="V_BI_USERS" field="U_NAME" type=""/>

            <attribute ldap="mail" table="V_BI_USERS" field="U_NAME" type=""/>

         </objectClass>

      </mapping>

      <useCaseInsensitiveSearch>true</useCaseInsensitiveSearch>

      <connectionWaitTimeout>10</connectionWaitTimeout>

      <oracleNetConnectTimeout>0</oracleNetConnectTimeout>

      <validateConnection>false</validateConnection>

   </dataBase>

   <dataBase id="userGroupAdapter2" version="0" xmlns="http://www.octetstring.com/schemas/Adapters">

      <root>cn=users,dc=rne,dc=eu</root>

      <active>true</active>

      <serverType>directoryType</serverType>

      <routing>

         <critical>true</critical>

         <priority>50</priority>

         <inclusionFilter/>

         <exclusionFilter/>

         <plugin/>

         <retrieve/>

         <store/>

         <visible>Yes</visible>

         <levels>-1</levels>

         <bind>true</bind>

         <bind-adapters/>

         <views/>

         <dnpattern/>

      </routing>

      <pluginChains xmlns="http://xmlns.oracle.com/iam/management/ovd/config/plugins">

         <plugins>

            <plugin>

               <name>VirtualAttribute</name>

               <class>oracle.ods.virtualization.engine.chain.plugins.virtualattr.VirtualAttributePlugin</class>

               <initParams>

                  <param name="ReplaceAttribute" value="uniquemember={cn=%uniquemember%,cn=users,dc=rne,dc=eu}"/>

               </initParams>

            </plugin>

         </plugins>

         <default>

            <plugin name="VirtualAttribute"/>

         </default>

         <add/>

         <bind/>

         <delete/>

         <get/>

         <modify/>

         <rename/>

      </pluginChains>

      <driver>oracle.jdbc.driver.OracleDriver</driver>

      <url>datasource://DWH</url>

      <user>%USER%</user>

      <password>%PASSWORD%</password>

      <ignoreObjectClassOnModify>false</ignoreObjectClassOnModify>

      <includeInheritedObjectClasses>true</includeInheritedObjectClasses>

      <maxConnections>10</maxConnections>

      <mapping>

         <joins/>

         <objectClass name="groupofuniquenames" rdn="cn">

            <attribute ldap="cn" table="V_BI_GROUPMEMBERS" field="G_NAME" type=""/>

            <attribute ldap="description" table="V_BI_GROUPMEMBERS" field="G_NAME" type=""/>

            <attribute ldap="uniquemember" table="V_BI_GROUPMEMBERS" field="G_MEMBER" type=""/>

            <attribute ldap="orclguid" table="V_BI_GROUPMEMBERS" field="G_NAME" type=""/>

         </objectClass>

      </mapping>

      <useCaseInsensitiveSearch>true</useCaseInsensitiveSearch>

      <connectionWaitTimeout>10</connectionWaitTimeout>

      <oracleNetConnectTimeout>0</oracleNetConnectTimeout>

      <validateConnection>false</validateConnection>

   </dataBase>

I know it is a long process to build all this and hard to show all the datails. At least if I can get some guidelines on which part to focus.

Thanks,

Tilen

Tilen

I don't understand why is necessary to create another route to users and group data from BI with adapter if it has all data in admin server.What is the use of them?