Categories
- All Categories
- 15 Oracle Analytics Sharing Center
- 15 Oracle Analytics Lounge
- 208 Oracle Analytics News
- 41 Oracle Analytics Videos
- 15.7K Oracle Analytics Forums
- 6.1K Oracle Analytics Idea Labs
- Oracle Analytics User Groups
- 76 Oracle Analytics Trainings
- 14 Oracle Analytics Data Visualizations Challenge
- Find Partners
- For Partners
OBIEE Weblogic Admin Console LDAP Results Different From Enterprise Manager?
Im seeing something a bit peculiar in my OBIEE application.
So I recently installed OBIEE 12c, moving up from 11g. Our 11g application was installed by some consultants, so Im using their installation as a loose guideline to my 12 installation. Of course, the consultants left next to no documentation as well.
In my 11g Weblogic Console -> Security Realms -> myrealm -> Providers tab -> Custom LDAP Authenticator -> Provider Specific tab
I am doing a copy and paste of the values on this page into my 12c. I restart my 12c server and go to
Security Realms -> myrealm -> Users and Groups tab
Here I see about 18 users pulled up through my custom LDAP authenticator. I checked this with my AD admin and confirmed that the search string I used and the results are as expected.
Now I go to my 12c Weblogic Enterprise Manager -> Business Intelligence -> Right Click coreapplication -> Security -> Application Roles
I click on one of my groups and hit Edit -> Add -> Type: User Display Name includes [Roger]
In 12c I get no results, because this user is not even a part of the 18 users.
When I go to my 11g Weblogic Enterprise Manager, do the exact same thing - I then get 30 users.
I understand my active directory search query is incorrect, as I was expecting a lot more users then just 18.
But I am really curious would anyone know why in my 11g Enterprise Manager it does NOT seem to be limited by the LDAP results from my 11g Weblogic Console?
Is there a setting some where I am missing?
Its almost like the search results in the 11g Enterprise Manager are INDEPENDENT of the 11g Weblogic Console?
--------------------------------------------------------------------------------------------------------------------------------------------------------------------
Adding further detail and screen shots
So when I look in Weblogic Admin Console I see the following
There are no filters/customizations on this table. There is nothing in the link [Customize this table]
As you can see there are a total of 26 entries (some test accounts)
Its sorted alphabetically, and I am focusing on 'rodneyc'
There is only this one single individual in this table of 26 people.
BUT when I go to Enterprise Manager - Roles -> Add principal and do a search I get waaaaaayyyy more then 26 when searching for 'rod'
Is there something I am missing?
Answers
-
Are you saying that in 11g you have 18 Users displayed under Users tab but when searching in EM for users to assign an application role it displays 30 users?
Did you check in 11g environment whether or not any search criteria is defined under customise this table at following location Security Realms -> myrealm -> Users and Groups tab--> Users tab
0 -
That pretty much sums it up
18 users displayed under [Users and Groups]
When I search in EM for a user to assign to an application role (example "Roger") then it pulls 30 names
Theres no special criteria defined under "customize this table"
0 -
So when I look in Weblogic Admin Console I see the following
There are no filters/customizations on this table. There is nothing in the link [Customize this table]
As you can see there are a total of 26 entries (some test accounts)
Its sorted alphabetically, and I am focusing on 'rodneyc'
There is only this one single individual in this table of 26 people.
BUT when I go to Enterprise Manager - Roles -> Add principal and do a search I get waaaaaayyyy more then 26 when searching for 'rod'
Is there something I am missing?
0 -
Please login to Weblogic Console and check for the Criteria there if any, on clicking the "Customize this Table". Please try to remove the criteria as shown in the below screenshot in Red and then see whether all the users are coming up or not:
Hope this should resolve your confusion.
0 -
While configuring AD with your weblogic server have you used samAccountName or cn(common name) in user filter?
What is the search result when you search with 'rod' in Principal Name with 'Includes' option does it give more than one entry?
0 -
Hi,
If you are specifically looking for a user whose name starts with "rod" then in EM ( I am referring to the snapshot you have shown ),
is there a way to change the Display Name list filter from INCLUDES to STARTS WITH.
Example --> I have 5 users ( 123rod, rodger bt, tyurod78, atrodur, rodeys )
When Display name with INCLUDES rod = > All 5 users
When Display name with STARTS WITH rod = > only 2 users - rodger bt, rodeys
Regards
AM
0 -
Can you be a little bit more specific please.
In the Weblogic console under the
[All Users Filter] = (&(memberOf=CN=OBIEE,OU=OBIEE,OU=Security Groups,OU=UIT,DC=york,DC=york,DC=ca)(sAMAccountName=*)(objectclass=user))
[User from Name Filter] = (&(sAMAccountName=%u)(objectclass=user))
Is that what you were referring to?
When I search for "rod" with "Includes" in the principal name it pulls up more then 26 users.
Also to note: There are no filters on the [Customize Table] in Weblogic Console, it just pulls up those 26 people.
Also, I do have a work around - but was just curious what could be causing this kind of mismatching behaviour in 11g. I wasnt sure if there was a checkbox some where to cause this kind of behaviour.
I just find it quite peculiar/odd that there is a difference between the Console and EM results
0