nav[aria-label="Primary Navigation"] { padding: 0; & ul { list-style: none; width: 100%; display: flex; flex-direction: row; justify-content: start; align-items: start; gap: 30px; padding: 0; & li { margin: 0; } & ul li { list-style: none; } } }

Oracle Communities

Oracle Analytics and AI

Child Item

Why native user can't login when LDAP server down

Chiaranon Thimkul

Dear All,

I've some doubt about OBIEE12c security configuration in 2 scenario, and please share your advise.

Scenario1

We used OBIEE12c 12.2.1.x In case we configure external authentication with MS Active Directory

And sometime MSAD Server have a problem or network problem , so OBIEE Server can't connect to MSAD Server to authen.

So AD user can't login to BI system , this's make sense , but question is why weblogic or any native user can't login to BI system?

Do I need to configure something more to avoid native user issue when MSAD have issue or network issue.

Scenario2

We used OBIEE12c 12.2.1.x In case we configure external authentication with multiple such as MS Active Directory, LDAP1, LDAP2

And sometime external authen Server have a problem or network problem , so OBIEE Server can't connect to that external authen Server to authen.

Problem is all AD, LDAP user from all provider can't login to BI system and weblogic or any native user can't login to BI system too.

Do I need to configure something more to avoid native user issue when some external authen server have issue or network issue.

Thank you in advance

Chiaranon

Find more posts tagged with

Accepted answers

All comments

handat

Is the AD login provider your only provider, or do you have other authentication providers available in weblogic? What is the flag of the provider set to? If it is set to mandatory, then it has to be used for authentication, and if it is unavailable, then nobody can login. If you have multiple authentication providers, set them as requsite, so if the first one, ie AD is successful, then user gets logged on, but if it is unavailable, the next requisite authenticator will be able to let the user login.

Chiaranon Thimkul

Dear Sir,

Is this the same with scenario#1 , in case we have only one MS AD and we setup as Mandatory .

We use MS AD user together with weblogic native user and when MS AD down why our native can't use also , is this also depend flag mandatory and requsite as you mention?

Thanks

handat

Yes indeed. Mandatory means it has to be satisfied so if that provider is not available, then all will fail.

Chiaranon Thimkul

Dear Sir,

Is you refer to this flag?

And which one should be select for these scenario

1. We need to use native and one MSAD (and in case MSAD down, native still can use)

2. We need to use native and multi MSAD or LDAP (and in case some MSAD down, other can use and native also can use)

Thank you

handat

Use Requisite if you have multiple authenticators and make sure you don't have any as Required

Chiaranon Thimkul

Dear Sir,

We'll try but in document about setup SSL MSAD , they strictly recommend to sufficient, so we can ignore that because we have multiple right?

Thank you

handat

You can use Sufficient instead of Requisite. Both are similar in this case.