Why native user can't login when LDAP server down — Oracle Analytics

Oracle Analytics Cloud and Server

Welcome to the Oracle Analytics Community: Please complete your User Profile and upload your Profile Picture

Why native user can't login when LDAP server down

Received Response
42
Views
7
Comments
Chiaranon Thimkul
Chiaranon Thimkul Rank 3 - Community Apprentice

Dear All,

I've some doubt about OBIEE12c security configuration in 2 scenario, and please share your advise.

Scenario1

We used OBIEE12c 12.2.1.x In case we configure external authentication with MS Active Directory

And sometime MSAD Server have a problem or network problem , so OBIEE Server can't connect to MSAD Server to authen.

So AD user can't login to BI system , this's make sense , but question is why weblogic or any native user can't login to BI system?

Do I need to configure something more to avoid native user issue when MSAD have issue or network issue.

Scenario2

We used OBIEE12c 12.2.1.x In case we configure external authentication with multiple such as MS Active Directory, LDAP1, LDAP2

And sometime external authen Server have a problem or network problem , so OBIEE Server can't connect to that external authen Server to authen.

Problem is all AD, LDAP user from all provider can't login to BI system and weblogic or any native user can't login to BI system too.

Do I need to configure something more to avoid native user issue when some external authen server have issue or network issue.

Thank you in advance

Chiaranon

Answers

  • handat
    handat Rank 5 - Community Champion

    Is the AD login provider your only provider, or do you have other authentication providers available in weblogic? What is the flag of the provider set to? If it is set to mandatory, then it has to be used for authentication, and if it is unavailable, then nobody can login. If you have multiple authentication providers, set them as requsite, so if the first one, ie AD is successful, then user gets logged on, but if it is unavailable, the next requisite authenticator will be able to let the user login.

  • Chiaranon Thimkul
    Chiaranon Thimkul Rank 3 - Community Apprentice

    Dear Sir,

    Is this the same with scenario#1 , in case we have only one MS AD and we setup as Mandatory .

    We use MS AD user together with weblogic native user and when MS AD down why our native can't use also , is this also depend flag mandatory and requsite as you mention?

    Thanks

  • handat
    handat Rank 5 - Community Champion

    Yes indeed. Mandatory means it has to be satisfied so if that provider is not available, then all will fail.

  • Chiaranon Thimkul
    Chiaranon Thimkul Rank 3 - Community Apprentice

    Sufficient.png

    Dear Sir,

    Is you refer to this flag?

    And which one should be select for these scenario

    1. We need to use native and one MSAD (and in case MSAD down, native still can use)

    2. We need to use native and multi MSAD or LDAP (and in case some MSAD down, other can use and native also can use)

    Thank you

  • handat
    handat Rank 5 - Community Champion

    Use Requisite if you have multiple authenticators and make sure you don't have any as Required

  • Chiaranon Thimkul
    Chiaranon Thimkul Rank 3 - Community Apprentice

    Dear Sir,

    We'll try but in document about setup SSL MSAD , they strictly recommend to sufficient, so we can ignore that because we have multiple right?

    Thank you

  • handat
    handat Rank 5 - Community Champion

    You can use Sufficient instead of Requisite. Both are similar in this case.