Group Filtering in OBIEE and Microsoft LDAP Authentication — Oracle Analytics

Oracle Analytics Cloud and Server

Welcome to the Oracle Analytics Community: Please complete your User Profile and upload your Profile Picture

Group Filtering in OBIEE and Microsoft LDAP Authentication

Received Response
24
Views
2
Comments
user13816768
user13816768 Rank 3 - Community Apprentice

Hi All, We are not able to restrict the groups/users while configuring the Active directory authentication in weblogic. We are using obiee 11.1.1.9.5 we have a group called 'OBIUsers' and there are 5 users in this security group in AD. We need only these 5 users to have access to OBIEE. Please help us in filtering the data set in Provider specific Settings. current settings : Principal : CN=OBI_Query,OU=Accounts,DC=corp,DC=*****,DC=com User Base DN :  OU=Domain Users,DC=corp,DC=*****,DC=com All Users Filter :  (&(sAMAccountName=*)(&(objectclass=user)(|(memberof=CN=OBIUsers,OU=Priority Groups,OU=EXC,DC=corp,DC=*****,DC=com)))) User From Name Filter : (&(sAMAccountName=*)(&(objectclass=user)(|(memberof=CN=OBIUsers,OU=Priority Groups,OU=EXC,DC=corp,DC=*****,DC=com))))

Answers

  • [Deleted User]
    [Deleted User] Rank 2 - Community Beginner

    This may seem like a weird reply to you, but...how do you expect us to write a query against YOUR Active Directory structures?! We don't know how your AD is built and structured.

    We can tell you how the syntax works although any website holding the LDAP query syntax can give you that information faster and nicer formatted than we can type it here.

    Your Active Directory people must be the ones telling you how they structured things!

  • user13816768
    user13816768 Rank 3 - Community Apprentice

    Hi, sorry, Iam not clear here. We were able to filter the group now.. for example if the organization has 1000 users.. we filtered the users to 10 based on the group restriction in the 'All Users Filter' and 'User From Name filter'. But not able to login to the analytics now.. if one thing works... another thing is breaking up.. all Users Filter: (&(cn=*)(&(objectclass=user)(|(memberof=cn=EIS_DBA,ou=EIS,DC=ad,DC=vm,DC=***,DC=com)(memberof=cn=_DBA,ou=EIS,DC=ad,DC=vm,DC=***,DC=com)))) User From Name Filter: (&(cn=%u)(&(objectclass=user)(|(memberof=cn=EIS_DBA,ou=EIS,DC=ad,DC=vm,DC=***,DC=com)(memberof=cn=_DBA,ou=EIS,DC=ad,DC=vm,DC=***,DC=com))))