Categories
- All Categories
- 15 Oracle Analytics Sharing Center
- 15 Oracle Analytics Lounge
- 208 Oracle Analytics News
- 41 Oracle Analytics Videos
- 15.7K Oracle Analytics Forums
- 6.1K Oracle Analytics Idea Labs
- Oracle Analytics User Groups
- 76 Oracle Analytics Trainings
- 14 Oracle Analytics Data Visualizations Challenge
- Find Partners
- For Partners
OBIEE 12c LDAP account log into Weblogic
Hi,
We are using OBIEE 12.2.1.2. I just want to confirm, LDAP accounts (MSAD) can log into Analytics, but can't log into Weblogic and Fusion Middleware Enterprise Manager? But local accounts like "weblogic" can log into Analytics, Weblogic, and Fusion Middleware Enterprise Manager? It's been a while since I used OBIEE and trying to get back to it.
Answers
-
Are you logging onto WebLogic Admin console with a user that is in the WebLogic Administrator group? What do you mean by local user? Have you checked your log files for any clues?
Have you also set the virtualize property in the identity store to enable multiple authentication providers? - https://docs.oracle.com/middleware/12212/biee/BIESC/GUID-30F09EE4-A2DE-443D-BF24-CC401B6E13FD.htm#BIESC6077
0 -
Hi Joel,
Thanks. Initially I was logging into WebLogic console and Middleware EM using my LDAP admin account and it didn't work. Then I recall only local users created in WebLogic console that's part of the Administrator group can log in. I was getting confused on who can log into where after 6 months of absence from OBIEE.
0 -
That's the way we have ours set up.
Open LDAP Authenticator provider (sufficient) users can login into analytics, xmlp etc but not WLS, EM etc.
Default Authenticator provider (sufficient) users can login into WLS, EM but not Analytics, xmlp etc.Apparently you can set virtualize=true and default auth users can log into analytics as well but we've never been able to get it to work. Never really cared either.
Cheers,
AdamEDIT: We have our "admin" account (not weblogic) stored in LDAP and have added it to the global admin roles in WLS (roles and policies). This user is then used as the admin user for Analytics and can also login to EM and WLS because of the admin role.
0 -
Hi Adam,
Thanks for your reply. Actually, we had to set the virtualize=true parameter in order for LDAP users to log into Analytics. Our Default Authenticator users could log into Analytics without issues.How were you able to add your LDAP admin account to the WLS admin role? Which role are you referring to? In Weblogic?
0 -
He said it: roles and policies in Weblogic.
Never forget: WLS is an own platform product with its own security! So you need to manage that. WLS only reads your LDAP. It does not utilize it to actually do anything.
https://docs.oracle.com/cd/E57014_01/wls/WLACH/taskhelp/security/AddUsersToRoles.html
0 -
Thanks, that's what I thought too; WLS only reads LDAP and doesn't do anything.
But when I read Adam's EDIT comments about his LDAP admin account being assigned a WLS admin role, I was confused. I couldn't do anything to my LDAP accounts in WLS.
0 -
As Christian mentioned, you can add users to specific roles within WLS.
We have added an LDAP user (which we have specified as "admin") to the global admin role which now allows it to login to EM and WLS as the weblogic user does.0 -
Thanks! I figured it out now. Before, I didn't know this trick so I manually created local accounts in Weblogic to perform upload/download of RPDs, bounce servers, etc. Now I could do this using my regular admin LDAP account!
0 -
Hi Adam,
Are you able to upload/download the RPD file using your LDAP admin account? I'm not able to do that. I could only use a WLS admin account to perform this task.
0 -
Confirmed with Oracle support, LDAP accounts can't upload/download RPD. This is by design as documented in Doc ID 2208290.1. Need to use "weblogic" or other WLS accounts that's part of the Administrators group.
0
