1 Reply Latest reply on May 26, 2017 5:40 PM by Thomas Dodds

Exclude DISABLED users in AD from coming into OBIEE

1877648 May 26, 2017 1:11 PM

Hi !

This is a question :

Many organisations do not delete old/inactive users in AD ( Active Directory)

They simply make them as DISABLED.

When LDAP is integrated in OBIEE, it brings in both Enabled (Active) and Disabled users.

We would like exclude those disabled users at the LDAP integration level.

We found out in another website that there seems to be one attribute/value

that filters Disabled users out. [(!userAccountControl:1.2.840.113556.1.4.803:=2)]

I would like to know your inputs on the same.

Just in case the said attribute/value is correct and if should try it out then my question is where exactly I should write it.

I have the documentation on LDAP integration with OBIEE including snapshots. Now here are several config attributes such as -

Where exactly should I put that value ? Any idea ?

Principal

User Base DN

All Users Filter

User From Name Filter

User Name Attribute

Object User Class

Group Base DN

All Groups Filter

Group From Name Filter

(Note- Please ignore if there are any typos in my writing)

Regards

1. Re: Exclude DISABLED users in AD from coming into OBIEE

Thomas Dodds May 26, 2017 5:40 PM (in response to 1877648)

Perhaps an LDAP strategy of moving disabled accounts to a disabled group out of the active group(s) [in addition to marking them disabled] ... then you are pulling only from the active set.
1 person found this helpful
Like Show 1 Likes(1)

Actions

Join the world’s largest interactive community dedicated to Oracle technologies.