Oracle Fusion Middleware: Using Active Directory as a User Provider - Active Directory Authentication to OBIEE 11g - 2 - Deleting Default Provider - Active Directory Configuration'ını OBIEE 11g İçin Yapmak ve Default Provider'ı Kaldırmak

In our previous article, we explained how to add Active Directory as an user provider. Now we will delete the default authenticator in order to make the newly added Active Directory our only provider to have a tighter security configuration.

2.Deleting Default Provider

The reason why we put 2 at the beginning is that we are assuming that we have added the Active Directory just like we did on the arcticle before this.

2.1 Update the Credential Store Password

These configuration changes can be made from entreprise manager. The link should be like this: http://localhost:7001/em

Open Weblogic Domain / bifoundation_domain screen. Select Security / Credentials item under WebLogic Domain menu.

Find “system.user” under oracle.bi.system and click Edit.

Input the new user name and password. We have created OBIA_BISystemUser just for this purpose. We will use it later to add more privileges to our system user.

2.3. Security Provider Configuration

Click “WebLogic Domain” menu. Click “Security Provider Configuration” menu item under Security sub-menu.

We then add the following properties.

Property Name	Value
virtualize	false
user.login.attr	samaccountname
username.attr	samaccountname

2.4. Assign application roles to system users and groups

Select Business Intelligence / coreapplication from left panel. Click on Security / Application Roles item on Business Intelligence Instance menu.

Make the following assignments :

Role Name	Members
BISystem	OBIA_BISystemUser (User)
BIAdministrator	OBIA_Administrators (Group)
BIAuthor	OBIA_Administrators (Group)
BIConsumer	OBIA_Administrators (Group)

Note: The users and the groups are newly created. The creation process is explained on the first part of this arcticle.

2.5. Assign global roles to system users and groups:

Open Weblogic Admin Console. Go to “myrealm” in WebLogic Admin Console. Go to Roles and Policies tab. In “Realm Roles” sub tab, expand Global Roles / Roles.

Assign the roles to LDAP groups as seen in the following table.

Global Roles :	Assignment :
Admin	Group : OBIA_Administrators User : OBIA_BISystemUser
AdminChannelUsers	Group : OBIA_Administrators
AppTester	Group : OBIA_Administrators
CrossDomainConnector	Group : OBIA_Administrators
Deployer	Group : OBIA_Administrators
Monitor	Group : OBIA_Administrators
Operator	Group : OBIA_Administrators

2.6. Delete default provider:

Go to Providers tab under security realm “myrealm”. Click on Active Directory provider we created. Select REQUIRED in Control Flag dropdown field. Click Save.

2.7. Stop and start BI services:

Click “Stop BI Services” under “Oracle Business Intelligence” group in Start Menu. To proceed, we have to provide weblogic user and its password in the console.

Delete the two boot.properties files in the following locations :

%OBI_HOME%\user_projects\domains\bifoundation_domain\servers\AdminServer\security

%OBI_HOME%\user_projects\domains\bifoundation_domain\servers\bi_server1\security

Click “Start BI Services” under “Oracle Business Intelligence” group in Start Menu.

Enter the user and password of OBIA_Weblogic when prompted.