OBIEE Blog

he question is – if you can mix LDAP and other type of authentication. In one word – yes and no.

Here’s what Oracle suggests:

1. You can have internal authentication and LDAP authentication. eg users in the rpd, and users in the LDAP.

For users not defined in the repository, the presence of a defined session system variable USER determines that external authentication is performed.
So using this method, you can have groups with internal users using the internal security, and groups with users that use the LDAP authentication.

But you cannot mix external table and LDAP authentication for example, as you cannot have different connection pools on same init block.

2. The best option would be to create your own authentication Dll (Custom authentication) so  you will have full control on what systems you will lookup for the user account.
You can write your own DLL in C++ , and have OBI Server invoke it. BI just pass the username/pwd received, and wait for an authenticated/no authenticated message from the dll.

This exists since 10.1.3.2.

We provide an example of such dll.
Location for the sample one: D:\OracleBI\server\SDK\CustomAuthenticatorSamples

I wonder if anyone tried it – I think that at this time, it’d be easier to work around the requirement by using standard methods. Let’s see what John Minkjan might say about it.

This has been bugging me for a while. Now, I know what the problem was.

When are Subject Areas and View Privileges visible in the Admin > Manage Privileges link?.

Solution

Definitions:

• “webserver service” refers to the Web Server Software being used for Siebel Analytics Web (i.e. IIS, iPlanet/Sun ONE or Tomcat)
• “webclient session” refers to a Siebel Analytics Web session

The functionality is as follows:

1. A Subject Area is stored in a webcat once a user has accessed it via Answers.

2. The Subject Area will be visible in the Admin >Manage Privileges link only if a user has accessed the Answers link.

3. Subject Areas will persist for the life of the webcat, but will not be accessible via the Admin > Manage Privileges link after the webserver services have been stopped and restarted. They will only be accessible once a user (any user) has accessed the Answers page in a webclient session.

4. The behavior described in Step 3 ensures that potentially archived, deleted or renamed subject areas are not visible for setting privileges.

5. The View privileges will also not be accessible via the Admin > Manage Privileges link after a webserver service recycle until and unless a user (any user) has accessed it in a webclient session.

a. When you run a request, the following privileges become visible in the Admin > Manage Privileges link
View Compound
View Filters
View Narrative
View Nested Request
View Pivot Table
View Logical SQL
View Table
View Ticker
View Title

b. When the user clicks on “Customize View”, the following privileges become visible:
View Create Segment
View Chart

c. When the user clicks on Views Tab, the following privileges become visible:
View Question
View Column Filter
View Global Filter
View Image