How to integrate Oracle BI Publisher and LDAP in WebLogic Server

LDAP Server is like a directory structure in Windows file system. A file system consists of a hierarchical view of files and folders. The name of the file must be unique across each level. Fr example, Windows won’t allow you to save two files with the same names in the same directory. Similarly, Ldap Server consists of a hierarchical view of organization resource information. A resource is a set of name-value pairs with one unique identifier. For example, an employee in a company is a resource in LDAP. Each employee resource consists of username, password, name, employee id, gender, etc. Here the employee ID is the unique identifier.

Usually, an organization saves all the user information including the username and password in LDAP server. Timesheet is one of the applications almost every organization has now. Instead of duplicating the user information in Timesheet from the LDAP server, the company can simply integrate it with their LDAP server. It has many benefits, for example, If the user wants to change the password he needs to update the password in one place which indirectly an LDAP server that affects all the applications immediately.

Similarly, Oracle BI Publisher is one of the report development and access application. Integrating the Oracle BI Publisher and  LDAP server can help a user to log into the application with their existing employee username and password instead of creating a user account separately for the BI Publisher.

By default, Bi Publisher is configured with Oracle Fusion Middleware security. The BI will access the user and the authentication information from the FMW (WebLogic Enterprise Manager) and then FMW will communicate to the WebLogic – security realms through the Oracle Virtual Directory for the user records. The WebLogic security realms will communicate to the external LDAP server and fetch the user records. The flow goes like below

Long story simple, if your BI Publisher is Oracle Fusion Middleware Security enabled and you want to integrate BI Publisher and LDAP server, then your must do two things.  They are

1. Configure your LDAP server in WebLogic Server – Security Realm 

2. Enable Oracle Virtual Directory in Fusion Middleware

Once the above two steps are done. You can either assign an LDAP group or the LDAP user to the BI Publisher role. Suppose you can assign an LDAP group under role BI Consumer; After that, the users under the LDAP group can log in and run reports in BI Publisher.

In this section, I have detailed the above two topics in detail with screenshots, that is the integration of BI Publisher and  LDAP. Let’s go through each section one by one

1. Configure Your LDAP provider in WebLogic Server – Security realm 

By default, WebLogic Server supports many LDAP server to connect. For example, Microsoft Active Directory, SUN iPlanet, etc. All we need is to fill the out LDAP server information in the corresponding provider form in WebLogic. Follow the link for step by step instruction to configure an external LDAP server in WebLogic Server

http://www.catgovind.com/weblogic/weblogic-ldap-integration-oracle-unified-directory/

2. Enable Oracle Virtual Directory in Fusion Middleware

Here we are going to enable OVD.  You can completely skip the section 2.1 if are not enabled SSL on LDAP server in WebLogic and go directly to the 2.2. By default, the  LDAP runs on port  386 and the SSL-enabled LDAP port runs on 636. 

2.1) Apply the step 2.1.1 to 2.1.5 only if you enabled SSL on LDAP in WebLogic Console in BI server 

I have provided the following instruction for Unix server. Open a command prompt and set the following environment variables 

2.1.1) Set WL_HOME

Login into BI Admin Server and set the environment variable 

WL_HOME=/wlserver_10.3/

export WL_HOME

2.1.2)  Set JAVA_HOME

JAVA_HOME=

export JAVA_HOME

2.1.3) SET ORACLE_HOME

ORACLE_HOME=

export ORACLE_HOME

2.1.4) Go to Oracle_Common/bin directory & issue the command  libovdconfig.sh 

cd /oracle_common/bin

./libovdconfig.sh -host  
-port  -userName  
-domainPath  -createKeystore

For Example:

./libovdconfig.sh -host localhost -port 7001 -userName weblogic -domainPath /usr/local/oracle/middleware/ user_projects/domains/bi/ -createKeystore

• It asks for a password. Input a new password

2.1.5) Go to JDK/bin directory and import your SSL root certificate 

 Go to your JDK bin directory and issue the command like below. Replace, the bracket with your value 

cd /Oracle_BI1/jdk/bin

./keytool -import -keystore 
/config/fmwconfig/ovd/default/keystores/adapters.jks 
-storepass  
-alias  -file 

For Example: 

./keytool -import -keystore /usr/local/oracle/middlewre/user_projects/domains/bi/config/fmwconfig/ovd/default/keystores/adapters.jks -storepass **** -alias OVDKeystore -file

2.2 Enable LIVOVD

2.2.1) Login into WebLogic Enterprise Manager >> Expand WebLogic Domain >> Right click on BI domain and select Security, Credentials

2.2.2) Click on the Configure button under Identity Store Provider

2.2.3) Add the following properties. These are Case Sensitive

That’s all about BI Publisher and  LDAP integration. Restart the Admin and managed servers and try access your LDAP usernames and groups in the BI roles. J