Cannot Login to OBIEE following Implementation Of MS Active Directory LDAP Authentication (Doc ID 1566463.1)

Last updated on APRIL 08, 2022

Applies to:

Business Intelligence Suite Enterprise Edition - Version 11.1.1.6.6 and later
Information in this document applies to any platform.

Symptoms

Cannot login to Analytics following implementation of LDAP authentication
Implemented an MS Active Directory (AD) LDAP authenticator. Since doing so, users have been unable to access OBIEE.

ERROR
-----------------------
"Invalid user or password" is received on trying to login (invalid user/password)

Other errors seen:

bi_server1-diagnostic.log
--------------------------------
[<timestamp>] [bi_server1] [ERROR] [OBI-SEC-00003] [oracle.bi.security.service] [tid: [ACTIVE].ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: BISystemUser] [ecid: <ECID>,0:122:1:8:1] [WEBSERVICE_PORT.name: SecurityServicePort] [APP: bimiddleware#11.1.1] [J2EE_MODULE.name: bimiddleware/security] [WEBSERVICE.name: SecurityService] [J2EE_APP.name: bimiddleware_11.1.1] Error during initialization[[
oracle.bi.security.service.SecurityServiceException: SecurityService::validateSystemUserSystem user could not be authenticated
at oracle.bi.security.service.SecurityServiceBean.validateSystemUser(SecurityServiceBean.java:963)
.
Caused by: oracle.ods.virtualization.service.VirtualizationException: oracle.ods.virtualization.engine.util.DirectoryException: LDAP Error 49 : [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 775, v1db1
.
Caused by: oracle.ods.virtualization.engine.util.DirectoryException: LDAP Error 49 : [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 775, v1db1

nqserver.log
--------------
[<timestamp>] [OracleBIServerComponent] [ERROR:1] [] [] [ecid: <ECID>] [tid: 442aa940] Error Message From BI Security Service: oracle.bi.security.service.SecurityServiceException: SecurityService::validateSystemUserSystem user could not be authenticated
[<timestamp>] [OracleBIServerComponent] [ERROR:1] [] [] [ecid: <ECID>] [tid: 442aa940] [nQSError: 43126] Authentication failed: invalid user/password.

[<timestamp>] [OracleBIServerComponent] [NOTIFICATION:1] [] [] [ecid: <ECID>] [tid: 4114e940] Could not connect to the authentication web service (taking OBIS offline) xx:xxx.xxx.xx[nQSError: 12002] Socket communication error at call=Connect: (Number=107) Transport endpoint is not connected [[
[nQSError: 12010] Communication error connecting to remote end point: address = <xx.xxx.xxx.xx>; port = 9704.
[nQSError: 46119] Failed to open HTTP connection to server <xx.xxx.xxx.xx> at port 9704.
]]

sawlog0.log
-----------------
]]
[<timestamp>] [OBIPS] [ERROR:31] [] [saw.connectionPool.getConnection] [ecid: ] [tid: ] Authentication Failure.
Odbc driver returned an error (SQLDriverConnectW).
State: 08004. Code: 10018. [NQODBC] [SQL_STATE: 08004] [nQSError: 10018] Access for the requested connection is refused.
[nQSError: 43113] Message returned from OBIS.
[nQSError: 43126] Authentication failed: invalid user/password. (08004)[[
File:connection.cpp
Line:395
Location:
saw.connectionPool.getConnection
saw.webextensionbase.init
saw.sawserver
ecid:
]]
The issue can be reproduced at will with the following steps:
1. Setup Active Directory authentication by following the steps seen in document:
  - Oracle® Fusion Middleware Security Guide for Oracle Business Intelligence Enterprise Edition 11g Release 1 (11.1.1)
  - https://docs.oracle.com/middleware/bi12214/biee/BIESC/GUID-99968A33-0D49-41AE-83CC-A3CA4112E9F1.htm#GUID-662AE99F-C422-42CA-AC5E-49BA3055B593
  OBIEE 11g Specifically section:
  
  > 3 Using Alternative Authentication Providers
  > 3.4 Configuring Alternative Authentication Providers
  > 3.4.2 Configuring Active Directory as the Authentication Provider