OBIEE 11g: When Using Multiple Configurations of the Same LDAP Provider For Different User Base DNs, Only Users From First Ordered Provider Can Authenticate (Doc ID 1916177.1)

Last updated on JULY 13, 2015

Applies to:

Business Intelligence Server Enterprise Edition - Version 11.1.1.7.0 to 11.1.1.9.0 [Release 11g]
Information in this document applies to any platform.

Symptoms

When multiple configurations of the same authenication providers are configured in the Weblogic security realm using the same remoteBase (i.e. - you may perform this configuration if you have users that exist under different User Base DNs),  only the users from the first provider are searchable and displayed in Enterprise Manager when mapping roles. 

In Weblogic Administration console, users and groups from all the Provider userbase DN's are viewable.

Additionally, only users in the first ordered provider will authenticate in OBIEE. Authenticator virtualization is enabled with libOVD (virtualize=true) and the provider Control Flags are set to SUFFICIENT.

For example, there may be two LDAP providers defined in WebLogic realm with different Base DNs pointing to the two different OUs in the same LDAP server.

 

Errors in AdminServer-diagnostic.log and nqserver.log:

 

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms