My Oracle Support Banner

OBIEE 11g: The 'All Users' Filter in the Web Logic Server (WLS) Security Provider is not Applied in Enterprise Manager (EM) and All Users in the User Base DN can login to OBIEE (Doc ID 2083225.1)

Last updated on MARCH 01, 2019

Applies to:

Business Intelligence Server Enterprise Edition - Version to [Release 11g]
Information in this document applies to any platform.


Users are to be authenticated (and authorized) via an Active Directory LDAP.

An Authentication Provider is created via the WebLogic Server (WLS) Console; for example, see a few of the provider specific configurations as below:-
   Name: MyADAuthenticator
   User Base DN: DC=myUserBaseDN,DC=net
   All Users Filter: (|(memberOf=CN=OBI Users,OU=myOrgUnit,DC=myUserBaseDN,DC=net))

And the Identity Store is configured via the Fusion Middleware Control (EM) to enable virtualization for the support of multiple authentication providers (identity stores); for example:-
   WebLogic Domain > bifoundation_domain > Right-click bifoundation_domain : Select Security - Security Provider > Click Identity Store Provider : Configure
   Add a Property in the Custom Properties area:
      Property Name=virtualize

When viewing the users in the WLS Console, the list of MSAD users contains only those users that satisfy the All Users Filter (see above).

When viewing the users in EM (for example, to add members to an Application Role), the list of MSAD users contains all those users under the User Base DN.

Similarly, any MSAD user under the User Base DN can login successfully to OBIEE, even those that do not satisfy the All Users Filter.


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.