OBIEE 11g LDAP integration gotchas

When hooking up OBIEE 11g to an LDAP, make sure to check some factors on the LDAP side of things as well. Not all errors have to come from your configuration in WLS:

  1. LDAP users intended to replace “OracleSystemUser”, “weblogic” and “BISystemUser MUST” all reside in the same base DN that’s used to search for users in the LDAP config
  2. They also MUST all be of the same objectClass as the one referenced in the LDAP config
  3. Creating “technical users” to distinguish them from “human users” and putting them in different branches and / or storing them as different object classes (e.g. “account” or rather than “person”)

First thing you should get is an LDAP browser with which to connect to the LDAP server to check validity of the connectivity ccount (i.e. the “Principal” for LDAP connectivity) as well as structures and object types. This will save you a lot of pain and suprising behaviour due to “ceative” LDAP management.


Leave a Comment