OBIEE LDAP Authentication using Microsoft AD 2


How to get group information in case of AD , LDAP authentication?
In the previous post we have seen how to set up LDAP authentication in OBIEE .
If you have not read that I would advice you to read the article
here
In this post will go through limitations of Microsoft AD implementation for SSO.
LDAP Limitations with Microsoft AD
LDAP Limitations with Microsoft AD
We can not use import ,import all or synchronize users from OBIEE admin in case of  AD.And we can not even get the user’s group defined in the AD.
As in case of groups it returns an array of chars and OBIEE does not understand it as a group name.( it requires group names separatedby ; )
So in we can not implement the security at User level we have to set the security at group level only.
let say we have user dhwani in LDAP.  and it belongs to a group called PowerUser.
Step 1 Create a database table and make entries
let say  our database table which has user and group called:  USER_SECURITY_GROUPS.
It has enty as user , group = dhwani, PowerUser
Step 2 Create a init block to get the user group information from database table
Lets called the initialization block as initGroup and create it as show below.
initiGroup creation
initiGroup creation
Note : in execution precedence make sure that initLDAP gets executed first. So that users gets authenticated and then get the group name from database table.
set 3 Create group in OBIEE repository
Create a group called PowerUser in OBIEE repository
Manage– > Security  –> Groups and create a new group
LDAP Group in Admin
LDAP Group in Admin
set the permission for the group as required.
Step 4 Create a same catalog group in OBIEE answers.
Go to Setting — > Administration — > Manage Presentation Catalog Groups and Users
Group in Answers
Group in Answers
Create a new catalog group
Create a new catalog group