How to integrate Oracle BI Publisher and LDAP in WebLogic Server


062117_0236_Howtointegr1 How to integrate Oracle BI Publisher and LDAP in WebLogic server


LDAP server is like a directory structure in Windows file system. A file system consists of a hierarchical view of files and folders. The name of the file must be unique across each level. Fr example, Windows won’t allow you to save two files with the same names in the same directory. Similarly, LDAP server consists of a hierarchical view of organization resource information. A resource is a set of name-value pairs with one unique identifier. For example, an employee in a company is a resource in LDAP. Each employee resource consists of username, password, name, employee id, gender, etc. Here the employee ID is the unique identifier.

Usually, an organization saves all the user information including the username and password in LDAP server. Timesheet is one of the applications almost every organization has now. Instead of duplicating the user information in Timesheet from the LDAP server, the company can simply integrate it with their LDAP server. It has many benefits, for example, If the user wants to change the password he needs to update the password in one place which indirectly an LDAP server that affects all the applications immediately.

Similarly, Oracle BI Publisher is one of the report development and access application. Integrating the Oracle BI Publisher and  LDAP server can help a user to log into the application with their existing employee username and password instead of creating a user account separately for the BI Publisher.

By default, Bi Publisher is configured with Oracle Fusion Middleware security. The BI will access the user and the authentication information from the FMW (WebLogic Enterprise Manager) and then FMW will communicate to the WebLogic – security realms through the Oracle Virtual Directory for the user records. The WebLogic security realms will communicate to the external LDAP server and fetch the user records. The flow goes like below


062117_0236_Howtointegr2 How to integrate Oracle BI Publisher and LDAP in WebLogic server


Long story simple, if your BI Publisher is Oracle Fusion Middleware Security enabled and you want to integrate BI Publisher and LDAP server, then your must do two things.  They are


1. Configure your LDAP server in WebLogic Server – Security Realm 

2. Enable Oracle Virtual Directory in Fusion Middleware


Once the above two steps are done. You can either assign an LDAP group or the LDAP user to the BI Publisher role. Suppose you can assign an LDAP group under role BI Consumer; After that, the users under the LDAP group can log in and run reports in BI Publisher.

In this section, I have detailed the above two topics in detail with screenshots, that is the integration of BI Publisher and  LDAP. Let’s go through each section one by one


1. Configure Your LDAP provider in WebLogic Server – Security realm 

By default, WebLogic Server supports many LDAP server to connect. For example, Microsoft Active Directory, SUN iPlanet, etc. All we need is to fill the out LDAP server information in the corresponding provider form in WebLogic. Follow the link for step by step instruction to configure an external LDAP server in WebLogic Server


2. Enable Oracle Virtual Directory in Fusion Middleware

Here we are going to enable OVD.  You can completely skip the section 2.1 if are not enabled SSL on LDAP server in WebLogic and go directly to the 2.2. By default, the  LDAP runs on port  386 and the SSL-enabled LDAP port runs on 636. 



2.1) Apply the step 2.1.1 to 2.1.5 only if you enabled SSL on LDAP in WebLogic Console in BI server 


I have provided the following instruction for Unix server. Open a command prompt and set the following environment variables 


2.1.1) Set WL_HOME


Login into BI Admin Server and set the environment variable 



2.1.2)  Set JAVA_HOME






2.1.4) Go to Oracle_Common/bin directory & issue the command 



For Example:

./ -host localhost -port 7001 -userName weblogic -domainPath /usr/local/oracle/middleware/ user_projects/domains/bi/ -createKeystore

  • It asks for a password. Input a new password


2.1.5) Go to JDK/bin directory and import your SSL root certificate 


 Go to your JDK bin directory and issue the command like below. Replace, the bracket with your value 



For Example: 

./keytool -import -keystore /usr/local/oracle/middlewre/user_projects/domains/bi/config/fmwconfig/ovd/default/keystores/adapters.jks -storepass **** -alias OVDKeystore -file <YOUR_ROOT_CERTIFICATE>


2.2 Enable LIVOVD


2.2.1) Login into WebLogic Enterprise Manager >> Expand WebLogic Domain >> Right click on BI domain and select Security, Credentials


2.2.2) Click on the Configure button under Identity Store Provider


062117_0236_Howtointegr4 How to integrate Oracle BI Publisher and LDAP in WebLogic server


2.2.3) Add the following properties. These are Case Sensitive


virtualize true
Username.attr <YOUR_LDAP_LOGIN_ID>
User.login.attr Same as above


That’s all about BI Publisher and  LDAP integration. Restart the Admin and managed servers and try access your LDAP usernames and groups in the BI roles. J

govindan How to integrate Oracle BI Publisher and LDAP in WebLogic server
Connect me


Thank you for visiting my personal blog. Myself Govindan, Software Developer by profession since 2006 and hence I started this blog early in 2016 and ever since I've been writing about technologies experienced and learnings of everyday life.

The views expressed on this blog are my personal views and do not necessarily reflect the views of my employer.

Please feeling free to reach me on any comments and feedbacks you have. Would be more than glad to listen and reply 🙂
govindan How to integrate Oracle BI Publisher and LDAP in WebLogic server
Connect me
By | 2017-06-21T19:08:47+00:00 June 21st, 2017|Categories: OBIEE|Tags: , |0 Comments
Like us on Facebook.