Siebel Business Analytics Applications – BAAD (June 2006)

LDAP CONFIGURATION:

This is not a business centric demonstration, but is intended to document and explaining how LDAP authentication works using OID as an example. This is only one small
part of Oracle BI Enterprise Edition’s security capabilities, and Sales consultants should review security documentation to adequately convey our overall message.

TECHNICAL DETAILS FOR SCS:

Oracle Corporation Confidential Page 1

Siebel Business Analytics Applications – BAAD (June 2006)

Notes What you do What you see

There are three configuration options (see below). The demonstration image has been set up with NQS (default). Other options include DATABASE and BYPASS_NQS.

NQS

Authentication is done by the Siebel Analytics Server. The First connection pool for this database is used for authentication. Users and Groups are maintained within the repository and
webcat. Access to data and objects are managed within these two files.
NOTE: For Siebel Analytics applications, the Siebel Analytics Server in turn can be set up to authenticate using Microsoft ADSI, an LDAP server, or a database.
See the topic “Setting Up LDAP Authentication in Analytics” on page 211 of the Installation and Configuration Guide.

DATABASE:

There are 2 types of Database Authentication. The first allows the use of a table or set of tables within the database to idenity users and passwords. In the configuration the SQL
Statement required to verfiry the userid and password is specified within the initialization block. The second type is to use database logons. The user is authenticated if the database
accepts their individual userid and password.

Specify the database name in the Physical Layer of the repository to be used for database authentication. When the user logs into the Siebel Analytics Server, the submitted logon
name and password is used to connect to the database. If this connection succeeds, the user is considered to be successfully authenticated.

Data access is controlled within Siebel Analytics.

BYPASS_NQS

In this model the data security is managed by the database. Each query is validated by the database.Authentication is against the database to which user queries are sent, using the
submitted user name and password. For example, if a user runs a query tool against the Siebel Analytics Server with the user name of “Test” and a password of “Test,” this user name
and password are used to connect to the underlying database server. If this represents a valid user to the underlying database server, the user is considered authenticated. The user’s
privileges are enforced by the underlying database server based upon the user name used to log in, as appropriate.

Oracle Corporation Confidential Page 2

Siebel Business Analytics Applications – BAAD (June 2006)

LDAP configuration is done in Log into the repository.

the Repository. Other steps
are however required for
access to subject areas,
dashboards, row level
security, etc. (not covered
here).

Create a new initialization Create new initialization block.

block called NQ_SYSTEM.
NQ_SYSTEM is a reserved
initialization block. You must
use this name (if it does not
already exist).
General Tab:
• select NQ_SYSTEM (reserved block name,
not just any block):
• enable
• data source - LDAP, create new source,
ensure you select LDAP rather than database.

Oracle Corporation Confidential Page 3

Siebel Business Analytics Applications – BAAD (June 2006)

LDAP configuration. Configure the LDAP server. Note: You will likely
need to change the host name from oracle2go to
the IP address of your BIC2G: SE/SCE machine
(or other OID or LDAP server) as there may be
other oracle2go servers running on the network.

This example is set up for BIC2G:SCE (or

BIC2G:SE when it is released).

Test your connection and trouble shoot if

necessary (ensure you can ping your server).

Oracle Corporation Confidential Page 4

Siebel Business Analytics Applications – BAAD (June 2006)
Add new variables. USER,
GROUP, and PASSWORD
are reserved variable names.
Oracle Corporation Confidential
Variables Tab:
• Create new variables USER, PASSWORD,
AND GROUP (optional)
• USER - maps to uid (OID attribute)
• PASSWORD maps to userpassword (OID
attribute)
• I mapped GROUP to departmentnumber (OID
attribute)
Test button does not work (user authentication
failure).
Restart the Server and Web.
Log into web. Enter your OID user (case
insensitive, but does create a new web user with
OID case) and password, and you're in.
New user is created in SA web, is a member of the
departmentnumber group of the same name, and
has a new folder.
Page 5
Siebel Business Analytics Applications – BAAD (June 2006)

Oracle Corporation Confidential Page 6