Tuesday 1 October 2013

Testing LDAP Authentication -OBIEE11G


When setting up a LDAP / AD connection in OBIEE, you sometimes want to login as different users to verify if all the parameters are being extracted correctly. This can be a challenge because we do not know the passwords of the users in this case.

To get around this, we can initialize the password for a manual initialization block so all users will validate against a static password, but still get all other attributes from LDAP.
To do this, we need to remove the USER variable from LDAP and create a new init block to return USER from a static initialization block as displayed below. All the other variables (DISPLAYNAME, ROLES, GROUPS) can continue to be populated by the LDAP initialization block.

The init block below will allow any user to login as long as the password entered is P@ssw0rd12345. If the user exists in LDAP, additional attributes for that user will also be fetched from LDAP.