How to get group information in case of AD , LDAP authentication?

In the previous post we have seen how to set up LDAP authentication in OBIEE .
If you have not read that I would advice you to read the article
here

In this post will go through limitations of Microsoft AD implementation for SSO.

LDAP Limitations with Microsoft AD

We can not use import ,import all or synchronize users from OBIEE admin in case of  AD.And we can not even get the user’s group defined in the AD.

As in case of groups it returns an array of chars and OBIEE does not understand it as a group name.( it requires group names separatedby ; )

So in we can not implement the security at User level we have to set the security at group level only.

let say we have user devang in LDAP.  and it belongs to a group called PowerUser.

Step 1 Create a database table and make entries

let say  our database table which has user and group called:  USER_SECURITY_GROUPS.

It has enty as user , group = devang,PowerUser

Step 2 Create a init block to get the user group information from database table

Lets called the initialization block as initGroup and create it as show below.

initiGroup creation

Note : in execution precedence make sure that initLDAP gets executed first. So that users gets authenticated and then get the group name from database table.

set 3 Create group in OBIEE repository

Create a group called PowerUser in OBIEE repository

Manage– > Security  –> Groups and create a new group

LDAP Group in Admin

set the permission for the group as required.

Step 4 Create a same catalog group in OBIEE answers.

Go to Setting — > Administration — > Manage Presentation Catalog Groups and Users

Group in Answers

Create a new catalog group