This chapter summarizes the authentication methods supported by Oracle Business Intelligence. The Oracle Business Intelligence server supports the methods of authentication shown in Table 11.

Authentication on LDAP and ADSI servers uses Oracle Business Intelligence Server session variables. Some session variables, such as PASSWORD, are populated automatically. They receive their values when a user begins a session by logging on. Instead of storing user names and passwords in an Oracle Business Intelligence Server repository, the Oracle Business Intelligence Server passes the user's user name and password to an LDAP server for authentication.

Some session variables, such as GROUP, need to be manually created in the Oracle BI repository. Initialization blocks specify the attributes to be retrieved in session variables. Certain session variables, called system session variables, have special uses. For more information about session variables, the USER system variable, and the Variable Manager, see the appropriate topics in Oracle Business Intelligence Server Administration Guide or Oracle Business Intelligence Server Administration Tool Online Help.

The following key restrictions apply to LDAP and ADSI authentication:

• Importing of user information into the repository is supported on regular LDAP servers, but not supported on ADSI servers.
• Groups are defined in the repository. However, if lists of users are stored on LDAP servers, the group membership information must be obtained from a database table.
• When a User exists in both the repository and in an external source (such as LDAP servers), the local repository User definition takes precedence. This restriction allows the Oracle Business Intelligence Server Administrator to override users that exist in an external security system.