Use LDAP with Publisher
You can use Publisher with an LDAP provider for authentication only or for both authentication and authorization.
Note:
By default, Publisher allows every LDAP user to log in to the system even when no Publisher-specific roles are assigned to the user. Users cannot perform any functions that require roles, such as creating reports or data models; however if a user is assigned a role assigned permissions on catalog objects (such as traverse and open) the user can perform those tasks.
To prevent users from logging in to Publisher unless they have a Publisher role assigned, see Disable Users Without Publisher-Specific Roles from Logging In.
Configure Publisher to Use an LDAP Provider for Authentication Only
Configure Publisher to use an LDAP provider for authentication in conjunction with another security model for authorization.
Configure Publisher to Use an LDAP Provider for Authentication and Authorization
Publisher can be integrated with the LDAP provider to manage users and report access.
Create the users and roles within the LDAP server, then configure the Publisher server to access the LDAP server.
In the Publisher security center module, assign folders to those roles. When users log in to the server, they have access to those folders and reports assigned to the LDAP roles.
Integrating the Publisher with Oracle LDAP consists of three main tasks:
- Set up users and roles in the LDAP provider
- Configure Publisherr to recognize the LDAP server
- Assign catalog permissions and data access to roles
Set Up Users and Roles in the LDAP Provider
This procedure must be performed in the LDAP provider. See the documentation for the provider for details on how to perform these tasks.
To set up users and roles:
Configure Publisher to Recognize the LDAP Server
To configure Publisher to recognize the LDAP server, update the Security properties in the PublisherAdministration page.
Note:
Ensure that you understand your site's LDAP server configuration before entering values for the Publisher settings.
To configure Publisher for the LDAP Server:
The figure below shows a sample of the LDAP security model entry fields from the Security Configuration page.
If you're configuring Publisher to use LDAP over SSL, then you must also configure Java keystore to add the server certificate to JVM. See Configure Publisher for Secure Socket Layer (SSL) Communication.
Disable Users Without Publisher-Specific Roles from Logging In
To disable users without Publisher-specific roles from logging in to the Publisher server, set a configuration property in the xmlp-server-config.xml file.
The xmlp-server-config.xml file is located at:
$DOMAIN_HOME/config/fmwconfig/biconfig/bipublisher/Admin/Configuration/xmlp-server-config.xml
In the xmlp-server-config.xml file, add the following property and setting:
<property name="REQUIRE_XMLP_ROLE_FOR_LOGIN" value="true"/>