Configure a Database Adaptor to Retrieve Group Information
You configure a database adaptor to make it appear like an LDAP server to enable the virtualized identity store provider to retrieve group information from a database using the database adapter.
In this task you create a file containing the elements for an adapter templates that specifies how to use your database tables as an identity store to map groups. The file describes the mapping of the GROUPMEMBERS_VW view to a virtual LDAP store. The view uses an outer join to ensure that you can reference fields from more than one table by the database adaptor.
-
Create a file named bi_sql_groups_adapter_template.xml.
-
Adapt the following elements to match your table and column attributes against LDAP server attributes.
Note:
For the element:
<param name="ReplaceAttribute" value="uniquemember={cn=%uniquemember%,cn=users,dc=oracle,dc=com}"/>This must match the user attribute and root User DN of the main authenticator. For example, for the default authenticator:
uid=%uniquemember%,ou=people,ou=myrealm,dc=bifoundation_domain<?xml version = '1.0' encoding = 'UTF-8'?> <adapters schvers="303" version="1" xmlns="http://www.octetstring.com/schemas/Adapters" xmlns:adapters="http://www.w3.org/2001/XMLSchema-instance"> <dataBase id="directoryType" version="0"> <root>%ROOT%</root> <active>true</active> <serverType>directoryType</serverType> <routing> <critical>true</critical> <priority>50</priority> <inclusionFilter/> <exclusionFilter/> <plugin/> <retrieve/> <store/> <visible>Yes</visible> <levels>-1</levels> <bind>true</bind> <bind-adapters/> <views/> <dnpattern/> </routing> <pluginChains xmlns="http://xmlns.oracle.com/iam/management/ovd/config/plugins"> <plugins> <plugin> <name>VirtualAttribute</name> <class>oracle.ods.virtualization.engine.chain.plugins.virtualattr.VirtualAttributePlugin</class> <initParams> <param name="ReplaceAttribute" value="uniquemember={cn=%uniquemember%,cn=users,dc=oracle,dc=com}"/> </initParams> </plugin> </plugins> <default> <plugin name="VirtualAttribute"/> </default> <add/> <bind/> <delete/> <get/> <modify/> <rename/> </pluginChains> <driver>oracle.jdbc.driver.OracleDriver</driver> <url>%URL%</url> <user>%USER%</user> <password>%PASSWORD%</password> <ignoreObjectClassOnModify>false</ignoreObjectClassOnModify> <includeInheritedObjectClasses>true</includeInheritedObjectClasses> <maxConnections>10</maxConnections> <mapping> <joins/><objectClass name="groupofuniquenames" rdn="cn"> <attribute ldap="cn" table="GROUPMEMBERS_VW" field="G_NAME" type=""/> <attribute ldap="groupnameattr" table="GROUPMEMBERS" field="G_NAME" type=""/> <attribute ldap="description" table="GROUPMEMBERS_VW" field="G_NAME" type=""/> <attribute ldap="uniquemember" table="GROUPMEMBERS_VW" field="G_MEMBER" type=""/> <attribute ldap="orclguid" table="GROUPMEMBERS" field="G_NAME" type=""/> </objectClass> </mapping> <useCaseInsensitiveSearch>true</useCaseInsensitiveSearch> <connectionWaitTimeout>10</connectionWaitTimeout> <oracleNetConnectTimeout>0</oracleNetConnectTimeout> <validateConnection>false</validateConnection> </dataBase> </adapters> -
Customize appropriate sections for the following elements:
-
ReplaceAttribute
Specifies how to define the unique member for a group. The
%uniquemember%is a placeholder for a value that is passed at runtime when looking up whether a user is a member of a group.The only aspect of this element you may want to change is the specification of the root for your users. While this is notional, by default it must match whatever you specify as the root of your user population when you run the
libovdadapterconfigscript in Step 7. -
groupofuniquenenames
Specifies how group attributes are mapped to database fields.
You must map the following attributes:
-
cn maps to a unique name for your group.
-
uniquemember maps to the unique name for your user in the user/group mapping table in your database schema.
Mapping the following attribute is optional:
-
description is optional.
No other attributes are configurable.
-
-
-
Copy the adapter file into the following folder:
ORACLE_HOME/oracle_common/modules/oracle.ovd/templates/ -
Open a command prompt/terminal at:
ORACLE_HOME/oracle_common/bin -
Ensure the following environment variables are set, for example:
-
ORACLE_HOME=oraclehome -
WL_HOME=ORACLE_HOME/wlserver/ -
JAVA_HOME=ORACLE_HOME/jdk/jre
-
-
Run the
libovdadapterconfigscript to create a database adapter from the template file. The syntax is:libovdadapterconfig -adapterName <name of adapter> -adapterTemplate <name (NOT including path) of template file which defines adapater> -host localhost -port <Admin Server port> -userName <user id of account which has administrative privileges in the domain> -domainPath <path to the BI domain> -dataStore DB -root <nominal specification of a pseudo-LDAP query to treat as the "root" of this adapter - must match that specified in template for adapter 2 above> -contextName default -dataSourceJNDIName <JNDI name for DataSource which points at the database being mapped>
For example:
./libovdadapterconfig.sh -adapterName biSQLGroupAdapter -adapterTemplate bi_sql_groups_adapter_template.xml -host localhost -port 9500 -userName weblogic -domainPath /opt/oracle_bi/user_projects/domains/bifoundation_domain/ -dataStore DB -root cn=users,dc=oracle,dc=com -contextName default -dataSourceJNDIName jdbc/BIDatabaseGroupDS
Note:
Use the JNDI name and not just the DS name for the dataSourceJNDIName.
Note:
The root parameter value should match the root dn specified in the
<param name>="replaceattribute"element in the adaptor template. For example, if user is specified in the default authenticator, set the root to ou=people, ou=myrealm, dc=bifoundation_domain.The script should exit without error.
-
Restart WebLogic Administration Server and Managed servers.
Note:
When you start WebLogic, you can ignore the following Warning: BISQLGroupsProvider: Connection pool not usable .
Log in to WebLogic and Oracle Analytics Server using credentials stored in the database.