Weblogic - Oracle BI Publisher -- AD authentication - Configuring LDAPs

Recently, we needed change the authentication protocol that was used by a BI Publisher enviroment.. The environment was authenticating the users from Active Directory and it was using LDAP. Well, we needed to make it more secure.. That is, we needed to convert it to LDAPs. (Lightweight Directory Access Protocol (Over SSL))

It seems there are 2 ways to do that.. Actually there are 2 ways to configure BI Publisher to use LDAP or LDAPS.

One way is to use BI Publisher's administration page..

We just click Security Configuration under Security Center which is accessible through the Administration page. Then we create a local superuser and  we use authorization region to select our security model. ( LDAP in this case)

We can configure both LDAP and LDAPs configuration using this page and we restart the BI Publisher when we are done. (It is needless to say that , we must also add the relevant server certificate to the relevant java keystore)

Example of the Authorization region:

This method is already documented in "Oracle Fusion Middleware Administrator's Guide for Oracle Business Intelligence Publisher"- Section :  "Configuring the BI Publisher Server to Recognize the LDAP Server"

Anyways, there is another way and it is through the Weblogic Admin Console.

Actually, this method is the one that we used for making this environment use LDAPs.

Actually, we used this method because, when we checked the BI Publisher's admin console, we saw that the configuration under the authorization region that I mentioned above was just empty.. On the other hand; the environment was using LDAP to authenticate its users.. So, the current LDAP configuration (which was done by someone else earlier) was directly done through the weblogic admin console and that's why we decided to change LDAP to LDAPs directly using the Weblogic console.. 

Here is the action list;

Home >Summary of Security Realms >myrealm >Providers >DefaultAuthenticator

Change host  (if required) 
Change port(636)  --default LDAPS port
select “SSLEnabled” check box -- we are enabling LDAP over SSL, right..

Go to Summary of Servers-bi_server1-Configuration-Keystore. (bi_server1 is the name of the BI Publisher 's managed server .. Yours might be different)

Check the "Java Standard Trust Keystore" and note the value of it.. (We will use that in your keytool import command later.)

Set the proper environment in the shell; 

Example:

JAVA_PATH=/obi/wls/Oracle_BI1/jdk/bin/
KEYTOOL_PATH=/obi/wls/Oracle_BI1/jdk/bin/keytool
KEYSTORE_PATH=/obi/wls/Oracle_BI1/jdk/jre/lib/security/cacerts

Import the required certificate for the LDAPS communication.. (The certificate of the LDAP server -- Active Directory usually .. Note that, Customer or AD admin will give that certificate to you..)

/obi/wls/Oracle_BI1/jdk/bin/keytool -import -alias ermanad_2020 -file /tmp/ermanad.cer -trustcacerts -v -keystore /obi/wls/Oracle_BI1/jdk/jre/lib/security/cacerts

Display the imported certificate just in case..

obi/wls/Oracle_BI1/jdk/bin/keytool -list -v -keystore /obi/wls/Oracle_BI1/jdk/jre/lib/security/cacerts -alias ermanad_2020

Restart Weblogic Services and that's it ! :)