I am using OBIEE 12c for BI Analytics. The LDAP authentication is set up in WebLogic by creating MSAD_Provider.
Security Realm -> myrealm -> Providers -> MSAD_Provider
Under Configuration -> Common, I set:
Control Flag = SUFFICIENT
Under Configuration -> Provider Specific, here are the following settings:
Connection
Host: ldap1.domain.com ldap2.domain.com
Port: 389
Principal: AD user with admin/read access to users and groups information.
Credential: password for the Principal user specified above.
Users
User Base DN: OU where all users exist.
All Users Filter: (&(sAMAccountName=*)(objectclass=user))
User From Name Filter: (&(sAMAccountName=%u)(objectclass=user))
User Search Scope: subtree
User Name Attribute: sAMAccountName
User Object class: user
Groups
Group Base DN: OU where all groups exist.
All Groups Filter: (&(CN=*)(objectclass=group))
Group From Name Filter: (&(CN=%g)(objectclass=group))
Group Search Scope: subtree
Group Membership Searching: unlimited
Max Group Membership Search Level: 10
General
Connect Timeout: 30
Connect Retry Limit: 1
Parallel Connect Delay: 0
Result Time Limit: 0
After saving and applying all the changes, it's time for me to test if LDAP server can fail over in case one of them fails to operate.
I understand the host on the left (ldap1) is always a primary server OBIEE will authenticate. If the primary server is down, OBIEE will authenticate the secondary server on the right (ldap2) instead. Unfortunately, when ldap1 is down and I log in OBIEE page with my AD user, it will keep forever loading with a white page. Interestingly, when ldap1 is still up and ldap2 is down, it also keeps loading with a white page. This is a weird situation how the secondary server being down while the primary server being up affects the authentication.
I would like to seek suggestions how to resolve this.
