Everything Oracle                             Home                            Everything Oracle                          

 

 

 

                   Hyperion   LDAP   Authentication     
       
          Authentication and Provisioning using OpenLDAP  

 

 

 

Introduction

 

Hyperion makes use of an open source LDAP user directory, “OpenLDAP”, for authentication and provisioning (this user directory was installed and configured as part of the Shared Services installation and configuration).  If user authentication information is already stored in an external user directory, then this external directory can be used as an alternative.

 

To find the documentation on authentication, load the “Enterprise Performance Management System Release 9.3.1 Start Here: Installation Documents and Readmes” DVD, unzip the master file, navigate to the “English” folder, unzip file “hss_93100_install_doc.zip”, and open file “hyp_security_guide.pdf”.

 

Authentication works on the standard model: users have passwords; users are allocated to groups; and groups are allocated to roles.  During Shared Services installation and configuration a default user with the master Administrator role was created.  This user has a name of “admin” and a password of “password”.

 

In this article, we’ll log on using the User Management Console, create an Administrative group, assign an Administrative role to that group, and create a user who belongs to that group.  This user will be used during subsequent stages of Hyperion installation and configuration.

 

 

Logging on to the User Management Console

 

Navigate to “Start => All Programs => Hyperion => Foundation Services => User Management Console” and press the “Launch Application” button.  On the logon screen, enter a user name of “admin” and a password of “password”, and press the “Log On” button.

 

Expand the “User Directories” and then the “Native Directory” nodes.  Click on the “Users” node and then on the “Show All” button:

*
LDAP Users

 

This screen indicates that at present the native LDAP directory has just one user – the user “admin” that you’ve used to logon.

 

 

Creating an Administrator Group

 

Click on the “Groups” node and press “Show All”:

*
LDAP Groups

 

At present only the default group, “WORLD”, exists.

 

Right-click on the “Groups” node, and select “New” from the list of menu items that appears in the pop-up window.  In the “Create Group” window, enter a name of “ADMIN” and a description of “Administrators”:

*
Create Group Screen

 

Press the “Finish” button and then the “OK” button:

*
Newly Created ADMIN Group

 

Now you have created a new group.

 

 

Provisioning the Administrator Role

 

Right click the “ADMIN” group in the right-hand pane, and select “Provision” from the list of menu items in the pop-up window.  In the “Available Roles” section, expand the “Hyperion Shared Services” node, then the “Global Roles” node, and finally the “Administrator” node, to list the functions assigned to the Administrator role.  We want all these functions, so select the “Administrator” node, and then press the top shuttle button to move the Administrator role across to the “Selected Roles” section:

         *
    Administrator Role Assignment

 

Press the “Save” button:

         *
    ADMIN Group with Assigned Role

 

Members of the “ADMIN” group will now have Administrator privileges.  Press the “OK” button to exit.

 

 

Assigning a User to the Administrator Group

 

Right-click on the “Users” node, and select “New” from the list of menu items in the pop-up window.  Enter values as follows: user name, “sysadmin”; first name, “sysadmin”; last name, “none”; description, “Administrative User”; together with a password of your choice:

*
Create User Screen

 

Press “Next” and then “Go”.  Click on the radio button next to “ADMIN” under “Available Groups” in the left-hand section, and then press the top shuttle button to move the group across to the “Assigned Groups” section:

         *
    Assign Group Membership Screen

 

Press “Finish”, “OK”, and then “Show All”:

*
Newly Created User

 

You have now created a user “sysadmin”, belonging to the group “ADMIN”, which has the “Administrator” role.

 

 

Verifying User Assignment

 

Log off from the User Management Console by selecting from the menu “File => Log Off => Yes”.

 

To confirm that the user has been correctly assigned, log on using a user name of “sysadmin” and the selected password.

 

Log off and exit the User Management Console.

 

 

 

                          Everything Oracle                             Home                            Everything Oracle                          

 

Copyright © 2008 PWG Consulting, All Rights Reserved