If you change the directory server used as the identity store for the authentication provider, then you must refresh the user GUIDs as described below. If you do not refresh the GUIDs and the same user name exists in both directory servers (original and new), then the original user GUID might conflict with the user GUID contained in new directory server, resulting in authentication errors.
If the same user name exists in both directory servers (original and new), the original user GUID may conflict with the user GUID contained in new directory server. A refresh forces the system to reference the user GUID contained in the new directory server. Authentication errors may result if the GUIDs are not refreshed and the system detects a mis-match for the user GUID.
- Usually the refresh GUIDs will be considered. Whenever moving the Oracle Business Intelligence components from Test to Development environment. or One production environment - to new Production.
- You do not normally refresh GUIDs in the LDAP directory (identity store users), between test and production environments, because the LDAP directories containing the GUIDs should be fan out replicas in both the test and the production environments. Possible scenarios could be:
- BI test servers and production servers are both configured against the corporate LDAP DirectoryThere is no need to refresh LDAP GUIDs.
- BI test servers are configured against a test LDAP and the production servers against the corporate LDAP, but the test LDAP is a fan-out replica of the corporate LDAPThere is no need to refresh LDAP GUIDs.
- BI test servers are configured against a test LDAP and the production servers against the corporate LDAP, but the test LDAP is not a fan-out copy of the corporate LDAP. LDAP GUID refresh is needed
Points to remember
- This task involves manually editing the configuration files to instruct Orale BI Server and Presentation servers to refresh GUIDs.
- Once completed the remove these changes from configuration files.
Update the
FMW_UPDATE_ROLE_AND_USER_REF_GUIDS
parameter in NQSConfig.INI:- Open NQSConfig.INI for editing at:
ORACLE_INSTANCE/config/OracleBIServerComponent/coreapplication_obisn
- Locate the
FMW_UPDATE_ROLE_AND_USER_REF_GUIDS
parameter and set it toYES
, as follows:FMW_UPDATE_ROLE_AND_USER_REF_GUIDS = YES;
- Save and close the file.
- Update the ps:Catalog element in instanceconfig.xml:
- Open instanceconfig.xml for editing at:
ORACLE_INSTANCE/config/OracleBIPresentationServicesComponent/
coreapplication_obipsn - Locate the ps:Catalog element and update it as follows:
<ps:Catalog xmlns:ps="oracle.bi.presentation.services/config/v1.1">
<ps:UpgradeAndExit>false</ps:UpgradeAndExit>
<ps:UpdateAccountGUIDs>UpdateAndExit</ps:UpdateAccountGUIDs>
</ps:Catalog> - Save and close the file.
- Open instanceconfig.xml for editing at:
Note : If you didn't find the ps:Catalog in instance config.xml file. Search for "catalog"
<Catalog>
<UpgradeAndExit>false</UpgradeAndExit>
<UpdateAccountGUIDs>UpdateAndExit</UpdateAccountGUIDs>
</Catalog>
- From a terminal window, stop and restart the managed processes using the
opmnctl
parametersstopall
andstartall
. You can use the parameterstatus
to verify process status throughout.The following components are involved: Oracle BI Presentation Server, Oracle BI Server, Oracle BI Scheduler, Oracle BI Cluster Controller, and Oracle BI JavaHost. - Edit the NQSConfig.INI file to reset the
FMW_UPDATE_ROLE_AND_USER_REF_GUIDS = YES
toNO
- restart the Oracle BI Servers.
- In Instanceconfig.xml file the as shown below
<Catalog xmlns="oracle.bi.presentation.services/config/v1.1">
<UpgradeAndExit>false</UpgradeAndExit>
<UpdateAccountGUIDs>none</UpdateAccountGUIDs>
</Catalog>
- Restart the Presentation Server for the instanceconfig.xml file that was updated.
- Make sure Oracle WebLogic Server and the system components are also running, if they are not running, restart them.