Proactive insights, news and tips from Oracle Hyperion EPM and BI Support. Learn Oracle from Oracle.

  • June 2, 2015

Caution using Microsoft Active Directory with OBIEE

Guest Author

Please be aware that if you are using Microsoft Active Directory (MSAD) or a 3rd Party LDAP as the Identity Store, and also
use the virtualize=true option you will be unable to log in to Oracle Business Intelligence Enterprise Edition (OBIEE)
This relates to Bug 20188679.

This issue is now fixed with cumulative Patch 21895214.
(This includes the fix from Patch 20188679 !)

Please refer to the KM notes:

  • OBIEE 11g: Alert: Users Unable to Log in to OBIEE if Using MSAD or Other Third-Party LDAP as the Identity Store and Virtualization is Set to true. ( Doc ID 2016571.1)


  • OBIEE 11g ( With Microsoft Active Directory Authentication Provider (Identity Store) Configured, OBIEE Logins Fail With "Unable to find user {0} in identity store"
    ( Doc ID 2062681.1)

for more information

Post Update 5-Oct-2015: Blogpost updated as requested by Lia to include new patch 21895214

Post Update 3-May-2015: Article updated to extend reference to 3rd party LDAP in addition to MSAD.

Join the discussion

Comments ( 12 )
  • andreml Wednesday, June 3, 2015

    We just installed the patch and activated the virtualize = true .

    Afterwards the "weblogic" (WLS-internal) user was able to Login.

    However ALL OTHER users (authenticated over MSAD) can longer login to the BIserver.

    We removed the virtualize flag again (to make it work like bevor the patch).

    Now the situatuion / behavior is exactly the same like bevor the patch.

  • Lia Nowodworska Wednesday, June 3, 2015

    Hi Andre,

    Please log an SR with support asap so that further analysis can be done to resolve your issue. We can't diagnose it via this blog but would be happy to hear the outcome once fixed.



  • guest Wednesday, June 3, 2015


    SR has been logged a few minutes ago.

    Will let you know.


  • guest Friday, June 5, 2015

    is there a list of patches for OBIEE published like the list available for EPM patches at https://blogs.oracle.com/proactivesupportEPM/entry/epm_psu_201505?

  • Lia Nowodworska Friday, June 5, 2015

    Hi Russ,

    OBIEE patches aren't released as frequently as EPM they therefore don't need a monthly summary.

    The best place to look is here:


    It has the full list and is updated on the day the patch is released. We will also announce in this blog.

    Typically OBIEE patchesets are released quarterly.

    I hope this helps.


  • Juan Luis Tuesday, June 9, 2015

    Hi, we try installed the patch but an error appear.

    Prerequisite check "CheckApplicable" failed.

    The details are:

    Patch 20188679: Required component(s) missing : [ oracle.jrf.opss, ]

    Can you hel us

    Thanks a lot.

  • Lia Nowodworska Wednesday, June 10, 2015

    Hi Juan,

    As per the readme:


    This should enable you to install the patch. If you have further issues please log a SR.



  • guest Wednesday, June 24, 2015

    Hi all,

    We've got the same issue like andreml. We installed the patch and weblogic user is now able to login. However, all Active Directory Users are not able to login. We also use virtualize = true.

    GUIDS have already been refreshed.

    Any ideas how to solve this?



  • Martin Thursday, June 25, 2015

    Hi Toby,

    I did some research and found just another info inside an SR on this:

    Base is https://support.oracle.com/rs?type=doc&id=1273961.1

    As to that info "The steps to resolve the issue are to set the AD Authenticator at THE TOP of the list, and remove the two attribute parameters."

    Can you give that a try, please - and let us know the result, even if it works?

    Thanks and Regards,


  • Toby Thursday, June 25, 2015

    Hi Martin,

    thanks for your response.

    I did what you mentioned. It did not work until I removed the virtualize attribute. After removing the virtualize attribute AD users are able to login. However, this is NOT acceptable for us since we need at least two authentication providers as we are retrieving user responsibilities from Siebel via BISQLGroupProvider.

    I thought that the patch would resolve issues related to virtualization. Unfortunately, it does not.

    Any other ideas?



  • Martin Thursday, June 25, 2015

    Hi Toby,

    unfortunately I can't help you out of the box - but I can help getting things rolling:

    Please open a Service Request for this

    Tell them every step you did already, and all the failures.

    Ask them to get me invovled - Martin Wiesner, Proactive Support

    In the mean time I'll see if I can grab additional informations from other people who are more familiar with the depths of that topic.

    Thanks and Regards,


  • guest Wednesday, July 8, 2015


    MOS has confirmed there is definitely a (still) bug regarding MSAD (at least with that).

    So it's definitely (again) clear the former patch did not patch anything - at least not for good.

    I think people here schuld know this.


Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.