Address Lookup in External LDAP

Similar Messages

• Using external LDAP server for  WL JNDI lookups

  I'm trying to find out if it is possible to re-direct JNDI calls to the WL
  server to an external LDAP server. I know you can install an external LDAP
  server for security purposes, but I would like to use an external LDAP
  server to handle all JNDI lookups (like for JNDI EJB name location, etc.).
  Is this possible?

  You typically need to use our JNDI store. We strongly recommend this for
  performance reasons..
  You can use the JNDI To LDAP bridge which is available from the sun web
  site.
  Michael Girdley
  BEA Systems Inc
  "Jack Archer" <[email protected]> wrote in message
  news:[email protected]..
  I'm trying to find out if it is possible to re-direct JNDI calls to the WL
  server to an external LDAP server. I know you can install an external LDAP
  server for security purposes, but I would like to use an external LDAP
  server to handle all JNDI lookups (like for JNDI EJB name location, etc.).
  Is this possible?

• Identity Server using external LDAP

  anyone have idea whether ID Server can use external an LDAP server for authentication, like the Policy Server in Portal Server 3 ?
  Wilson.

  You typically need to use our JNDI store. We strongly recommend this for
  performance reasons..
  You can use the JNDI To LDAP bridge which is available from the sun web
  site.
  Michael Girdley
  BEA Systems Inc
  "Jack Archer" <[email protected]> wrote in message
  news:[email protected]..
  I'm trying to find out if it is possible to re-direct JNDI calls to the WL
  server to an external LDAP server. I know you can install an external LDAP
  server for security purposes, but I would like to use an external LDAP
  server to handle all JNDI lookups (like for JNDI EJB name location, etc.).
  Is this possible?

• How to access an External LDAP on a weblogic server using OPSS APIs.

  Hi,
  Can anyone let me know how I can access an External LDAP configured on a weblogic server using OPSS APIs( or alternative APIs).
  I'm currently using the below snippet and I'm getting only the Users and groups from the DefaultAutheticator on the weblogic server and not the external LDAP Server.
  I've verified the providers, users and groups on the weblogic server console and can see that external LDAP server content is being picked, but my below code does not query them.
  import oracle.security.idm.IMException;
  import oracle.security.idm.IdentityStore;
  import oracle.security.idm.Role;
  import oracle.security.jps.JpsContext;
  import oracle.security.jps.JpsContextFactory;
  import oracle.security.jps.JpsException;
  import oracle.security.jps.service.idstore.IdentityStoreService;
  List<Role> rowData = null;
  JpsContextFactory ctxf = JpsContextFactory.getContextFactory();
  JpsContext ctx = ctxf.getContext();
  IdentityStoreService storeService = ctx.getServiceInstance(IdentityStoreService.class);
  IdentityStore idStore = storeService.getIdmStore();
  rowData = this.getRoles(idStore, "*");
  Any help or pointers are highly appreciated.
  Thanks,
  Bhasker

  Can anyone please provide any suggestions. I trying to google around but still not able to find any solution.
  Thanks,
  Bhasker

• Server App not seeing external LDAP users & groups

  I have a clean 10.8.2 + Server install set up with our standard external LDAP directory (Novell's eDirectory in our case) configuration that is known to support Lion & Mountain Lion client LDAP authentication. With this same configuration on OS X 10.8.2 Server both Directory Utility and WGM can see all the LDAP users and groups as expected.
  When I look for the external users & groups in the LDAP domain under the Server App "Accounts" heading I cannot see any entries in either users or groups lists. Should I be able to or is this a Server App quirk?
  I can add individual LDAP users to a local group and enable access to individual services. How can I give access to services to all LDAP users without having to build & maintain a massive "All LDAP Users" local group?
  Is there a published list of required LDAP attributes for users & groups for Mountain Lion Server? I suspect there are new requirements over and above those for 10.6 server but I have failed to find a good reference. I've noticed I get different behaviours for LDAP templates that includes a mapping for GeneratedUID to one which does not for example.
  This is all so much more opaque than our superbly reliable Snow Leopard servers!
  TIA

  Ok, and again:
  You want to see Users and Groups , which are stored in an third Party directory service like OpenLDAP, in your Server.app? This is what you have to do:
  Connect the third party ldap to your server
  Have all your external LDAP entries made so you can see them in the Workgroup Manager and are able to Login with them
  When you see your LDAP-entry in the Directory Manager, change it from "From Server" to "RFC2307"
  Edit the entry, add the following mapping to it:GeneratedUUID maps to apple-generateduuid
  To your group and user entries in the external LDAP add the follwing attribute:apple-generateduuid gets the value taken from the output of "uuidgen"
  Feel lucky
  And there ist ist; now you are able to use The accounts taken from an external LDAP.

• Steps to connect an external LDAP

  Dear Gurus,
  What are the steps to connect an external LDAP like ADS.
  Pls let me know the step by step procedure e.g.
  creating the admin,guest and ??? users in Portal.Deleting the same from the LDAPs and so on.
  Thanks for the help.
  Nirmal

  Hi,
    Check the below link for LDAP connectivity...
  Integrated Windows Authentication with SAP EP 6.0 SP 3 and higher Part 1 of 2
  Regards
  Vasu

• Error while configuring external LDAP user store with weblogic

  Hi,
  I have weblogic 10.3 installed and I can access weblogic admin console using weblogic (admin) user. I want to use external ldap user store to access admin console with users present in external ldap.
  To do this, I have configured authentication provider and provided all the required details to connect to ldap.
  For example:
  Base DN: cn=admin,cn=Administrators,cn=dscc (user with which we will connect to LDAP)
  User DN: ou=People,dc=test,dc=com
  Group DN: ou=Groups,dc=test,dc=com
  This authentication provider is set to SUFFICIENT mode. I have deleted the default authentication provider.
  In the boot.properties file I have given the user name and password of the user with which LDAP instance was created something like below.
  password=xxxxxxx
  username=admin
  Now while starting the admin weblogic server, I am getting the below error:
  <Jul 25, 2012 2:22:28 PM IOT> <Critical> <Security> <BEA-090402> <Authentication denied: Boot identity not valid; The user name and/or password from the boot identity file (boot.properties) is not valid. The boot identity may have been changed since the boot identity file was created. Please edit and update the boot identity file with the proper values of username and password. The first time the updated boot identity file is used to start the server, these new values are encrypted.>
  <Jul 25, 2012 2:22:28 PM IOT> <Critical> <WebLogicServer> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: Authentication denied: Boot identity not valid; The user name and/or password from the boot identity file (boot.properties) is not valid. The boot identity may have been changed since the boot identity file was created. Please edit and update the boot identity file with the proper values of username and password. The first time the updated boot identity file is used to start the server, these new values are encrypted.
  weblogic.security.SecurityInitializationException: Authentication denied: Boot identity not valid; The user name and/or password from the boot identity file (boot.properties) is not valid. The boot identity may have been changed since the boot identity file was created. Please edit and update the boot identity file with the proper values of username and password. The first time the updated boot identity file is used to start the server, these new values are encrypted.
  at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:960)
  at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1054)
  at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
  at weblogic.security.SecurityService.start(SecurityService.java:141)
  at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
  Truncated. see log file for complete stacktrace
  Caused By: javax.security.auth.login.FailedLoginException: [Security:090304]Authentication Failed: User admin javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User admin denied
  at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:261)
  at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
  at java.security.AccessController.doPrivileged(Native Method)
  at com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:106)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  Truncated. see log file for complete stacktrace
  >
  <Jul 25, 2012 2:22:28 PM IOT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED>
  <Jul 25, 2012 2:22:28 PM IOT> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down>
  <Jul 25, 2012 2:22:28 PM IOT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>
  Can anyone please suggest how to resolve this problem? If, anyone can suggest the exact steps to configure external ldap store to manage admin console via ldap users.
  Regards,
  Neeraj Tati.

  Hi,
  Please refer the below content that I found for Oracle 11g in the docs.
  "If an LDAP Authentication provider is the only configured Authentication provider for a security realm, you must have the Admin role to boot WebLogic Server and use a user or group in the LDAP directory. Do one of the following in the LDAP directory:
  By default in WebLogic Server, the Admin role includes the Administrators group. Create an Administrators group in the LDAP directory, if one does not already exist. Make sure the LDAP user who will boot WebLogic Server is included in the group.
  The Active Directory LDAP directory has a default group called Administrators. Add the user who will be booting WebLogic Server to the Administrators group and define Group Base Distinguished Name (DN) so that the Administrators group is found.
  If you do not want to create an Administrators group in the LDAP directory (for example, because the LDAP directory uses the Administrators group for a different purpose), create a new group (or use an existing group) in the LDAP directory and include the user from which you want to boot WebLogic Server in that group. In the WebLogic Administration Console, assign that group the Admin role."
  Now in my LDAP directory, setup is in such a way that Administrators is a group created under following heirarchy " cn=Administrators,ou=Groups,dc=test,dc=com" and there is one user added in this Administrators group.
  The problem that I am having is when I modify the Admin role in which Administrators group should be added what exaclty I should give in Admin role. Whether I should give only Administrators or full DN: cn=Administrators,ou=Groups,dc=test,dc=com ???
  When i give full DN, it takes every attribute as different, i mean cn=Administrators as different and ou=Groups as different and shows a message that cn=Administrators does not exist.
  Here not sure what to do.
  Also if external ldap authentication provider is the only provider then I need to give the user information in boot.properties file also for weblogic to boot properly. Now, what should I give there in user? still complete DN ??
  Regards,
  Neeraj Tati.

• Use of external LDAP server in Weblogic Commerce Server

  I'm using the following software:
  Iplanet Directory Server v5
  Weblogic Application Server v6
  Weblogic Commerce v3.5
  I need to configure Weblogic Commerce Server to use Iplanet Directory Server directory
  services. How do I do that?
  I have a couple of questions related to this:
  1) As Weblogic Commerce Server runs on top of Weblogic v6, does it mean that to
  use an external LDAP server, I need to configure weblogic v6 to do that and not
  Weblogic Commerce Server?
  2) Whatever may be the case above, how do I do that?
  3) config.xml (weblogic application server v6) contains information that needs
  to be modified to point to an external JNDI source provider but what information
  do I need to modify?
  I'd really appreciate if someone can help me out here. Thanks!

  "JP" <[email protected]> wrote in message news:[email protected]..
  Hi,
  I'm looking for someone who has used the Lotus LDAP server for WLP7
  authentication.
  I connect my portal to the Domino LDAP, User and Groups are working
  fine, but the membership of a user to a group is not.
  I assume that it's related to the parameters I use (especially the
  membership.filter ?):
  "user.filter=(&(uid=%u)(objectclass=person));
  user.dn=O=Apac;
  membership.filter=(&(uniquemember=%M)(objectclass=groupOfNames));
  group.filter=(&(cn=%g)(objectclass=groupOfNames));
  server.host=jpgal01.apac.bea.com;
  group.dn="
  Any help would be appreciate, because I just don't where to look for.
  Try setting the com.netscape.ldap.trace property.
  \* When -D command line option is used, defining the property with
  * no value will send the trace output to the standard error. If the
  * value is defined, it is assumed to be the name of an output file.
  * If the file name is prefixed with a '+' character, the file is
  * opened in append mode.
  This will create a ldap trace file of the requests that WLS is making on the
  LDAP server. You can then see
  where the filters are not returning the correct value for the group
  membership.

• Specific Destination Address Lookup?

  Now on a dedicated GPS device, you can enter an exact destination address, and the GPS device can find it, quickly, and create a route to your destination.
  Does Nokia Ovi Maps support direct address lookup on the phone?  I have not been able to get it to work.
  Now you can locate an address on the phone by finding it on the map, save it to favorites, but this is tedious and time consuming, to get the street number right.
  You can also enter the address online to Ovi Maps, and sync the location to the phone into your Favorites.  This works well too.   Now you have your precise destination.
  Am I missing something or is this a limitation with respect to the downloaded maps to the phone?
  To have precise address to GPS coordinates on the phone offline to all known addresses would make the maps too large.
  This is using the phone offline.  For example, doing route planning, inside your house with no GPS or network connection.
  The second case is you have your current GPS position known to the phone, since you are outside, yet the phone cannot determine your specific destination, when you enter it.  In this case, you only have a GPS satellite connection, nothing else.   I cannot enter a destination here either.
  My belief is you must be "online", either WiFi or with a phone data plan, to get specific destinations.   Is this belief correct?

  Biff27 wrote:Does Nokia Ovi Maps support direct address lookup on the phone?  
  To have precise address to GPS coordinates on the phone offline to all known addresses would make the maps too large.
  My belief is you must be "online", either WiFi or with a phone data plan, to get specific destinations.   Is this belief correct?
  Hi Biff27
  The answer appears to be that it is regional variation whether or not you can navigate "Offline" to a specific address. Using v3.04 with UK maps downloaded there is no problem but talking here about small surface area compared with other countries. At one point I had world maps downloaded together with all "ClientIndex" so it certainly wasn't absence of available data to blame but no comparison to that on remote server.
  Happy to have helped forum in a small way with a Support Ratio = 37.0

• How to authenticate CXF-Webservice against external LDAP in WebLogic?

  Hi there,
  I'm trying to integrate our Camel-application into WebLogic 12c. All the incoming endpoints are CXF-based webservices. These are secured by "UsernameToken Timestamp" with the WSS4JInInterceptor configured like this:
  <bean id="wss4jInInterceptor" class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
            <constructor-arg>
                 <map>
                      <entry key="action" value="UsernameToken Timestamp" />
                      <entry key="passwordType" value="PasswordDigest" />
                      <entry key="passwordCallbackClass"
                           value="de.mycompany.camel.cxf.UserTokenCallbackHandler" />
                 </map>
            </constructor-arg>     
  </bean>
  My problem is: WSS4JInInterceptor expects the UserTokenCallbackHandler to return the password of the user delivered in the header <wsse:Username>. Is there any way to retrieve this from an external LDAP configured in WebLogic? I've already managed to retrieve the users, groups etc with JMX (javax.management.MBeanServerConnection and weblogic.security.providers.authentication.LDAPAuthenticatorMBean), but I can't figure out how to authenticate the user against the LDAP, i. e. retrieve the password.
  Or am I heading in a completely wrong direction and this is not the way to achieve authentication for CXF-Webservices in WebLogic?
  Please give me a hint (code-snippets preferred ;-) ) how to solve this.
  Regards,
  Frank

  I have run into the exact same situation ? Did you ever get around this ? If so, how ? Please let me know.

• Does WLS 8.1 support external ldap in read-only or full read/write?

  In previous releases (e.g. 5.1, 6.1), WLS doesn't provide support for update operations such as creating users and groups when configured to use an external LDAP.
  Has this changed in 8.1? In other words, does WLS 8.1 provide support for update operations?
  Thanks.
  Regards,
  Alan Dupuis

  Hello ,
  Like earlier releases, WLS 8.1 too provides read-only access to External LDAP user database.
  Kuldeep Singh.

• DISPLAYNAME when Using External LDAP

  Hi all,
  I'm using OBIEE 11g (11.1.1.6.0 onwards).
  I'm using an external LDAP (OpenLDAP, MSAD, etc). I'm looking for a way to populate the DISPLAYNAME session variable from the LDAP name attribute so that when logged in, the DISPLAYNAME is shown in OBIEE (instead of USER).
  Is this possible in OBIEE 11g? I remember it's possible in 10g.
  Any suggestion on how to achieve this? Thanks a lot!

  Login to Oracle Enterprise Manager (http://<servername>:7001/em ), navigate to WebLogic Domain > bifoundation_domain > Security > Security Provider Configuration
  then
  In the Identity Store Provider, click on Configure button. In Identity Store Configuration add 2 properties:
  Property name: user.login.attr, Value : sAMAccountName
  Property name: username.attr, Value: sAMAccountName
  Note:- sAMAccountName , this is for MSAD, you need to find out attribute for some other LDAP
  lemme know in case of issues
  please mark thread as answered and Assign point , if above soln answere's ur question.
  Regards
  Ankit
  Edited by: AnkitR Gupta on 12 Dec, 2012 1:27 AM
  Edited by: AnkitR Gupta on 12 Dec, 2012 1:32 AM

• Not authenticated from external ldap in a cluster

  I am having trouble getting authenticated from an Iplanet LDAP, when the weblogic is configured in a Cluster.
  -I can authenticate with Embedded LDAP domain wide
  -I can authenticate on the external LDAP if I send the request to Admin server
  Here is my cluster configuration (all with Weblogic 7.0 SP4)
  *Admin Server Port: 9209
  *Cluster server 1 : 7209
  *Cluster server 2 : 8209
  *Proxy server     : 9090 (configured with HttpClusteredServlet)
  http://myserver.com:9090/j_security_check fails
  http://myserver.com:9209/j_security_check works
  Please let me know what is wrong?

  "Bob" <[email protected]> wrote in message
  news:3f9fd466$[email protected]..
  I am having trouble getting authenticated from an Iplanet LDAP, when theweblogic is configured in a Cluster.
  -I can authenticate with Embedded LDAP domain wide
  -I can authenticate on the external LDAP if I send the request to Adminserver
  Here is my cluster configuration (all with Weblogic 7.0 SP4)
  *Admin Server Port: 9209
  *Cluster server 1 : 7209
  *Cluster server 2 : 8209
  *Proxy server     : 9090 (configured with HttpClusteredServlet)
  http://myserver.com:9090/j_security_check fails
  http://myserver.com:9209/j_security_check works
  Please let me know what is wrong?Are you sure that the ldap authentication is actually occuring? I would
  define the
  DebugSecurityAtn="true" attribute on the ServerDebug mbean for the cluster
  server members and then look at the log and the ldap_trace.log files to see
  what is happening with LDAP.

• Fetching properties from external LDAP

  Hi,
  I have configured ActiveDirectoryAunthenticator to link to my external LDAP
  provider. I am trying to fetch some properties/attributes related to the
  profile such as company and other contact details.
  I have not configured UUP as Im using weblogic's default user store.
  Now, when I access "com.bea.p13n.controls.profile.UserProfileControl", to
  fetch the properties I get null values.
  Is there some other configuration required ?
  Please let me know the solution or the approach.
  Thanks in advance ,
  Regards,
  Arun

  Hi Arun
  Migration of data is possible
  Export the data from external server and import into your domain server
  Here is the steps
  To export and import security data:
  1.     Expand the Security-->Realms nodes.
  2.     Click the name of the realm you are configuring (for example, TestRealm).
  3.     Click the Migration-->Export tab.
  4.     Specify the directory and filename in which to export the security data in
  the Export Directory on Server attribute.
  Note: You can specify a directory and file location on another server.
  5.     Click Export.
  6.     Expand the Realms node.
  7.     Click the name of the security realm in which the security data is to be imported.
  8.     Click the Migration-->Import tab.
  9.     Specify the directory location and file name of the file that contains the
  exported security data in the Import Directory on Server attribute.
  10.     Click Import.
  To verify the security data was imported correctly:
  1.     Expand the Security-->Realms nodes.
  2.     Click the name of the realm into which the security data was imported.
  3.     Click Users.
  4.     Users from the security realm from which you exported the security data should
  appear in the Users table.
  Cheers
  Surya
  "Arun A.G." <[email protected]> wrote:
  Hi,
  I have configured ActiveDirectoryAunthenticator to link to my external
  LDAP
  provider. I am trying to fetch some properties/attributes related to
  the
  profile such as company and other contact details.
  I have not configured UUP as Im using weblogic's default user store.
  Now, when I access "com.bea.p13n.controls.profile.UserProfileControl",
  to
  fetch the properties I get null values.
  Is there some other configuration required ?
  Please let me know the solution or the approach.
  Thanks in advance ,
  Regards,
  Arun

• RoleMapper with an external LDAP

  Dear friends,
  We use an external LDAP to store information related to users, groups and roles. We have managed to configure an out of box LDAP Authenticator within our realm for authentication. We wanted some guidance on configuring or writing RoleMapper.
  1) What is good practise in terms of storing and managing roles? Is it a common practise to store roles in an external LDAP or do people use Admin console to created roles within the embedded LDAP? The advantage with the Embedded LDAP is definitely that you could use out of the box RoleMapper and the disadvantage is that we could not extend LDAP schema to store hierarchical roles.
  2) If we store and manage roles in an external LDAP store, the same one where we store users and groups, could we still use the out of the box role mapper? If not, could someone provide a sample role mapper that uses an external LDAP store.
  3) Why WebLogic doesn't provide an out of the box Role Mapper that connects to an external LDAP?

  All Users Filter: (&(&(uid=*)(objectclass=person))(!(quitdate=*)))
  User From Name Filter: (&(&(uid=%u)(objectclass=person))(!(quitdate=*)))
  User Name Attribute: uid
  Here you're configuring that uid is the key of your users in OID. And in your case user A and B has the same uid, so the webcenter can login using user B, but when realize a search uid=jack ldap returns the first one.
  Make any sense for you?
  Hope that I help you