Anyone configured OID with weblogic as external LDAP
Hey,
I need help from someone who configured Oracle Internet Directory with weblogic 7 or any version to us as external LDAP server.
Your Help is greatly appreciated.
Thanks & Best Regards,
Nagendra
I was able to use OID as external LDAP for my Weblogic. I was able to move the stuff from Weblogic Embedded LDAP to Oracle Internet Directory Server, I have done it by myself
Thanks
Nagendra
Similar Messages
-
How to configure webcenter services to use external LDAP?
Reassociating the identity store with an external LDAP server is mandatory only if you're using the Documents service and/or the Discussions service, in which case the WC_Spaces server, Content Server, and Collaboration server must all be configured to use the same external LDAP server.
The question is how to configure?
Is there any document which details this?
Please help! this is urgent.
RegardsRefer
http://docs.oracle.com/cd/E28280_01/webcenter.1111/e12405/wcadm_security_id_store.htm#WCADM1845
http://docs.oracle.com/cd/E28280_01/webcenter.1111/e12405/wcadm_security_id_store.htm#WCADM345
Thanks -
Configure Visualvm with weblogic 10.0
I followed the procedure below to configure VisualVm with weblogic 10.0
I have installed jdk1.6_18 in /usr/jdk1.6_18 on solaris 10.0.
created jstatd.all.policy file with entry
grant codebase "file:${java.home}/../lib/tools.jar" {
permission java.security.AllPermission;
in /usr/jdk1.6_18/bin
executed below line from the same where i have the jstatd.all.policy file
jstatd -J-Djava.security.policy=jstatd.all.policy
I am unable to enable jstatd i getting the following error:
./jstatd -J-Djava.security.policy=java.all.policy
Error occurred during initialization of VM
java/lang/NoClassDefFoundError: java/lang/Object
I have followed the below link to configure
http://www.ibm.com/developerworks/forums/thread.jspa?messageID=14287864
Any help would be greatly appreciated.Hi,
Step1). Please open "java.policy" file from the following location <JAVA_HOME>\jre\lib\security
Step2). // Standard extensions get all permissions by default and add the Highlighted Code Snippet there at the TOP below is the modified content of "java.policy" file
// Standard extensions get all permissions by default
<font color=red>
grant codeBase "file:C:/bea103/jdk160_05/lib/tools.jar" {
permission java.security.AllPermission;
</font>
grant codeBase "file:${{java.ext.dirs}}/*" {
permission java.security.AllPermission;
// default permissions granted to all domains
grant {
// Allows any thread to stop itself using the java.lang.Thread.stop()
// method that takes no argument.
// Note that this permission is granted by default only to remain
// backwards compatible.
// It is strongly recommended that you either remove this permission
// from this policy file or further restrict it to code sources
// that you specify, because Thread.stop() is potentially unsafe.
// See "http://java.sun.com/notes" for more information.
permission java.lang.RuntimePermission "stopThread";
// allows anyone to listen on un-privileged ports
permission java.net.SocketPermission "localhost:1024-", "listen";
// "standard" properies that can be read by anyone
permission java.util.PropertyPermission "java.version", "read";
permission java.util.PropertyPermission "java.vendor", "read";
permission java.util.PropertyPermission "java.vendor.url", "read";
permission java.util.PropertyPermission "java.class.version", "read";
permission java.util.PropertyPermission "os.name", "read";
permission java.util.PropertyPermission "os.version", "read";
permission java.util.PropertyPermission "os.arch", "read";
permission java.util.PropertyPermission "file.separator", "read";
permission java.util.PropertyPermission "path.separator", "read";
permission java.util.PropertyPermission "line.separator", "read";
permission java.util.PropertyPermission "java.specification.version", "read";
permission java.util.PropertyPermission "java.specification.vendor", "read";
permission java.util.PropertyPermission "java.specification.name", "read";
permission java.util.PropertyPermission "java.vm.specification.version", "read";
permission java.util.PropertyPermission "java.vm.specification.vendor", "read";
permission java.util.PropertyPermission "java.vm.specification.name", "read";
permission java.util.PropertyPermission "java.vm.version", "read";
permission java.util.PropertyPermission "java.vm.vendor", "read";
permission java.util.PropertyPermission "java.vm.name", "read";
Step3). run the "jstack"
Thanks
Jay SenSharma
http://jaysensharma.wordpress.com (WebLogic Wonders Are Here) -
Has anyone used JAAS with WebLogic?
Has anyone used JAAS with Weblogic? I was looking at their example, and I have a bunch of questions about it. Here goes:
Basically the problem is this: the plug-in LoginModule model of JAAS used in WebLogic (with EJB Servers) seems to allow clients to falsely authenticate.
Let me give you a little background on what brought me to this. You can find the WebLogic JAAS example (to which I refer below) in the pdf: http://e-docs.bea.com/wls/docs61/pdf/security.pdf . (I believe you want pages 64-74) WebLogic, I believe goes about this all wrong. They allow the client to use their own LoginModules, as well as CallBackHandlers. This is dangerous, as it allows them to get a reference (in the module) to the LoginContext's Subject and authenticate themselves (i.e. associate a Principal with the subject). As we know from JAAS, the way AccessController checks permissions is by looking at the Principal in the Subject and seeing if that Principal is granted the permission in the "policy" file (or by checking with the Policy class). What it does NOT do, is see if that Subject
has the right to hold that Principal. Rather, it assumes the Subject is authenticated.
So a user who is allowed to use their own Module (as WebLogic's example shows) could do something like:
//THEIR LOGIN MODULE (SOME CODE CUT-OUT FOR BREVITY)
public class BasicModule implements LoginModule
private NameCallback strName;
private PasswordCallback strPass;
private CallbackHandler myCB;
private Subject subj;
//INITIALIZE THIS MODULE
public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options)
try
//SET SUBJECT
subj = subject; //NOTE: THIS GIVES YOU REFERENCE
TO LOGIN CONTEXT'S SUBJECT
// AND ALLOWS YOU TO PASS
IT BACK TO THE LOGIN CONTEXT
//SET CALLBACKHANDLERS
strName = new NameCallback("Your Name: ");
strPass = new PasswordCallback("Password:", false);
Callback[] cb = { strName, strPass };
//HANDLE THE CALLBACKS
callbackHandler.handle(cb);
} catch (Exception e) { System.out.println(e); }
//LOG THE USER IN
public boolean login() throws LoginException
//TEST TO SEE IF SUBJECT HOLDS ANYTHING YET
System.out.println( "PRIOR TO AUTHENTICATION, SUBJECT HOLDS: " +
subj.getPrincipals().size() + " Principals");
//SUBJECT AUTHENTICATED - BECAUSE SUBJECT NOW HOLDS THE PRINCIPAL
MyPrincipal m = new MyPrincipal("Admin");
subj.getPrincipals().add(m);
return true;
public boolean commit() throws LoginException
return true;
}(Sorry for all that code)
I tested the above code, and it fully associates the Subject (and its principal) with the LoginContext. So my question is, where in the process (and code) can we put the LoginContext and Modules so that a client cannot
do this? With the above example, there is no Security. (a call to: myLoginContext.getSubject().doAs(...) will work)
I think the key here is to understand JAAS's plug-in security model to mean:
(Below are my words)
The point of JAAS is to allow an application to use different ways of authenticating without changing the application's code, but NOT to allow the user to authenticate however they want.
In WebLogic's example, they unfortunately seem to have used the latter understanding, i.e. "allow the user to authenticate however they want."
That, as I think I've shown, is not security. So how do we solve this? We need to put JAAS on the server side (with no direct JAAS client-side), and that includes the LoginModules as well as LoginContext. So for an EJB Server this means that the same internal permission
checking code can be used regardless of whether a client connects through
RMI/RMI-IIOP/JEREMIE (etc). It does NOT mean that the client gets to choose
how they authenticate (except by choosing YOUR set ways).
Before we even deal with a serialized subject, we need to see how JAAS can
even be used on the back-end of an RMI (RMI-IIOP/JEREMIE) application.
I think what needs to be done, is the client needs to have the stubs for our
LoginModule, LoginContext, CallBackHandler, CallBacks. Then they can put
their info into those, and everything is handled server-side. So they may
not even need to send a Subject across anyways (but they may want to as
well).
Please let me know if anyone sees this problem too, or if I am just completely
off track with this one. I think figuring out how to do JAAS as though
everything were local, and then putting RMI (or whatever) on top is the
first thing to tackle.Send this to:
newsgroups.bea.com / security-group. -
Could someone let me know the steps in configuring documentum with weblogic
Could someone let me know the steps in configuring documentum with weblogic server
http://www.apple.com/itunes/content-providers/book-faq.html
Michi. -
Hi
Can anyone provide me the info on how to integrate OID with BPEL?
My requirement is to pick email ids from OID and send emails from BPEL.
Any tutorial or demo would he a great help
Regards
DeepakI am doing that as well but we are really short on time we have delivery date on 1st of August. And our man SOA guy has resigned so i had to take over without its knowledge.
I have a document called Oracle® BPEL Process Manager, shall i read Service Configuration with
Configuring the Identity Service
■ Configuring the Notification Services
■ Configuring the Workflow Service
■ Integrating Oracle BPEL Process Manager with the Oracle Application Server
Service Registry
would that enough?
Pls suggest -
Hyperion Shared Services Configuration Error with Weblogic 9.2
Hi All,
I have been trying to configure Hyperion Shared Services 9.3.1 with Weblogic Ver 9.2
During configuration of the Database and the Application Server, I select Manual Configuration option on Weblogic 9
However, it returns a configuration failure everytime of the Database.
In my case, the DB used is SQL 2005.
Can someone, please advise me.
Thanks in advance
Regards,
ApoHi Apo,
Check the configtool.log in the logs/config folder and post the error message that is being returned.
Thanks
Nick -
Has anyone integrated Netegrity with WebLogic ?
Hello:
Has anyone integrated Netegrity's SiteMinder with WebLogic ? I am curious to
see how well it integrates and if there are any 'real world' experiences.
Thanks.
-Sunil .KSend this to:
newsgroups.bea.com / security-group. -
How to configure OID with ADS in windows 2003
Hi all,
The requirement here is I have to integrate the ADS with OID
from ADS to OID synchronization.
The users we are created in ADS has to sync with OID external authentication.
I need the installation docs to configure the above setup.
if any one has the document could you please share your knowledge with me.
Thanks in advance
Regards
RajaHere is the link
http://www.oracle.com/technology/obe/obe_as_10g/im/ads_import/import.htm
and
http://download.oracle.com/docs/cd/E10773_01/doc/oim.1014/e10528/odip_actdir.htm#CHDBBAII -
Apache2.2 Plugin configuration issue with Weblogic 9.2
Hi All,
We are trying to configure apache plugin for weblogic 9.2 (Apache Proxying for Weblogic) in Solaris Spark. When we are testing the httpd.conf configuration using apachectl configtest we are getting following error.
httpd: Syntax error on line 80 of /data/httpserv/apache-2.2.10/conf/httpd.conf: Cannot load /data/httpserv/apache-2.2.10/modules/mod_wl_22.so into server: ld.so.1: httpd: fatal: /data/httpserv/apache-2.2.10/modules/mod_wl_22.so: wrong ELF class: ELFCLASS32
We were using the mod_wl_22.so file provided for Solaris/Spark in the link mentioned below.
http://download.oracle.com/otn/bea/weblogic/server103/server103_apacheplugins.zip
Apache 2.2.10 installation that we are using is a 64-bit version. It seems mod_wl_22.so provided in the above link for solaris/spark is a 32-bit version. Is it possible to get a 64bit version of this library?
Anybody has worked on same/similar kind of issues? Is there any workaround, for this?
Input/thoughts from anyone is highly appreciatedHello, I'm not an expert at confugring Apache and WebLogic servers. Hopefully someone else who does know what they are doing will reply to your question.
I found your question because I am also working on an Apache / WebLogic install for an Ariba installation (in Windows 7).
However I did support a configuration of WebLogic on Solaris with Apache. I remember that the guy who did the Apache install mentioned that Apache needed to be compiled correctly - below is what he sent:
Apache server compilation options:
./configure prefix=/usr/local/apache_2.0.63 enable-mods-shared=all enable-ssl=shared enable-ssl with-ssl=/usr/local/ssl enable-proxy enable-proxy-connect enable-proxy-http --with-mpm=worker
I am still looking into the differences between the plugins (mod 22 so vs mod 20 so). Navigating the Oracle download options can be bewildering. I found the link to download a full zip file of plugins (below).
Oracle WebLogic Server Web Server Plugins 1.1
http://www.oracle.com/technetwork/middleware/ias/downloads/wls-plugins-096117.html
I clicked on "all versions."
Does the WLSPlugin1.1-64bitApache2.2-solaris-sparc.zip contain what you need?
Great luck to you!
-Tom Tobey -
FAQ or tutorial for configuring RV220W with multiple static external IP addresses?
I just acquired a used RV220W and would like to use it with my Comcast business internet service (13 external IP's).
My network currently consists of multiple linux machines. Each machine has an internal IP and an external IP. All firewalling is done on the machine itself (using iptables).
I would like to configure the RV220W to be a frontline firewall so the individual machines don't need to be firewalled. I would like each machine to maintain it's network configuration, so as to avoid major disruptions. IOW, I don't (currently) want to use one-to-one nat mapping.
I may consider moving to nat routing at some point in the future.
Does anyone know of a tutorial or FAQ that outlines the configuration steps to accomplish this?
Although I am an IT professional, I am not a networking guru.
Thanks!
davidHello,
I'm sorry, I'm a little bit confuse about your current setup but I can definitely explain the capabilities on our Small Business Routers.
On the devices that support any type of connection to a modem providing multiple addresses the only way to use then is as follows:
1- The router should be configured with a Static IP address
2- That static IP needs to be part of the same subnet as the other IP addresses that you are planning to use on the inside of the network.
3- The subnet mask configured on the Static IP address should reflect the amount of addresses that you have avialble, For example, if you have 13 available IP addresses your subnet mask on the WAN connection should not be 255.255.255.252.
4- The only way to allow the other public IP addresses on the inside of the network is by configuring One to One NAT and assign them to private IP addresses on the LAN.
5- When you enable the One to One NAT rules on the router, you will be opening either all or just one port depending on the router, and then you will have to configure restrictions on the firewall to block or allow more ports.
Now, if you have a Router with a DMZ port like the RV320, then you can configure the public IP address on a Range on the DMZ port and use the actual public IP address on the NIC of the linux PC's.
I hope this helps -
Does anyone use Python with WebLogic
We have a large group of Python developers. Currently they are using Apache for PSP. I can't find any good papers/documentation on PSP support in WebLogic. Can anyone suggest some ... or maybe we should stick with Apache.
Thanks for your help,
Bob Larsennot many here
try there
http://www.nforcershq.com/forum/viewforum.php?f=29 -
How To Configure Maven With Weblogic 10.3.1 With JDK6
Hi,
I have recently upgraded my JDK from 1.5 to 1.6. Can any one help what changes is needed for using Maven for remote deployment with JDK 1.6.
Regards,
SwainHi,
I am getting the below error when using Maven with JDK6
[INFO] --- weblogic-maven-plugin:2.9.1:deploy (default-cli) @ Spring-JDBC ---
[INFO] Weblogic Deployment beginning with parameters DeployMojoBase[adminServerHostName = 10.60.246.49, adminServerProtocol = t3, adminServerPort = 8003, userId = weblogic, password = system103, artifactPath = D:\EspaceDeTravail\Projets\MigrationPiloteDiargramme\workspace\Spring-JDBC\target/Spring-JDBC-1.1, projectPackaging = war, name = Spring-JDBC, targetNames = MDAD1, remote = true]
[INFO] Weblogic Deployment parameters [-adminurl, t3://10.60.246.49:8003, -username, weblogic, -password, system103, -verbose, -noexit, -name, Spring-JDBC, -targets, MDAD1, -upload, -source, D:\EspaceDeTravail\Projets\MigrationPiloteDiargramme\workspace\Spring-JDBC\target/Spring-JDBC-1.1.war, -deploy]
weblogic.Deployer invoked with options: -adminurl t3://10.60.246.49:8003 -username weblogic -verbose -noexit -name Spring-JDBC -targets MDAD1 -upload -source D:\EspaceDeTravail\Projets\MigrationPiloteDiargramme\workspace\Spring-JDBC\target/Spring-JDBC-1.1.war -deploy
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 33.218s
[INFO] Finished at: Wed Mar 09 11:48:29 CET 2011
[INFO] Final Memory: 7M/43M
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.codehaus.mojo:weblogic-maven-plugin:2.9.1:deploy (default-cli) on project Spring-JDBC: Exception encountered during artifact start: weblogic.deploy.api.tools.deployer.DeployerException: Unable to connect to 't3://10.60.246.49:8003': invalid type code: 31. Ensure the url represents a running admin server and that the credentials are correct. If using http protocol, tunneling must be enabled on the admin server. DeploymentManagerCreationException: ServerConnectionException: CommunicationException: failed to unmarshal class weblogic.security.acl.internal.AuthenticatedUser; nested exception is:
[ERROR] java.io.StreamCorruptedException: invalid type code: 31
[ERROR] -> [Help 1] -
Has anyone used tp4 with weblogic 10 ?
We have not be able to get an appserver connection to work. Have you?
We included weblogic.jar in
c:\jdevHome\jdev\lib
the message log shows the following:
Aug 18, 2008 9:34:50 PM oracle.adf.rc.adapter.RCAdapterManager getInitialContext()
WARNING: InitialContextFactory [adfrc.rr:AppServerConnection1:] returned null for RepositoryReference [class oracle.jdeveloper.rcasadapter.AppServerInitialContextFactory]
Aug 18, 2008 9:34:50 PM oracle.adf.rc.adapter.RCAdapterManager getInitialContext()
WARNING: InitialContextFactory [adfrc.rr:AppServerConnection1:] returned null for RepositoryReference [class oracle.jdeveloper.rcasadapter.AppServerInitialContextFactory] -
How can i do OID and weblogic integration?
hi,
i installed weblogic 10.3.0.0 on linux.
on another server i have an OID.
i want to integrate this OID with weblogic.
how can i do?
in oracle application server. i did it from OC4J administration page. under the security tab. identity management.
there is a configuration page to define OID.
thanks for helps.
EserIf OID has a standard LDAP interface, which I believe it does, then configuring an LDAP Authentication Provider is the fundamental way to do this:
http://edocs.bea.com/wls/docs103/secmanage/atn.html#wp1198953
In this case I believe you want to use the generic LDAP Authentication provider.
Good luck and post back if you get this to work.
Maybe you are looking for
-
My iPhone 4S no longer answers calls. Calls go right to voicemail
My iPhone 4S no longer displays contact name when I receive a txt or phone call. Help
-
I have rented a few new movies but cannot figure out how to watch them in HD? Is HD available for these movies? Is there some setting I am missing? thanks for you suggestions! Solved! Go to Solution.
-
KE30 Post upgrade unicode issue in E-SECAMG-ELI.
Hi experts, Post upgrade to ECC6.0, While executing a KE30 report "E-SECAMG-ELI" in classic drilldown report mode, everything seams to be fine. but when we see in Graphical report output mode an error "The length of the structure in a non-Unicode 5.1
-
Palm Pixi Sprint sync with Outlook-Windows 7 64 bit
I have a new Palm Pixi (use to have a Palm 850 which sync Outlook great. Is there any App that work synchronizing Outlook, I haven't found anything. Help!!!
-
Is there an option or setting in skype so that when a photo is sent in a group chat I have to approve it for me to download it? My friend has been spamming photos because he knows it crashes my whole computer and internet, so is there any other way