Authentication problem by external ldap server for WLS 7.0

Similar Messages

• Using external LDAP server for  WL JNDI lookups

  I'm trying to find out if it is possible to re-direct JNDI calls to the WL
  server to an external LDAP server. I know you can install an external LDAP
  server for security purposes, but I would like to use an external LDAP
  server to handle all JNDI lookups (like for JNDI EJB name location, etc.).
  Is this possible?

  You typically need to use our JNDI store. We strongly recommend this for
  performance reasons..
  You can use the JNDI To LDAP bridge which is available from the sun web
  site.
  Michael Girdley
  BEA Systems Inc
  "Jack Archer" <[email protected]> wrote in message
  news:[email protected]..
  I'm trying to find out if it is possible to re-direct JNDI calls to the WL
  server to an external LDAP server. I know you can install an external LDAP
  server for security purposes, but I would like to use an external LDAP
  server to handle all JNDI lookups (like for JNDI EJB name location, etc.).
  Is this possible?

• Use of external LDAP server in Weblogic Commerce Server

  I'm using the following software:
  Iplanet Directory Server v5
  Weblogic Application Server v6
  Weblogic Commerce v3.5
  I need to configure Weblogic Commerce Server to use Iplanet Directory Server directory
  services. How do I do that?
  I have a couple of questions related to this:
  1) As Weblogic Commerce Server runs on top of Weblogic v6, does it mean that to
  use an external LDAP server, I need to configure weblogic v6 to do that and not
  Weblogic Commerce Server?
  2) Whatever may be the case above, how do I do that?
  3) config.xml (weblogic application server v6) contains information that needs
  to be modified to point to an external JNDI source provider but what information
  do I need to modify?
  I'd really appreciate if someone can help me out here. Thanks!

  "JP" <[email protected]> wrote in message news:[email protected]..
  Hi,
  I'm looking for someone who has used the Lotus LDAP server for WLP7
  authentication.
  I connect my portal to the Domino LDAP, User and Groups are working
  fine, but the membership of a user to a group is not.
  I assume that it's related to the parameters I use (especially the
  membership.filter ?):
  "user.filter=(&(uid=%u)(objectclass=person));
  user.dn=O=Apac;
  membership.filter=(&(uniquemember=%M)(objectclass=groupOfNames));
  group.filter=(&(cn=%g)(objectclass=groupOfNames));
  server.host=jpgal01.apac.bea.com;
  group.dn="
  Any help would be appreciate, because I just don't where to look for.
  Try setting the com.netscape.ldap.trace property.
  \* When -D command line option is used, defining the property with
  * no value will send the trace output to the standard error. If the
  * value is defined, it is assumed to be the name of an output file.
  * If the file name is prefixed with a '+' character, the file is
  * opened in append mode.
  This will create a ldap trace file of the requests that WLS is making on the
  LDAP server. You can then see
  where the filters are not returning the correct value for the group
  membership.

• LDAP V2 for WLS 7.0

  Has anybody tried to configure LDAP V2 on WLS7.0? According to their edocs, for
  LDAP V2, there will templates for different LDAP servers, but all I see is the
  tab for V1. V2 tab is no where to be seen. I am using WLS 7.0 GA SP1.
  Any info will be appreciated.
  John Lee

  Hi John
  If you can, I recommend moving away from LDAPRealm V2 for WebLogic 7.0
  If you use LDAPRealmV2 you are going to be using the older security model
  (called "compatibility mode" ) instead of the new 7.0 security structure.
  Here are instructions for setting up the new security classes with an
  external LDAP server that I've whipped up
  Instructions for a scratch domain to set up WLS 7.0 with an external LDAP
  server (I am using iPlanet in this example) follow.
  I. create a new domain /mydomain
  II. start server
  III. open WebLogic console in a browser
  IV. in left frame, go to
  security->realms->myrealm->providers->AuthenticationProviders and click
  V. in right frame, click on “Configure a new iPlanet Authenticator”
  VI. In the new screen, under General, make sure the Control Flag is set
  to Required, select a name for this authenticator, and click Create.
  VII. Select iPlanet LDAP tab and fill in values for Host, Port, Principal
  where these values reflect the settings for your LDAP server. (Note: the
  default principal for an iPlanet LDAP server is uid=admin,
  ou=Administrators, ou=TopologyManagement, o=NetscapeRoot). Click Apply.
  VIII. Click on Credential: Change. At the new screen, enter the
  credential associated with the Principal that you entered in step VII in
  both boxes. This will be the password that is used to do a bind to your
  LDAP server with the principal. Click Apply.
  IX. Select Users tab and make sure these properties accurately reflect
  the structure of your LDAP server. Most of the time the only property that
  needs to be changed is the User Base DN property, from
  ou=people,o=example.com to ou=people,o=myCompany.com. Click Apply.
  X. Select Groups tab and make sure these properties accurately reflect
  the structure of your LDAP server. Most of the time the only property that
  needs to be changed is the Groups Base DN property, from
  ou=people,o=example.com to ou=groups,o=myCompany.com. Click Apply.
  XI. Now, the boot identity of your server absolutely must be a user that
  exists on your LDAP server. You must also have an “Administrators” group on
  your LDAP server, and the boot identity must be a user that exists in this
  “Administrators” group, or the server will not start. So open your LDAP
  console (this will be a console that is specific to the LDAP server you are
  using) and use the management tools to create the “Administrators” group and
  a user that you place in the “Administrators” group that is the boot
  identity that you use to start WebLogic.
  XII. Make these changes and restart the server.
  XIII. You can verify that the LDAP setup is correct by doing a thread
  dump. You should see a thread like:
  “LDAPConnThread localhost:389" daemon prio=5 tid=0x8d9b308 nid=0x8f8
  runnable [0x9e2f000..0x9e2fdbc]
  at java.net.SocketInputStream.socketRead(Native Method)
  at java.net.SocketInputStream.read(SocketInputStream.java:86)
  at java.io.BufferedInputStream.fill(BufferedInputStream.java:186)
  at java.io.BufferedInputStream.read(BufferedInputStream.java:204)
  - locked <3281d98> (a java.io.BufferedInputStream)
  at
  netscape.ldap.ber.stream.BERElement.getElement(BERElement.java:101)
  at netscape.ldap.LDAPConnThread.run(LDAPConnThread.java:420)
  where “localhost:389” is the server name and port of your
  LDAP server. This means that your Authenticator has been set up correctly.
  XIV. Now you can delete your default authenticator. Open the WebLogic
  console and go to
  security->realms->myrealm->providers->AuthenticationProviders in the left
  frame, and click
  XV. In the right frame, look for DefaultAuthenticator and click on the
  trash can to the far right. Say “Yes” when it asks if you are sure, then
  click Continue.
  XVI. Restart the WebLogic server. If the server boots correctly, you’re
  done. Everything is working correctly.
  Hope this helps
  Joe Jerry
  John Lee wrote:
  BTW, it is what they have in the edocs.
  http://edocs.bea.com/wls/docs70/secmanage/security6.html#1071872
  "John Lee" <[email protected]> wrote:
  Has anybody tried to configure LDAP V2 on WLS7.0? According to their
  edocs, for
  LDAP V2, there will templates for different LDAP servers, but all I see
  is the
  tab for V1. V2 tab is no where to be seen. I am using WLS 7.0 GA SP1.
  Any info will be appreciated.
  John Lee

• External LDAP Server

  Hello.
  Is it possible to configure WebLogic to use external LDAP server, which in turn is "built in" in other WebLogic (at other physical machine)?
  And if it is possible, can I use OracleInternetDirectoryAuthenticator provider for this?
  (sorry for my english)

  Hi
  OID is all together a different LDAP provider.
  You can try to create a Authenticator of type LDAPAuthenticator and accordingly provide the configurations.
  Check the below note.
  http://docs.oracle.com/cd/E17904_01/web.1111/e13707/atn.htm#i1199007

• Usage of external LDAP server with Portal

  Hi All,
  We are in a situation to use external LDAP server with WLP 8.1. These are the
  constraints we have to deal with:
  1. Only read is allowed from this LDAP server.
  2. This would be used for authentication purpose
  If thats the case, how can we use Visitor Entitlements/Delegated Admin and Group
  creation using Portal Admin tool since this will write to the configured LDAP
  server.
  Can somebody answer my question:
  1. Can we use external LDAP server - just for authetication (I know this is possible
  by using JAAS LoginModule, but I just want to get confirmed on this ) and
  2. Use default and embedded LDAP server for all others like Group/Visitor Entitlements/DAs.
  Any relevant pointers are also welcome.
  TIA,
  Prashanth Bhat.

  Thanks for th ereply. Some of your answers are not clear. Can you pls eloborate
  on this?? Pls see my comments below.
  "Johnson" <[email protected]> wrote:
  >
  Phil,
  Can I use embedded LDAP for production?
  Thanks
  Lawrence
  "Phil Griffin" <BEA> wrote:
  "Prashanth " <[email protected]> wrote in message
  news:[email protected]..
  Hi All,
  We are in a situation to use external LDAP server with WLP 8.1. Theseare
  the
  constraints we have to deal with:
  1. Only read is allowed from this LDAP server.
  2. This would be used for authentication purpose
  If thats the case, how can we use Visitor Entitlements/Delegated Adminand
  Group
  creation using Portal Admin tool since this will write to the configuredLDAP
  server.
  Can somebody answer my question:
  1. Can we use external LDAP server - just for authetication (I knowthis
  is possible
  by using JAAS LoginModule, but I just want to get confirmed on this) and
  >
  You can add the external LDAP server just for authentication, but in
  versions through
  8.1 SP2 WLP will want to verify the user exists (via the UserReaderMBean)
  during
  the login process (this check has been removed in SP3). A work around
  is to
  duplicate
  the user in a provider that does impl UserReaderMBean.
  Prashanth : You mean to say we have to duplicate the User in embedded LDAP server
  also??
  >>
  2. Use default and embedded LDAP server for all others like Group/VisitorEntitlements/DAs.
  >
  Yes, the default/embedded LDAP can still be used for DA/visitor
  entitlements. In the current
  release, the Portal Admin Tools can only be configured to use a single
  authentication provider
  while forming entitlements. In SP3, all configured providers are
  listed/usable by the tools.Prashanth : How can we configure Portal Admin tool to use authentication provider
  for entitlements??
  >>
  Any relevant pointers are also welcome.
  TIA,
  Prashanth Bhat.

• Use of Lotus LDAP server for WLP 7 - LDAP experts ?

  Hi,
  I'm looking for someone who has used the Lotus LDAP server for WLP7
  authentication.
  I connect my portal to the Domino LDAP, User and Groups are working
  fine, but the membership of a user to a group is not.
  I assume that it's related to the parameters I use (especially the
  membership.filter ?):
  "user.filter=(&(uid=%u)(objectclass=person));
  user.dn=O=Apac;
  membership.filter=(&(uniquemember=%M)(objectclass=groupOfNames));
  group.filter=(&(cn=%g)(objectclass=groupOfNames));
  server.host=jpgal01.apac.bea.com;
  group.dn="
  Any help would be appreciate, because I just don't where to look for.
  JP

  "JP" <[email protected]> wrote in message news:[email protected]..
  Hi,
  I'm looking for someone who has used the Lotus LDAP server for WLP7
  authentication.
  I connect my portal to the Domino LDAP, User and Groups are working
  fine, but the membership of a user to a group is not.
  I assume that it's related to the parameters I use (especially the
  membership.filter ?):
  "user.filter=(&(uid=%u)(objectclass=person));
  user.dn=O=Apac;
  membership.filter=(&(uniquemember=%M)(objectclass=groupOfNames));
  group.filter=(&(cn=%g)(objectclass=groupOfNames));
  server.host=jpgal01.apac.bea.com;
  group.dn="
  Any help would be appreciate, because I just don't where to look for.
  Try setting the com.netscape.ldap.trace property.
  \* When -D command line option is used, defining the property with
  * no value will send the trace output to the standard error. If the
  * value is defined, it is assumed to be the name of an output file.
  * If the file name is prefixed with a '+' character, the file is
  * opened in append mode.
  This will create a ldap trace file of the requests that WLS is making on the
  LDAP server. You can then see
  where the filters are not returning the correct value for the group
  membership.

• Use of Lotus LDAP server for WLP 7 - LDAP experts required

  Hi,
  I'm looking for someone who has used the Lotus LDAP server for WLP7
  authentication.
  User and Groups are working fine, the membership of a user to a group is
  not.
  I assume that it's related to the parameters I use (especially the
  membership.filter ?):
  user.filter=(&(uid=%u)(objectclass=person));
  user.dn=O=Apac;
  membership.filter=(&(uniquemember=%M)(objectclass=groupOfNames));
  group.filter=(&(cn=%g)(objectclass=groupOfNames));
  server.host=jpgal01.apac.bea.com;
  group.dn=
  I know that this LDAP server supported, but id it could work at least
  for some time, that would be great !
  thanks for your help,
  JP

  "JP" <[email protected]> wrote in message news:[email protected]..
  Hi,
  I'm looking for someone who has used the Lotus LDAP server for WLP7
  authentication.
  I connect my portal to the Domino LDAP, User and Groups are working
  fine, but the membership of a user to a group is not.
  I assume that it's related to the parameters I use (especially the
  membership.filter ?):
  "user.filter=(&(uid=%u)(objectclass=person));
  user.dn=O=Apac;
  membership.filter=(&(uniquemember=%M)(objectclass=groupOfNames));
  group.filter=(&(cn=%g)(objectclass=groupOfNames));
  server.host=jpgal01.apac.bea.com;
  group.dn="
  Any help would be appreciate, because I just don't where to look for.
  Try setting the com.netscape.ldap.trace property.
  \* When -D command line option is used, defining the property with
  * no value will send the trace output to the standard error. If the
  * value is defined, it is assumed to be the name of an output file.
  * If the file name is prefixed with a '+' character, the file is
  * opened in append mode.
  This will create a ldap trace file of the requests that WLS is making on the
  LDAP server. You can then see
  where the filters are not returning the correct value for the group
  membership.

• Use external Kerberos server for OD master

  Hi all,
  is it possible to use an existing external Kerberos server for our OD master Mac server (needs to be OD master for iCal, but we don't want to move the kerberos service to the Mac)?
  Can anybody explain the necessary steps?
  Thanks a lot for every hint.
  Rene

  When I asked this same question about a year ago I never got a real good response from the outside contractor we deal with or from Apple... Essentially they believe you should stay all Mac for Auth or all other for Auth... Mixing is kind of frowned apon. Or at least at that time I don't know how people feel about this now.
  You should be able to add your non-Mac kerberos source to your server using the Kerberos utility: /System/Library/CoreServices/Kerberos... Edit-> Edit Realms. From there I would hypothesize that if you manually edited your OD records for staff and changed the Passwd entry to point to your other Kerberos server that MAY work... Not sure there.
  I always wanted to get User management down to as few of servers as possible. Going into next year we will only be using our Mac OD server for Machine management and using an OpenLDAP server running on Slackware Linux for User information. The OpenLDAP server fully emulates Apple's OD and is even reconized as an "Open Directory" server in Directory Utility without doing any Advanced or Manual steps. I currently have Kerberos on my OD server then bound to the same Kerberos Server that OpenLDAP is using and have also kerberized the AFP, FTP, and iChat services... All of which work fine. With a quick mod to /etc/authorization users authenticating to this source also get kerberos tickets to hold during the login process which can authenticate them to AFP shares without prompt... Um haven't found anything else thats good for yet, but were looking.... I recently had our Apple Account tech out here to ask about the final piece in my puzzle for iChat, but I'm waiting for an answer on that.
  Don't know if any of this helps you, but maybe it can spark a thought to get you started:>

• JDeveloper 12c "Derby Server for WLS Examples Server" prompt

  Hello,
  I've been playing around with the new JDeveloper 12c, and I've noticed that every time I start up the integrated weblogic 12c server (on Windows), this "Derby Server for WLS Example Server" command prompt opens.
  Is there any way to stop this from happening? or is it a required component?
  Thanks,
  Evan Gilbert

  At the moment it's a needed component. There was a discussion if there is a way to disable this, but from what I remember you currently have to have a full DB (for production) or the derby server for the embedded wls to run.
  Timo

• Free (java-based) LDAP server for Windows

  Hello,
  I am experimenting with JNDI. Can anyone tell me if there is a free LDAP server for Windows that I could use to run JNDI examples.
  Thanks in advance,
  Balteo.

  Attached is may slapd.conf file I used while I was working through the JNDI tutorial. You can find any comments in the original config file - I deleted them in the attachment.
  Do not forget to create the directory 'openldap-ldbm' manually in the apropriate place as defined in the config file.
  cu, Adrian
  slapd.conf
  # $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.7 2001/09/27 20:00:31 kurt Exp $
  # See slapd.conf(5) for details on configuration options.
  # This file should NOT be world readable.
  #include          %SYSCONFDIR%/schema/core.schema
  include          d:/OpenLDAP/schema/core.schema
  include          d:/OpenLDAP/schema/java.schema
  include          d:/OpenLDAP/schema/krb5-kdc.schema
  pidfile          d:/OpenLDAP/slapd.pid
  argsfile     d:/OpenLDAP/slapd.args
  database     ldbm
  suffix          "o=JNDITutorial"
  rootdn          "cn=Manager,o=JNDITutorial"
  rootpw          changeit
  #directory     %LOCALSTATEDIR%/openldap-ldbm
  directory     d:/OpenLDAP/openldap-ldbm
  index     objectClass     eq

• Free LDAP server for Win32 to play?

  Hi.. anybody know free LDAP server for Win32?
  Thanks!

  I found this:
  http://www.eudora.com/free/ldap.html
  Looks like you'll have to compile it yourself, though.
  Actually, can't you access the Windows 2000 Active Directory through LDAP as well?
  .P.

• Derby Server for WLS

  Hi,
  When ever i start an OSB server, along with OSB server comingup, why does a "Derby server for WLS example server" starts at port 1527?
  This is confusing me....! I havent initiated Derver server, then why does it starts....?
  Thanks
  Kane
  Edited by: 919083 on May 20, 2012 8:25 AM

  Hi,
  Derby server is used for storing OSB Reports. you can stop it by unselecting evaluation database while deployment of OSB Server.
  find following link.
  http://osbtutorial.blogspot.sg/
  Abhishek

• OpenLDAP authentication provider with CA LDAP server

  Hi,
  I am trying to get authentication to work using an OpenLDAP AP connecting to CA LDAP server (formerly eTrust LDAP server). I am at the point where the bind is successful, the user account is authenticated in LDAP, but I am unable to retrieve the group information.
  Here is the error for the group lookup:
  ####<Apr 8, 2013 9:48:33 AM CDT> <Debug> <SecurityAtn> <EPMDOWCS8> <ms1> <[ACTIVE] ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <01f9ee928bc01ecd:275c5c34:13dea1201e3:-7ffd-000000000000021d> <1365432513554> <BEA-000000> <[Security:090278]Error listing member groups myACID>
  This is the final error, presumably because the group lookup failed:
  ####<Apr 8, 2013 9:48:33 AM CDT> <Debug> <SecurityAtn> <EPMDOWCS8> <ms1> <[ACTIVE] ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <01f9ee928bc01ecd:275c5c34:13dea1201e3:-7ffd-000000000000021d> <1365432513554> <BEA-000000> <javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User myACID denied
       at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:229)
       at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
       at com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:106)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
       at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
       at javax.security.auth.login.LoginContext$4.run(LoginContext.java:684)
       at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
       at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
       at com.bea.common.security.internal.service.JAASLoginServiceImpl.login(JAASLoginServiceImpl.java:113)
  The CA LDAP server is pointed to a Top Secret database, so the attribute names are atypical as far as directory services objects are concerned. I've tried modifying the group and static group information to search both groups and profiles, but both fail. I've also tried omitting the static group information, and specifying dynamic group info, but that failed as well.
  Here is the search it is running:
  (&(memberOf=tssacid=myACID,tssadmingrp=acids,host=ourdevsysid,o=our.ORG)(objectclass=tssprofile))
  Here the is the group based DN: tssadmingrp=profiles,host=ourdevsysid,o=our.org
  The group search scope is subtree. I tried unlimited, and a limited of 2 levels.
  If I execute the filtered search using a third party tool (JXplorer), I receive this error:
  javax.naming.NamingException: [LDAP: error code 80 - LDP2900E Unknown attribute, , in filter string]; remaining name 'tssadmingrp=profiles,host=ourdevsysid,o=our.org'
       at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3085)
       at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2987)
       at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2794)
       at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1826)
       at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1749)
       at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
       at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)
       at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:257)
       at com.ca.commons.jndi.JNDIOps.rawSearch(JNDIOps.java:1192)
       at com.ca.commons.jndi.JNDIOps.rawSearchSubTree(JNDIOps.java:1039)
       at com.ca.commons.naming.DXOps.rawSearchSubTree(DXOps.java:343)
       at com.ca.commons.jndi.JNDIOps.searchSubTree(JNDIOps.java:1030)
       at com.ca.directory.jxplorer.broker.JNDIDataBroker.unthreadedSearch(JNDIDataBroker.java:772)
       at com.ca.directory.jxplorer.broker.DataBroker.doSearchQuery(DataBroker.java:485)
       at com.ca.directory.jxplorer.broker.DataBroker.processRequest(DataBroker.java:253)
       at com.ca.directory.jxplorer.broker.JNDIDataBroker.processRequest(JNDIDataBroker.java:376)
       at com.ca.directory.jxplorer.broker.DataBroker.processQueue(DataBroker.java:200)
       at com.ca.directory.jxplorer.broker.JNDIDataBroker.processQueue(JNDIDataBroker.java:883)
       at com.ca.directory.jxplorer.broker.DataBroker.run(DataBroker.java:165)
       at java.lang.Thread.run(Thread.java:662)
  When I execute that same search in JXplorer directly on one of the profile objects (e.g. tssprofile=@oneofourprofiles,tssadmingrp=profiles,host=a12sysid,o=tgslc.org), it runs successfully.
  Here is an old post. Seems the op encountered the same problem I did.
  authentication provider for CA eTrust LDAP server
  Anyone work with these technologies in a past life?
  Thanks,
  Rob

  Are you able to see the users in weblogic?Not for this AP. I have a ReadOnly SQL authenticator as well. I am able to see users for that, and for the Default Authenticator.
  Have you assigned admin roles to the user in weblogic?No. I do not intend to do that, and I don't believe I am required to do that.
  is the group base dn properly configured?Yes.

• External LDAP connection for Jive forum webcenter Discussion

  Hi All,
  We could successfully configure external LDAP with Webcenter Discussion forum. In turns Jive forum.
  Problem we are facing : It is authenticating for display name instead of actual userid.
  EX:
  John Paul (display name)
  [email protected] (email id)
  John.paul (userid)
  It is accepting John Paul as username instead of john.paul. This is issue as there can be duplicate display names.
  Which parameter and where to configure to make sure Authentication is done for userid only.

  I think jive is used in webcenter discussions?
  You may have the wrong forum... this is for Webcenter Interaction Products.
  For help with Webcenter Discussion, blogs, and wiki's (part of webcenter services), you want to ask your question here:
  http://forums.oracle.com/forums/forum.jspa?forumID=733