Embedded LDAP configuration in Portal

Hi,
I am currently working on WL10.1MP1, and need to know the probable files involved in Embedded LDAP Configuration in the domain.
Can anyone let me know.
Regards
Lakshmi

Hi Lakshmi,
Default configurations are part of config.xml, security.xml and ldif files in security folder and files in data/LDAP folder in Admin Server.
Vishnu

Similar Messages

Iplanet LDAP Configuration in Portal

Hi All,
I was trying to configure my UME with LDAP - iplanet. (Sun one Directory Server) in SAP Netweaver CE. I downloaded the xml file using config tool.
1. dataSourceConfiguration_iplanet_readonly_db
2. dataSourceConfiguration_iplanet_not_readonly_db
3. dataSourceConfiguration_iplanet_deep_readonly_db
while one should i use? How do i know whether iplanet uses a deep or Flat Hierarchy? When i try to use the
dataSourceConfiguration_iplanet_not_readonly_db. on click of save changes, it gives me some "Technical error". But Validate connection in LDAP Server Properties is working fine.
"Test Connection successful".
But server not starting after restart. How else do i change the UME Configurationfrom Database to LDAP? What is the xml file to use? Is there some other configurations to be done?
Thanks,
Divya
Edited by: Divya V on Nov 19, 2010 10:23 AM

Hi Divya,
Try to contact the systems team who is responsible for maintaining the LDAP in your company. Then call tell you if you use deep or flat hierarchy.
The you need to decide if you want to connect to LDAP only for read only purposes or if you want to update any thing on the LDAP from the portal and have write access.
1. dataSourceConfiguration_iplanet_readonly_db - FOR READ ONLY ACCESS TO LDAP WITH FLAT HIERARCHY
2. dataSourceConfiguration_iplanet_not_readonly_db - FOR WRITEABLE ACCESS TO LDAP
3. dataSourceConfiguration_iplanet_deep_readonly_db - FOR READ ONLY ACCESS TO LDAP WITH DEEP HIERARCHY
You are getting the error when using dataSourceConfiguration_iplanet_not_readonly_db.xmL most likely because the system user that is used to connect to your LDAP might not have write access on the LDAP.
Also, please note that some LDAPs will require an SSL connection between portal and LDAP for writing any thing to the LDAP.
In that case, you will have to setup SSL between EP and LDAP.
Read the documentation for further help:
http://help.sap.com/saphelp_nw70ehp1/helpdata/en/48/d1d13f7fb44c21e10000000a1550b0/frameset.htm
Hope that helps !!
Thanks,
Shanti Mupkala

URGENT : Add & Retrieve properties from Embedded LDAP in Weblogic 9.2

I am using Embedded LDAP WebLogic 9.2 and i followed the steps mentioned in the URL below.I have nt changed anything except Server URL which points to localhost:7001.
http://e-docs.bea.com/wlp/docs92/users/appendixa.html#wp1055363
Questions:
1)How to add additional attributes to embedded LDAP? (eg email, phone etc).
2)How to read those properties from embedded LDAP using WebLogic Portal API? Any code samples?
Any help is appreaciated.

this problem is due to hard-coded user/pwd in installation scripts. Here are steps
1) open file AIA_HOME/Infrastructure/install/wlscripts/FPWLCommonConfig.xml
2) reach to target CreateStartupClasses
3) there are three java tasks for com.oracle.oems.weblogic.AQJMSPasswordUtility
4) in the task for oraesb, password is hardcoded as 'oraesb' in clear text.
5) this should be password of 'ORAESB' database user.
6) change this password value; and restart the installation.
Regards,
Vaibhav

WebLogicServer Embedded LDAP Error!!

Hi,
In the weblogic server environment I am facing the below issue while starting the admin server.
<Error> <EmbeddedLDAP> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1372840341006> <BEA-171500> <The embedded LDAP Configuration file: 'Oracle\Middleware\wlserver_10.3\server\lib\adaptertypes.prop' was not found and the embedded LDAP server has not been started. To resolve the problem, ensure that weblogic.home is defined correctly (it should have a lib subdirectory that contains this file).>
<Critical> <WebLogicServer> <AdminServer> <main> <<WLS Kernel>> <> <> <1372840341022> <BEA-000386> <Server subsystem failed. Reason: weblogic.ldap.EmbeddedLDAPException: Could not find configuration files - see log file for more information
weblogic.ldap.EmbeddedLDAPException: Could not find configuration files - see log file for more information
at weblogic.ldap.EmbeddedLDAP.validateVDEConfigFiles(EmbeddedLDAP.java:936)
at weblogic.ldap.EmbeddedLDAP.start(EmbeddedLDAP.java:255)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
>
The adaptertypes.prop file is not available in the Oracle\Middleware\wlserver_10.3\server\lib location.
Please advise me on how to resolve this issue..
Thanks

BEA-171500
Error: The embedded LDAP Configuration file: fileName was not found and the embedded LDAP server has not been started. To resolve the problem, ensure that weblogic.home is defined correctly (it should have a lib subdirectory that contains this file).
Description
The lib directory contains the configuration files required for the embedded LDAP server. If those files are missing or the appropriate directory cannot be found, then the embedded LDAP server cannot initialize.
Cause
The embedded LDAP server cannot find the specified file. This file is installed as part of the installation process. Most likely, the default directory is not the server root directory and the lib subdirectory cannot be found.
Action
Set the default directory to the server root directory or set the location of the embedded LDAP server configuration files via the weblogic.EmbeddedLDAPConfigDirectory system property.
As suggested in the Action plan for error code 171500,try setting up EmbeddedLDAPConfigDirectory system property in the server start-up script or in setDomainEnv.sh script.
You can set the same as JAVA_OPTIONS in the script.
e.g.
JAVA_OPTIONS="-Dweblogic.EmbeddedLDAPConfigDirectory=/home/mwhome1/wlserver_10.3/server/lib ${JAVA_OPTIONS}"
export JAVA_OPTIONS
Hope this helps!!
Thanks,
Vijaya

Portal 7 and embedded LDAP server

I searched for this on support but nothing much came up on Portal 7, so here
goes:
We're thinking of moving to LDAP for user authentication. LDAP 2 is
supported by the current Portal. What LDAP version is supported by the
embedded LDAP server that comes with WLS? Can I convert sooner or later?
Do I have to wait on something?
Should I put off putting my users into LDAP 2 (OpenLDAP) or wait and use the
embedded LDAP?
Thanks,
Steve

Ture,
Can use LDAP for UUP without using it for authentication/authorization? If so,
how, or at least can you kindly point to a document that descrips how?
Thanks
Ture Hoefner <[email protected]> wrote:
Hello Steve,
I think you may be confusing the LDAP v2 specification with the WLS
6.x, 7.x
V2 LdapRealm. The "V2" in "V2 LdapRealm" does not have anything to do
with the
LDAP v2 spec. It is just version 2 of the LdapRealm (
http://e-docs.bea.com/wls/docs70/secmanage/security6.html#1071872 )
Portal
doesn't really care which LDAP server you are using (and it works with
both the
original LdapRealm and the V2 LdapRealm).
When using Portal with LDAP, there are three things you can use it
for:
1) authentication/authorization, using WLS security framework, and/or
2) read-only Unified User Profile (UUP) via LdapPropertyManager in
ldapprofile.jar to get user properties from LDAP, and/or
3) read/write UUP via your own custom EntityPropertyManager to get/set
user
properties from LDAP.
If you are using LDAP for authentication/authorization, then just follow
instructions from WLS for configuring it. Your Portal app is a J2EE
app that
will use this service from your WLS app server.
If you are using LDAP for a UUP then it doesn't really matter which LDAP
server
you use, as long as it really follows the LDAP spec. Portal just uses
JNDI to
search for attributes in the LDAP server and provides them to you as
user
properties.
Steve Lewis wrote:
I searched for this on support but nothing much came up on Portal 7,so here
goes:
We're thinking of moving to LDAP for user authentication. LDAP 2 is
supported by the current Portal. What LDAP version is supported bythe
embedded LDAP server that comes with WLS? Can I convert sooner orlater?
Do I have to wait on something?
Should I put off putting my users into LDAP 2 (OpenLDAP) or wait anduse the
embedded LDAP?
Thanks,
Steve--
Ture Hoefner
BEA Systems, Inc.
4001 Discovery Drive
Suite 340
Boulder, CO 80303
www.bea.com

How to configure human workflow using embedded ldap in standalone weblogic

I am trying to use embedded ldap to select users for a human workflow. I have created an application server instance using soa server details but the realm field in human workflow remains empty.
Please let me know what would be right steps.

Can you provide more details about the context of where this happens? Are you selecting users in the Organization editor in BPM studio? Is this on 11.1.1.3 or 11.1.1.4?

Portal embedded LDAP

Folks,
Does anyone know what is the technical product used as embedded LDAP for WLP 8.1?
(doesn't appear clearly on install).
Does this directory remain open for external applications or is it totally hidden?

Arnaud,
The Embedded LDAP server is a modified version of the VDE product from
Octetstring
You should post questions about it to weblogic.developer.interest.security.
-Phil
"Arnaud" <[email protected]> wrote in message
news:3f85787b$[email protected]..
>
Folks,
Does anyone know what is the technical product used as embedded LDAP forWLP 8.1?
(doesn't appear clearly on install).
Does this directory remain open for external applications or is it totallyhidden?

Embedded LDAP Server or relational database

Hi,
I'm pretty new to this subject, but I do have a question. Here is the situation.
I need to set up a login portal (in weblogic 8.1) for a webapplication. Customers
(in the future) can login into a secure part of the website, where they can modify
their personal settings and information. We are talking about < 100.000 users.
Now I was thinking of using the embedded LDAP server to set up the authorisation
and identification, but because 2 variables are needed to see if it is a customer
of the company, I am also looking into the possibility of using a relation database
(oracle) to set up the username - password authentication table.
Can somebody tell me the (dis)advantages of using LDAP instead of the relational
database (oracle)? Or give me advise which authorisation method is the best one?
Your help is needed!
Thanks in advance,
Hans
the customer more information is needed to

Ensure that the managed server is running with "Managed Server Independence Enabled" flag checked.
It can be checked on console via Environment --> Servers --> <ServerName> --> Configuration --> Tuning
For more information, please check
http://docs.oracle.com/cd/E14571_01/web.1111/e13708/failures.htm#START169
The above flag is required for the managed server to use the local LDAP repository.
Arun

Embedded LDAP on Weblogic Server

Hi Everyone
i'm currently using the embedded LDAP available in Weblogic for Security for SOA 11g
The users are getting updated on the system-jazn.xml file.But i dont know where the email information is getting stored. Does anyone know where it is stored.
Is there way i would download the users,roles and user properties from the embedded LDAP.
Regards
Sabir

Hi Sabir
1. By default, as far as I know, from pure WLS point of view, we can create new users with just username and password like from WLS Admin Console.
2. I am not much familiar with "The users are getting updated on the system-jazn.xml file". Is this like External Authentication Provider that you configured with WLS.
3. For example, WLS can be configured with any External LDAP sources that has full User Profile and username and password etc. Then for say Weblogic Portal Applications, we have some procedure, to view the entire profile. Even for out of box Embedded LDAP in case of Weblogic Portal Appliations only we can View/Edit the full User Profile from something called Portal Admin Console. But this is all specific to Weblogic Portal Applications only.
If you can give more details on this "system-jazn.xml" file, we can look into it. But when it comes to core WLS, all you can do, configure it with any External Security Provider from Weblogic Console. And additionally create your own custom Authentication Provider. Coming to Profile, I know for Weblogic Portal Applications deployed on this WLS + portal modules, we can View/Edit full Profile.
HTH
Ravi Jegga

Usage of external LDAP server with Portal

Hi All,
We are in a situation to use external LDAP server with WLP 8.1. These are the
constraints we have to deal with:
1. Only read is allowed from this LDAP server.
2. This would be used for authentication purpose
If thats the case, how can we use Visitor Entitlements/Delegated Admin and Group
creation using Portal Admin tool since this will write to the configured LDAP
server.
Can somebody answer my question:
1. Can we use external LDAP server - just for authetication (I know this is possible
by using JAAS LoginModule, but I just want to get confirmed on this ) and
2. Use default and embedded LDAP server for all others like Group/Visitor Entitlements/DAs.
Any relevant pointers are also welcome.
TIA,
Prashanth Bhat.

Thanks for th ereply. Some of your answers are not clear. Can you pls eloborate
on this?? Pls see my comments below.
"Johnson" <[email protected]> wrote:
>
Phil,
Can I use embedded LDAP for production?
Thanks
Lawrence
"Phil Griffin" <BEA> wrote:
"Prashanth " <[email protected]> wrote in message
news:[email protected]..
Hi All,
We are in a situation to use external LDAP server with WLP 8.1. Theseare
the
constraints we have to deal with:
1. Only read is allowed from this LDAP server.
2. This would be used for authentication purpose
If thats the case, how can we use Visitor Entitlements/Delegated Adminand
Group
creation using Portal Admin tool since this will write to the configuredLDAP
server.
Can somebody answer my question:
1. Can we use external LDAP server - just for authetication (I knowthis
is possible
by using JAAS LoginModule, but I just want to get confirmed on this) and
>
You can add the external LDAP server just for authentication, but in
versions through
8.1 SP2 WLP will want to verify the user exists (via the UserReaderMBean)
during
the login process (this check has been removed in SP3). A work around
is to
duplicate
the user in a provider that does impl UserReaderMBean.
Prashanth : You mean to say we have to duplicate the User in embedded LDAP server
also??
>>
2. Use default and embedded LDAP server for all others like Group/VisitorEntitlements/DAs.
>
Yes, the default/embedded LDAP can still be used for DA/visitor
entitlements. In the current
release, the Portal Admin Tools can only be configured to use a single
authentication provider
while forming entitlements. In SP3, all configured providers are
listed/usable by the tools.Prashanth : How can we configure Portal Admin tool to use authentication provider
for entitlements??
>>
Any relevant pointers are also welcome.
TIA,
Prashanth Bhat.

WLP Embedded LDAP dependency in 10.3 ?

Hi,
what's the party line on the embedded LDAP dependency in 10.3 ? Since the WLS version is now up to 10.3 is the dependency gone?
I tried creating a domain with an RDBMS security store but got a weird security related error when trying to deploy a portal app. Verified configuration with a regular webapp that deployed/worked fine.
Thanks,
Petri

Hi Petri,
I hope you are doing well.
For WLP 10.3, only the authorization and role mapper providers which utilize the embedded LDAP are supported by WLP. The next version of WLP is planned to work with the rdbms-based providers.
Brad

LDAP Configuration - Multiple domains

I have a domain called SA and I have subdomains called IL,NY,TX with corresponding users in the subdomain.It is a deep hierarchy.I want to bring all the users from all these subdomains.
Below is my environment,
User path: ou=users,ou=test,dc=IL,dc=SA
User path: ou=users,ou=map,dc=NY,dc=SA
User path: ou=users,ou=temp,dc=TX,dc=SA
If I give a single path, I am able to bring all the LDAP users. What do I need to do to bring all the users from all the subdomains in EP60.

Dear Anonymous User -
Have you tried configuring the connection to the LDAP to use port 3268 instead of 389? Also, you may need to point to the domain controller instead of one of the sub-domains.
Additionally, you'll want to ensure that the users are unique amongst all of the sub-domains. If not, you'll find that users may experience intermittant behaviour.
Finally, you could also configure the portal to use multiple LDAPs, and treat each of th sub-domains as a seperate LDAP even though they physically exist on the same server.
Regards,
Kyle

Can't connect to weblogic embedded LDAP from an init block

Hi
I am trying to use weblogic's embedded LDAP directory in an OBIEE RPD initialisation block, using 10g security model in OBIEE 11g. I need the internal user, BISystemUser, to be validated by an init block in the rpd, but I am not able to configure the weblogic LDAP in an init block, as it is done with AD, for example.
I am following the instructions on "Viewing the Contents of the Embedded LDAP Server from an LDAP Browser" section of this document, http://docs.oracle.com/cd/E21764_01/web.1111/e13707/ldap.htm#i1104934 and I am getting: "LDAP bind failure: Can't connect to LDAP server". Weblogic is up and running, I can connect to its console, OBIEE, etc.
I am using this settings on OBIEE:
Hostname: localhost (I've tried using the actual hostname)
Base DN: dc=bifoundation_domain
Bind DN: cn=Admin
Port: 7001
(I've already reset LDAP's Admin password to a known value).
The curious thing is that I can connect to the same LDAP using the same settings with LDAPExplorerTool2 opensource tool.
Does anyone have an idea what else is missing?
Thank you.

i also have this problem..do u have any solution?

How to connect LDAP to Enterprise Portal

Hi Guru,
            I need complete steps to connect LDAP into enterprise portal as LDAP is microsoft AD existing one.
        I am confuse about the user mapping and authenticatation, compareing and Single sign one. Does we are calling Log on ticket to the first screen of enterprise portal where we enter user ID and password or ?.
             One situation is that one SAP Enterprise portal acts as comparing user id against AD(LDAP) and issue logon ticket. Other system who is accepting the logon ticket is also SAP Netweaver and has its own portal. It has it own login module.
          My first question is " How to establish connection to AD in to on SAP Enterprise Portal
Second is " How to establish connection to that SAP enterprise portal to SAP Netweaver own portal".
Third is " If we are trying to access to SAP Netweaver application through SAP Enterprise portal , how we can able to access, do we need to accesss through ivew of SAP Enterprise portal only or can we access the SAP Netweaver application as soon as we enter userid/passwd on first screen of Enterprise portal directly to SAP Netweaver application, without user the ivew of Enterprise portal
        If you guys understood this situation let me as soon as possible, cuz my boss is on my head. of send me your contack info to my email: [email protected]
Thanks
Happy

Hi Ben,
          Here is my situation is little bit different, we have application server which is SAP Netweaver and HR application is running on this server. we are trying to login into this system through its portal and it has attached with LDAP Microsoft AD.
         We set all LDAP setting and this application having its own login module and it added and I hav seen in Security policy of Visual administrator.
          Now tell me how to configure or adjust login modules with its own login module. How to set login modules stacks such that user ID is match with AD and issue login ticket or can login.
           We tested using user ID which contains in AD as well as Application server's database. we it is not able to login.
           If you see this message please send me your contact info to this email I will explain you more on my situation. Please it is so urgent that my boss is on my head
thanks
happyman
[email protected]

LDAP configuration

Hi,
We are in the process of configuring LDAP for our Portal system (EP 7). We have choosen the data source, Microsoft ADS (Deep Hierachy) + Database. We have generated a XML file and modified accordingly, from the data source, and we got a message "Configuration was successfully saved" and restart J2ee engine. Then we have successfully restarted the J2ee engine. But we still get the error as below
"Connection test with user path failed"
With regards

Hi Kanthi,
are you trying to connect a Microsoft ADS to the portal? (if not, what are you trying to connect?) Then you can simply take a dataSourceConfiguration file that is already present (http://help.sap.com/saphelp_nw70/helpdata/en/48/d1d13f7fb44c21e10000000a1550b0/frameset.htm) . Select the file from the drop down list in the configtool and enter the path to the user and group directly there.
The helpful thing is that you can check the user path and the group path right away before restarting the J2EE engine.
Regards,
Holger.

Embedded LDAP configuration in Portal

Similar Messages

Maybe you are looking for