Embedded LDAP password issue in Weblogic 7

Is this normal? Seems odd to me...
After installing weblogic 7 using the wizard and giving a new password other than "weblogic" for the "weblogic" user, and after using boot.properties to get an encrypted version, the embedded LDAP servers for both admin and managed servers do not seem to have the new password.
If I try to use JNDI to get a JMX MBean Home on the managed server, I get an exception saying I have the wrong password for "weblogic".
After using the admin console to change the password to the value it supposedly already has, the embedded LDAP servers for both the admin and consumer have a new (encrypted but presumably correct) password but the JNDI call still fails.
After undeploying and redeploying the relevant web application the JNDI call succeeds.
Killing and restarting the admin and managed servers does not seem to be relevant. Setting the read replica on startup flag doesn't seem to help. This is mostly on testing on the petstore example. This may be relevant since at some point BEA changed the user/password for it to "weblogic/weblogic"
QUESTIONS:
Does anybody understand why this is happening?
Any ideas for fixes that avoid bouncing and redeployment?
---Paul O

Never mind...
I think I have solved this with the help of an LDAP browser and a custom JNDI/JMX password tester.
One problem that threw me off was that changes that were thought to be happening in testing were not really "taking"
due to precompilation of JSPs. I had thought that redeploying made the correct password "take" but actually it was helping changes in the code to take effect. Another problem that I believe but have yet to verify contributed to the confusion and a related failure to log is that once a user is rejected repeatedly, Weblogic locks the account for a half hour by default.
The bottom line is it really pays to use instruments that tell you what the actual state of affairs is as conjectures are often wrong for unexpected reasons.
---Paul O
Paul O'Rorke wrote:
Is this normal? Seems odd to me...
After installing weblogic 7 using the wizard and giving a new password
other than "weblogic" for the "weblogic" user, and after using
boot.properties to get an encrypted version, the embedded LDAP servers
for both admin and managed servers do not seem to have the new password.
If I try to use JNDI to get a JMX MBean Home on the managed server, I
get an exception saying I have the wrong password for "weblogic".
After using the admin console to change the password to the value it
supposedly already has, the embedded LDAP servers for both the admin and
consumer have a new (encrypted but presumably correct) password but the
JNDI call still fails.
After undeploying and redeploying the relevant web application the JNDI
call succeeds.
Killing and restarting the admin and managed servers does not seem to be
relevant. Setting the read replica on startup flag doesn't seem to
help. This is mostly on testing on the petstore example. This may be
relevant since at some point BEA changed the user/password for it to
"weblogic/weblogic"
QUESTIONS:
Does anybody understand why this is happening?
Any ideas for fixes that avoid bouncing and redeployment?
---Paul O

Similar Messages

  • Settting embedded LDAP password using WLST

    Hi All,
    I have a requirement where I need to automate some setup on weblogic server. As part of these scripts, I need to set the embedded ldap password using WLST . I tried recording the actions through Admin console. But, I wasn't able to use the generated script for the same. Any pointers on this would be really helpful.

    Do you mean you need to change a users password in embeded LDAP? If so here's the link Configuring Existing WebLogic Domains - 12c Release 1 (12.1.1)   look for
    Changing a Password

  • Embedded LDAP on Weblogic Server

    Hi Everyone
    i'm currently using the embedded LDAP available in Weblogic for Security for SOA 11g
    The users are getting updated on the system-jazn.xml file.But i dont know where the email information is getting stored. Does anyone know where it is stored.
    Is there way i would download the users,roles and user properties from the embedded LDAP.
    Regards
    Sabir

    Hi Sabir
    1. By default, as far as I know, from pure WLS point of view, we can create new users with just username and password like from WLS Admin Console.
    2. I am not much familiar with "The users are getting updated on the system-jazn.xml file". Is this like External Authentication Provider that you configured with WLS.
    3. For example, WLS can be configured with any External LDAP sources that has full User Profile and username and password etc. Then for say Weblogic Portal Applications, we have some procedure, to view the entire profile. Even for out of box Embedded LDAP in case of Weblogic Portal Appliations only we can View/Edit the full User Profile from something called Portal Admin Console. But this is all specific to Weblogic Portal Applications only.
    If you can give more details on this "system-jazn.xml" file, we can look into it. But when it comes to core WLS, all you can do, configure it with any External Security Provider from Weblogic Console. And additionally create your own custom Authentication Provider. Coming to Profile, I know for Weblogic Portal Applications deployed on this WLS + portal modules, we can View/Edit full Profile.
    HTH
    Ravi Jegga

  • [Security:090314]Entitlement Engine unable to connect to the embedded LDAP server

              I rebuilt the server and I still can't start cluster server but got a different
              error message. Any thoughts? (Migrating from Weblogic 6.1 to 8.1)
              =============================================================================
              LD_LIBRARY_PATH is:
              /usr/openwin/lib
              /usr/dt/lib
              /usr/lib
              /usr/local/lib
              /export/opt/weblogic/8.1_SP2/weblogic81/server/lib/solaris
              /export/opt/weblogic/8.1_SP2/weblogic81/server/lib/solaris
              /export/opt/weblogic/8.1_SP2/weblogic81/server/lib/solaris/oci920_8
              /opt/rv/lib
              /bin/Solaris <not found>
              /opt/BPARun1.0_A0/lib
              =============================================================================
              CLASSPATH is:
              /export/opt/weblogic/8.1_SP2/weblogic81/server
              /opt/rv/java/rvjpro.jar
              /opt/rv/java/ssmbrvclient.jar
              /opt/rv/java/tibrvj.jar
              /export/opt/weblogic/8.1_SP2/weblogic81/server/lib/weblogic_sp.jar
              /export/opt/weblogic/8.1_SP2/weblogic81/server/lib/weblogic.jar
              /xenv/iona/sun4/5.x/6.0/asp/6.0/lib/asp-corba.jar
              /work2/gx80747/src/Orbix6_config/etc/domains/GFINetEnv
              :$
              at weblogic.security.service.RoleManager.<init>(RoleManager.java:98)
              at weblogic.security.service.SecurityServiceManagerDelegateImpl.doRole(SecurityServiceManagerDelegateImpl.jav
              a:512)
              at weblogic.security.service.SecurityServiceManagerDelegateImpl.initializeRealm(SecurityServiceManagerDelegat
              eImpl.java:408)
              at weblogic.security.service.SecurityServiceManagerDelegateImpl.loadRealm(SecurityServiceManagerDelegateImpl.
              java:697)
              at weblogic.security.service.SecurityServiceManagerDelegateImpl.initializeRealms(SecurityServiceManagerDelega
              teImpl.java:730)
              at weblogic.security.service.SecurityServiceManagerDelegateImpl.initialize(SecurityServiceManagerDelegateImpl
              .java:873)
              at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:719)
              at weblogic.t3.srvr.T3Srvr.initializeHere(T3Srvr.java:820)
              at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:664)
              at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:342)
              at weblogic.Server.main(Server.java:32)
              Reason: weblogic.security.spi.ProviderInitializationException: [Security:090314]Entitlement
              Engine unable to connect
              to the embedded LDAP server
              Cannot instantiate weblogic.entitlement.data.ldap.EData
              null
              

              I rebuilt the server and I still can't start cluster server but got a different
              error message. Any thoughts? (Migrating from Weblogic 6.1 to 8.1)
              =============================================================================
              LD_LIBRARY_PATH is:
              /usr/openwin/lib
              /usr/dt/lib
              /usr/lib
              /usr/local/lib
              /export/opt/weblogic/8.1_SP2/weblogic81/server/lib/solaris
              /export/opt/weblogic/8.1_SP2/weblogic81/server/lib/solaris
              /export/opt/weblogic/8.1_SP2/weblogic81/server/lib/solaris/oci920_8
              /opt/rv/lib
              /bin/Solaris <not found>
              /opt/BPARun1.0_A0/lib
              =============================================================================
              CLASSPATH is:
              /export/opt/weblogic/8.1_SP2/weblogic81/server
              /opt/rv/java/rvjpro.jar
              /opt/rv/java/ssmbrvclient.jar
              /opt/rv/java/tibrvj.jar
              /export/opt/weblogic/8.1_SP2/weblogic81/server/lib/weblogic_sp.jar
              /export/opt/weblogic/8.1_SP2/weblogic81/server/lib/weblogic.jar
              /xenv/iona/sun4/5.x/6.0/asp/6.0/lib/asp-corba.jar
              /work2/gx80747/src/Orbix6_config/etc/domains/GFINetEnv
              :$
              at weblogic.security.service.RoleManager.<init>(RoleManager.java:98)
              at weblogic.security.service.SecurityServiceManagerDelegateImpl.doRole(SecurityServiceManagerDelegateImpl.jav
              a:512)
              at weblogic.security.service.SecurityServiceManagerDelegateImpl.initializeRealm(SecurityServiceManagerDelegat
              eImpl.java:408)
              at weblogic.security.service.SecurityServiceManagerDelegateImpl.loadRealm(SecurityServiceManagerDelegateImpl.
              java:697)
              at weblogic.security.service.SecurityServiceManagerDelegateImpl.initializeRealms(SecurityServiceManagerDelega
              teImpl.java:730)
              at weblogic.security.service.SecurityServiceManagerDelegateImpl.initialize(SecurityServiceManagerDelegateImpl
              .java:873)
              at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:719)
              at weblogic.t3.srvr.T3Srvr.initializeHere(T3Srvr.java:820)
              at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:664)
              at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:342)
              at weblogic.Server.main(Server.java:32)
              Reason: weblogic.security.spi.ProviderInitializationException: [Security:090314]Entitlement
              Engine unable to connect
              to the embedded LDAP server
              Cannot instantiate weblogic.entitlement.data.ldap.EData
              null
              

  • How to change password for a user in WLS 7.0 embedded ldap in code?

    I asked the similar question before but don't have an answer yet.
    I need to change password for a user in my Java code. Any help will be
    appreciated.
    Here is my stack trace:
    c:\Test>java -classpath . testEmbeddedLdap
    attribute: uid
    attribute: description
    attribute: objectclass
    attribute: wlsMemberOf
    attribute: sn
    attribute: cn
    javax.naming.NoPermissionException: [LDAP: error code 50 - Insufficient
    Access Rights]; remaining name
    'uid=myRegularUser,ou=people,ou=myrealm,dc=mydomain'
    at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2872)
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2810)
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2616)
    at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1374)
    at
    com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDir
    Context.java:255)
    at
    com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(Partial
    CompositeDirContext.java:172)
    at
    com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(Partial
    CompositeDirContext.java:161)
    at
    javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.
    java:146)
    at testEmbeddedLdap.main(testEmbeddedLdap.java:30)
    Here is my testing code:
    <PRE>
    import java.util.*;
    import javax.naming.*;
    import javax.naming.directory.*;
    public class testEmbeddedLdap {
    public static void main(String[] argv) {
    Hashtable env = new Hashtable(11);
    env.put(Context.INITIAL_CONTEXT_FACTORY,
    "com.sun.jndi.ldap.LdapCtxFactory");
    env.put(Context.PROVIDER_URL, "ldap://localhost:7001");
    env.put(Context.SECURITY_AUTHENTICATION, "simple");
    env.put(Context.SECURITY_PRINCIPAL, "uid=myAdministrator, ou=people,
    ou=myrealm, dc=mydomain");
    env.put(Context.SECURITY_CREDENTIALS, "myAdministrator");
    try {
    DirContext ctx = new InitialDirContext(env);
    String
    sUser="uid=myRegularUser,ou=people,ou=myrealm,dc=mydomain";
    String sOldPassword="myRegularUser";
    String sNewPassword="newpassword";
    for (NamingEnumeration ae = ctx.getAttributes(sUser).getAll();
    ae.hasMore(); ) {
    Attribute attr = (Attribute)ae.next();
    System.out.println("attribute: " + attr.getID());
    ModificationItem[] mods = new ModificationItem[2];
    Attribute mod0 = new BasicAttribute("userpassword",
    sOldPassword);
    mods[0] = new ModificationItem(DirContext.REMOVE_ATTRIBUTE,
    mod0);
    Attribute mod1 = new BasicAttribute("userpassword",
    sNewPassword);
    mods[1] = new ModificationItem(DirContext.ADD_ATTRIBUTE, mod1);
    ctx.modifyAttributes(sUser, mods);
    ctx.close();
    } catch (NamingException e) {
    e.printStackTrace();
    </PRE>
    "Neil Smithline" <[email protected]> wrote in message
    news:[email protected]...
    Two things. First, I'm not exactly sure what password you are trying to
    change. The LDAP server's password or a user's password in the LDAP
    server. Second, could you please post a stack trace.
    Thanks - Neil
    K Wong wrote:
    I am using (javax.naming.directory.DirContext.modifyAttributes) to
    change
    password to our development Weblogic 7.0 embedded LDAP.
    I login as the system administrator (a user in the administratorsgroup),
    but always gets the javax.naming.NoPermissionException - InsufficientAccess
    Rights.
    What user should I use? Any help will be appreciated.

    Hai,
    This condition based execution requires - javascript coding.
    In miscelleaneous tools bar, you have an option of SCRIPT_ITEM writer tool, drag the tool into your WAD layout, and select the properties , choose the editor option and paste your coding. that's it.
    Alternate option :
    in your web application design layout , you will fine XHTML coding editor , there you need to write coding and execute the same.
    Hope this will help to you.
    Assign Points if its really useful.
    Cheers !!!
    Bye
    Regards,
    Giri

  • Weblogic.server.ServiceFailureException:com- embedded LDAP error

    Hi
    While starting teh weblogic server, I am getting error as
    weblogic.server.ServiceFailureException: Error initialisng embedded LDAP server - with nested exception
    java.lang.ClassCastException:com.octetstring.vde.backend.BackendRoot
    the server is not started (I have installed it as a window service in Win2k)
    Any help on this ?

    there are few different ways to fix this. I do this frequently
    --Delete the data folder and boot the server it will fix the issue. You will lose all the users information (except admin user) need to recrate any ohter users you created.make sure backup data folder
    -- Second get the data folder from domain_bak folder
    Hope this will fix your problem
    Thanks
    ksr
    Edited by: ksr11 on Nov 24, 2010 10:33 AM

  • Can't connect to weblogic embedded LDAP from an init block

    Hi
    I am trying to use weblogic's embedded LDAP directory in an OBIEE RPD initialisation block, using 10g security model in OBIEE 11g. I need the internal user, BISystemUser, to be validated by an init block in the rpd, but I am not able to configure the weblogic LDAP in an init block, as it is done with AD, for example.
    I am following the instructions on "Viewing the Contents of the Embedded LDAP Server from an LDAP Browser" section of this document, http://docs.oracle.com/cd/E21764_01/web.1111/e13707/ldap.htm#i1104934 and I am getting: "LDAP bind failure: Can't connect to LDAP server". Weblogic is up and running, I can connect to its console, OBIEE, etc.
    I am using this settings on OBIEE:
    Hostname: localhost (I've tried using the actual hostname)
    Base DN: dc=bifoundation_domain
    Bind DN: cn=Admin
    Port: 7001
    (I've already reset LDAP's Admin password to a known value).
    The curious thing is that I can connect to the same LDAP using the same settings with LDAPExplorerTool2 opensource tool.
    Does anyone have an idea what else is missing?
    Thank you.

    i also have this problem..do u have any solution?

  • How many entries is embedded LDAP of weblogic 8.1 capable to store ? let's assume we use default LDAP schema being defined in schema.core.xml

     

    "ming qin" <[email protected]> wrote in message news:[email protected]..
    I would like to have entries as users.There are a few issues that arise as the number of users increases. The
    first is management
    of all these users. Will you be able to load/update/manage all of the users
    via the WLS console?
    You can certainly use external LDAP tools to manage the data in the WLS
    embedded LDAP
    server, but using an external LDAP server may offer better tools for
    management than those
    offered in WLS.
    The second is performance. Since the ldap server embedded within WLS uses
    in-memory
    indices, the time to load the indices and the memory required for storing
    them increases as
    the number of users increases. 20-50K seems to have reasonable performance.
    The last is extensibility. The WLS default authenticator stores user,
    description, and password.
    You may have different requirements and want to store additional
    information.

  • URGENT : Add & Retrieve properties from Embedded LDAP in Weblogic 9.2

    I am using Embedded LDAP WebLogic 9.2 and i followed the steps mentioned in the URL below.I have nt changed anything except Server URL which points to localhost:7001.
    http://e-docs.bea.com/wlp/docs92/users/appendixa.html#wp1055363
    Questions:
    1)How to add additional attributes to embedded LDAP? (eg email, phone etc).
    2)How to read those properties from embedded LDAP using WebLogic Portal API? Any code samples?
    Any help is appreaciated.

    this problem is due to hard-coded user/pwd in installation scripts. Here are steps
    1) open file AIA_HOME/Infrastructure/install/wlscripts/FPWLCommonConfig.xml
    2) reach to target CreateStartupClasses
    3) there are three java tasks for com.oracle.oems.weblogic.AQJMSPasswordUtility
    4) in the task for oraesb, password is hardcoded as 'oraesb' in clear text.
    5) this should be password of 'ORAESB' database user.
    6) change this password value; and restart the installation.
    Regards,
    Vaibhav

  • Weblogic embedded ldap

    can someone please confirm - can the embedded ldap server within weblogic handle password policies like min length, max expiry etc... I can't believe that it can't do things like this which seem fundamental to any security set-up.
    If it doesn't can anyone recommend a good 3rd party ldap solution to use with weblogic ?
    cheers,
    Brent

    Hi, Brent.
    Internal ldap properties you can change will be in the file vde.prop. However, you've hit the nail on the head, this is a basic implementation. There are more discussions of it here: http://monduke.com/ Note that you cannot remove this without causing problems. Leave it there, and just add another provider for your normal users.
    I recommend that you configure an alternate authentication provider, which can stitch you to one of many robust providers, like OpenLDAP or ActiveDirectory.
    Cheers,
    -Adrian

  • Weblogic 8.1 & Embedded LDAP server

    Hi,
    Is it possible to store user attributes alongwith username & password in the Weblogic 8.1 Embedded LDAP Server?.
    We have about 6 user profile attributes along with the username & password. Does weblogic's embedded LDAP Server
    support this feature.
    Any help will be appreciated.
    thanx,
    Vishwa

    Hi Vishwap,
    Did you ever found out how to manipulate additional information in the embedded LDAP server?
    I am in critical need to do the same.
    Thanks in advance for your comments.
    Zi

  • What is the WLS 7.0 embedded ldap admin account and password?

    I am using (javax.naming.directory.DirContext.modifyAttributes) to change
    password to our development Weblogic 7.0 embedded LDAP.
    I login as the system administrator (a user in the administrators group),
    but always gets the javax.naming.NoPermissionException - Insufficient Access
    Rights.
    What user should I use? Any help will be appreciated.

    I need to change password for a user. Any help will be appreciated.
    Here is my stack trace:
    c:\Test>java -classpath . testEmbeddedLdap
    attribute: uid
    attribute: description
    attribute: objectclass
    attribute: wlsMemberOf
    attribute: sn
    attribute: cn
    javax.naming.NoPermissionException: [LDAP: error code 50 - Insufficient
    Access Rights]; remaining name
    'uid=myRegularUser,ou=people,ou=myrealm,dc=mydomain'
    at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2872)
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2810)
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2616)
    at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1374)
    at
    com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDir
    Context.java:255)
    at
    com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(Partial
    CompositeDirContext.java:172)
    at
    com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(Partial
    CompositeDirContext.java:161)
    at
    javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.
    java:146)
    at testEmbeddedLdap.main(testEmbeddedLdap.java:30)
    Here is my testing code:
    <PRE>
    import java.util.*;
    import javax.naming.*;
    import javax.naming.directory.*;
    public class testEmbeddedLdap {
    public static void main(String[] argv) {
    Hashtable env = new Hashtable(11);
    env.put(Context.INITIAL_CONTEXT_FACTORY,
    "com.sun.jndi.ldap.LdapCtxFactory");
    env.put(Context.PROVIDER_URL, "ldap://localhost:7001");
    env.put(Context.SECURITY_AUTHENTICATION, "simple");
    env.put(Context.SECURITY_PRINCIPAL, "uid=myAdministrator, ou=people,
    ou=myrealm, dc=mydomain");
    env.put(Context.SECURITY_CREDENTIALS, "myAdministrator");
    try {
    DirContext ctx = new InitialDirContext(env);
    String
    sUser="uid=myRegularUser,ou=people,ou=myrealm,dc=mydomain";
    String sOldPassword="myRegularUser";
    String sNewPassword="newpassword";
    for (NamingEnumeration ae = ctx.getAttributes(sUser).getAll();
    ae.hasMore(); ) {
    Attribute attr = (Attribute)ae.next();
    System.out.println("attribute: " + attr.getID());
    ModificationItem[] mods = new ModificationItem[2];
    Attribute mod0 = new BasicAttribute("userpassword",
    sOldPassword);
    mods[0] = new ModificationItem(DirContext.REMOVE_ATTRIBUTE,
    mod0);
    Attribute mod1 = new BasicAttribute("userpassword",
    sNewPassword);
    mods[1] = new ModificationItem(DirContext.ADD_ATTRIBUTE, mod1);
    ctx.modifyAttributes(sUser, mods);
    ctx.close();
    } catch (NamingException e) {
    e.printStackTrace();
    </PRE>
    "Neil Smithline" <[email protected]> wrote in message
    news:[email protected]...
    Two things. First, I'm not exactly sure what password you are trying to
    change. The LDAP server's password or a user's password in the LDAP
    server. Second, could you please post a stack trace.
    Thanks - Neil
    K Wong wrote:
    I am using (javax.naming.directory.DirContext.modifyAttributes) to
    change
    password to our development Weblogic 7.0 embedded LDAP.
    I login as the system administrator (a user in the administratorsgroup),
    but always gets the javax.naming.NoPermissionException - InsufficientAccess
    Rights.
    What user should I use? Any help will be appreciated.

  • Changelog.data size growing too big in embedded LDAP /weblogic

    Hi Team,
    We have embedded LDAP.
    We are having issues in setting the no of entries for changelog.data.
    Could anyone of you help as how could we set the treshold for changelog.data .
    we are using Linux server and weblogic as app server.
    Thanks In Advance..

    Thanks..
    But that doesnt seemed to be working.
    I have set following parameter in startup
    -javaagent:/app/platform/wily/current//Agent.jar -Dcom.wily.introscope.agentProfile=/app/platform/wily/current/IntroscopeAgent.profile - Dcom.wily.introscope.agent.agentName=Cramer-Dev0-RM-Admin -Dweblogic.security.ldap.changeLogThreshold=10 -Dweblogic.security.ldap.maxSize=1048576
    Now prior to setting 10 ,I had set it to 30 cleared changelog.data and restarted .It got generated with 28mb size.
    After setting 10 also its the same size of changelog that i could see.
    could you tell me what went wrong..
    Thanks

  • Weblogic 9.2 Embedded LDAP Login denied!

    Hi,
    I am trying to put together users/ groups in the Embeded ldap for LDAP authentication. I saw in the embedded LDAP, the tree as
         domainName->myrealm->groups,people etc by default.
    Now, under the LDAP root domainName, I created a directory structure as:
         domainName->myorg->groups,users.
    In the weblogic console ( myrealm is the default security realm.)
    under myrealm, I created LDAP Authentication Provider and gave all the LDAP provider specific info for searching etc.
    I was able to see the users using the console screen.
    Now in my Web Application, using the "FORM based Authentication"(using j_username etc) I tried to login.
    I saw the AdminServer log:
    --getDNForUser search("ou=people,ou=myrealm,dc=domainA", "(&(uid=ldapuser2)(objectclass=person))", base DN & below)
    with the following exception:
    --javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User ldapuser2 denied
         at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:191)
    which means, Weblogic was trying to use the LDAP params which were pointing to 'myrealm'.
    I was expecting weblogic to search as I specified in the provider:
    "ou=users,ou=myorg,dc=domainA" rather than "ou=people,ou=myrealm,dc=domainA".
    Remember I am using Embeded LDAP.
    Please let me know whether what I am trying to achieve is something that Weblogic is capable of.
    By the way, when I put my users under the 'myrealm' directory it does authenticate.
    Please let me know
    Thank you in advance.
    Azim

    These are the steps that I followed to connect weblogic 9.2 with LDAP Port 636(SSL Enabled) and it worked fine.
    Steps for Installation of SSL
    1.     Modify the Provider Specific configuration in the Admin Console to use port 636 and ‘SSL Enabled’ (OR Modify config.xml)
         <wls:port>636</wls:port>
         <wls:ssl-enabled>true</wls:ssl-enabled>
    2.     Back up the D:\apps\bea\wls92\weblogic92\server\lib directory
    3.     Copy the certificate (xxxx.cer) to that directory
    4.     Import the certificate into the keystore:
    5.     D:\apps\bea\wls92\jrockit_150_12\bin\keytool -v -import -alias ldapcert -keystore DemoTrust.jks -file entrust_ssl_ca.cer -storepass DemoTrustKeyStorePassPhrase
    6.     Add the following parameter to the JAVA_OPTIONS in the start script (setDomainEnv.cmd):
    a.     -Dweblogic.security.SSL.allowSmallRSAExponent=true
    7.     Restart WebLogic (Admin) Server

  • Load balancing and failover in Embedded LDAP in weblogic

    How to handle load balancing and failover in Embedded LDAP in weblogic server?

    You should consider posting this to the Weblogic and/or LDAP support forums. This forum is meant for Sun Web Server questions.
    Thanks
    Manish

Maybe you are looking for

  • Page Size in a PDF

    I'm making a book in MS Word. I've made the page size 5.25 by 8. When I convert to pdf, I get the default 8.5 by 11. How can I make the pdf the correct page size? Help! Thanks, Tom

  • Macbook Pro Retina and a 45w MagSafe 1 Adaptor

    hello all. i am considering upgrading from a Macbook Air to the new MacBook Pro with Retina Display. However, i would first like to know what happens if you plug the new MacBook Pro with Retina Display into the older Air's 45w MagSafe 1 adaptor? The

  • Itunes can't locate song on computer since upgrading to 7.1.1

    I upgraded to i Tunes 7.1.1, now it can't locate my songs and it wants me to erase and sync my I Pod, Any Suggestion would be appreciated. When I click on a song to play it lets me looks for the files in music folders in the iTunes library but names

  • Sequence of items in 'to do' list now abritary after adding a new calender

    Hi I doubt there is a fix for this but I would like to understand the problem. I added a new calender (on the left, in a new color) and my to do list is now scrambled. The sequence of items was important, they were grouped, and now they seem to be in

  • Middleware Question - Initial Load vs. Synchronize

    Is the initial load (transaction R3AS) of an adapter object required for replication to be carried out from R/3 to CRM? Can I synchronize (R3AS4) instead if I don't need the existing data? Also, is it even required to do some sort of action (either i