External LDAP Server
Hello.
Is it possible to configure WebLogic to use external LDAP server, which in turn is "built in" in other WebLogic (at other physical machine)?
And if it is possible, can I use OracleInternetDirectoryAuthenticator provider for this?
(sorry for my english)
Hi
OID is all together a different LDAP provider.
You can try to create a Authenticator of type LDAPAuthenticator and accordingly provide the configurations.
Check the below note.
http://docs.oracle.com/cd/E17904_01/web.1111/e13707/atn.htm#i1199007
Similar Messages
-
Use of external LDAP server in Weblogic Commerce Server
I'm using the following software:
Iplanet Directory Server v5
Weblogic Application Server v6
Weblogic Commerce v3.5
I need to configure Weblogic Commerce Server to use Iplanet Directory Server directory
services. How do I do that?
I have a couple of questions related to this:
1) As Weblogic Commerce Server runs on top of Weblogic v6, does it mean that to
use an external LDAP server, I need to configure weblogic v6 to do that and not
Weblogic Commerce Server?
2) Whatever may be the case above, how do I do that?
3) config.xml (weblogic application server v6) contains information that needs
to be modified to point to an external JNDI source provider but what information
do I need to modify?
I'd really appreciate if someone can help me out here. Thanks!"JP" <[email protected]> wrote in message news:[email protected]..
Hi,
I'm looking for someone who has used the Lotus LDAP server for WLP7
authentication.
I connect my portal to the Domino LDAP, User and Groups are working
fine, but the membership of a user to a group is not.
I assume that it's related to the parameters I use (especially the
membership.filter ?):
"user.filter=(&(uid=%u)(objectclass=person));
user.dn=O=Apac;
membership.filter=(&(uniquemember=%M)(objectclass=groupOfNames));
group.filter=(&(cn=%g)(objectclass=groupOfNames));
server.host=jpgal01.apac.bea.com;
group.dn="
Any help would be appreciate, because I just don't where to look for.
Try setting the com.netscape.ldap.trace property.
\* When -D command line option is used, defining the property with
* no value will send the trace output to the standard error. If the
* value is defined, it is assumed to be the name of an output file.
* If the file name is prefixed with a '+' character, the file is
* opened in append mode.
This will create a ldap trace file of the requests that WLS is making on the
LDAP server. You can then see
where the filters are not returning the correct value for the group
membership. -
Using external LDAP server for WL JNDI lookups
I'm trying to find out if it is possible to re-direct JNDI calls to the WL
server to an external LDAP server. I know you can install an external LDAP
server for security purposes, but I would like to use an external LDAP
server to handle all JNDI lookups (like for JNDI EJB name location, etc.).
Is this possible?You typically need to use our JNDI store. We strongly recommend this for
performance reasons..
You can use the JNDI To LDAP bridge which is available from the sun web
site.
Michael Girdley
BEA Systems Inc
"Jack Archer" <[email protected]> wrote in message
news:[email protected]..
I'm trying to find out if it is possible to re-direct JNDI calls to the WL
server to an external LDAP server. I know you can install an external LDAP
server for security purposes, but I would like to use an external LDAP
server to handle all JNDI lookups (like for JNDI EJB name location, etc.).
Is this possible? -
Usage of external LDAP server with Portal
Hi All,
We are in a situation to use external LDAP server with WLP 8.1. These are the
constraints we have to deal with:
1. Only read is allowed from this LDAP server.
2. This would be used for authentication purpose
If thats the case, how can we use Visitor Entitlements/Delegated Admin and Group
creation using Portal Admin tool since this will write to the configured LDAP
server.
Can somebody answer my question:
1. Can we use external LDAP server - just for authetication (I know this is possible
by using JAAS LoginModule, but I just want to get confirmed on this ) and
2. Use default and embedded LDAP server for all others like Group/Visitor Entitlements/DAs.
Any relevant pointers are also welcome.
TIA,
Prashanth Bhat.Thanks for th ereply. Some of your answers are not clear. Can you pls eloborate
on this?? Pls see my comments below.
"Johnson" <[email protected]> wrote:
>
Phil,
Can I use embedded LDAP for production?
Thanks
Lawrence
"Phil Griffin" <BEA> wrote:
"Prashanth " <[email protected]> wrote in message
news:[email protected]..
Hi All,
We are in a situation to use external LDAP server with WLP 8.1. Theseare
the
constraints we have to deal with:
1. Only read is allowed from this LDAP server.
2. This would be used for authentication purpose
If thats the case, how can we use Visitor Entitlements/Delegated Adminand
Group
creation using Portal Admin tool since this will write to the configuredLDAP
server.
Can somebody answer my question:
1. Can we use external LDAP server - just for authetication (I knowthis
is possible
by using JAAS LoginModule, but I just want to get confirmed on this) and
>
You can add the external LDAP server just for authentication, but in
versions through
8.1 SP2 WLP will want to verify the user exists (via the UserReaderMBean)
during
the login process (this check has been removed in SP3). A work around
is to
duplicate
the user in a provider that does impl UserReaderMBean.
Prashanth : You mean to say we have to duplicate the User in embedded LDAP server
also??
>>
2. Use default and embedded LDAP server for all others like Group/VisitorEntitlements/DAs.
>
Yes, the default/embedded LDAP can still be used for DA/visitor
entitlements. In the current
release, the Portal Admin Tools can only be configured to use a single
authentication provider
while forming entitlements. In SP3, all configured providers are
listed/usable by the tools.Prashanth : How can we configure Portal Admin tool to use authentication provider
for entitlements??
>>
Any relevant pointers are also welcome.
TIA,
Prashanth Bhat. -
Authentication problem by external ldap server for WLS 7.0
Hi all,
I have configured iPlanet directory Server to serve as authentication security
provider for WLS 7.0.While doing so I have created a Test security realm and made
it as default.I have also configured the other default settings for the remaining
security providers for the realm.
Now, while I start the WLS with the default username and password, boot-error
comes as given below. As a matter of fact I have also created groups with relevant
username and pwd in the ldap server as specified bu the Bea documentation.
I have tried to remove the problem since last 4 days but all in fiasco.
If anybody has any pointer to the problem - it will be a great help.
The error :
* To start WebLogic Server, use a username and *
* password assigned to an admin-level user. For *
* server administration, use the WebLogic Server *
* console at http://[hostname]:[port]/console *
D:\bea\weblogic700\samples\server\config\petstore>"D:\bea\jdk131_03\bin\java"
-h
otspot -Xms32m -Xmx200m -Dpet.mode= - Dweblogic.management.discover=false -Dweblo
gic.Name=petstoreServer -Dbea.home="D:\bea" -Dweblogic.management.username=weblo
gic -Dweblogic.management.password=weblogic -Dweblogic.ProductionModeEnabled=tru
e -Djava.security.manager -Djava.security.policy=="D:\bea\weblogic700\server\lib
\weblogic.policy" weblogic.Server
Starting WebLogic Server...
<Nov 19, 2002 10:08:04 AM IST> <Notice> <Management> <140005> <Loading configura
tion D:\bea\weblogic700\samples\server\config\petstore\.\config.xml>
<Nov 19, 2002 10:08:21 AM IST> <Notice> <Security> <090082> <Security initializi
ng using realm RitTestRealm.>
<Nov 19, 2002 10:08:22 AM IST> <Critical> <WebLogicServer> <000364> <Server fail
ed during initialization. Exception:java.lang.SecurityException: User weblogic
i
s not permitted to boot the server
java.lang.SecurityException: User weblogic is not permitted to boot the server
at weblogic.security.service.SecurityServiceManager.doBootAuthorization(
SecurityServiceManager.java:1076)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
erviceManager.java:1116)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:703)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:588)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:276)
at weblogic.Server.main(Server.java:31)
>
Regards,
RitwikThanks Vijay - it has worked by creating the Administrator group in LDAP but Weblogic
documentation also states the creation of any group in Ldap server with the boot
username and pwd and then adding the group in the admin role of WLS7.0 - but this
did not work.
If there is any info regarding the same - pl. do let me know
Regards,
Ritwik
"Vijay" <[email protected]> wrote:
>
Ritwik,
I think WebLogic 7 requires a group called "Administrators" in the LDAP
server
and requires an user to be added to that group. I have this working in
one of
my projects. The group really doesnt need to be an LDAP administrative
group.
Can you provide any additional information. I might be able to help since
I got
this working only a coupla days back.
Vijay
"Ritwik Batabyal" <[email protected]> wrote:
Hi all,
I have configured iPlanet directory Server to serve as authentication
security
provider for WLS 7.0.While doing so I have created a Test security realm
and made
it as default.I have also configured the other default settings forthe
remaining
security providers for the realm.
Now, while I start the WLS with the default username and password, boot-error
comes as given below. As a matter of fact I have also created groups
with relevant
username and pwd in the ldap server as specified bu the Bea documentation.
I have tried to remove the problem since last 4 days but all in fiasco.
If anybody has any pointer to the problem - it will be a great help.
The error :
* To start WebLogic Server, use a username and *
* password assigned to an admin-level user. For *
* server administration, use the WebLogic Server *
* console at http://[hostname]:[port]/console *
D:\bea\weblogic700\samples\server\config\petstore>"D:\bea\jdk131_03\bin\java"
-h
otspot -Xms32m -Xmx200m -Dpet.mode= - Dweblogic.management.discover=false
-Dweblo
gic.Name=petstoreServer -Dbea.home="D:\bea" -Dweblogic.management.username=weblo
gic -Dweblogic.management.password=weblogic -Dweblogic.ProductionModeEnabled=tru
e -Djava.security.manager -Djava.security.policy=="D:\bea\weblogic700\server\lib
\weblogic.policy" weblogic.Server
Starting WebLogic Server...
<Nov 19, 2002 10:08:04 AM IST> <Notice> <Management> <140005> <Loading
configura
tion D:\bea\weblogic700\samples\server\config\petstore\.\config.xml>
<Nov 19, 2002 10:08:21 AM IST> <Notice> <Security> <090082> <Security
initializi
ng using realm RitTestRealm.>
<Nov 19, 2002 10:08:22 AM IST> <Critical> <WebLogicServer> <000364><Server
fail
ed during initialization. Exception:java.lang.SecurityException: User
weblogic
i
s not permitted to boot the server
java.lang.SecurityException: User weblogic is not permitted to bootthe
server
at weblogic.security.service.SecurityServiceManager.doBootAuthorization(
SecurityServiceManager.java:1076)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
erviceManager.java:1116)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:703)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:588)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:276)
at weblogic.Server.main(Server.java:31)
>
Regards,
Ritwik -
Changing user password in the external LDAP server from weblogic
Hi !
We have been successful in configuring the ldap security realm from weblogic 7.0.
We have also done the user authentication.
Now we want to allow the user himself to change his password from the application.Can
the user password which is stored in an iplanet directory server be changed from
application?If yes , then is there any extra configuration that needs to be doneI am not sure whether u got an answer for this..
But iplanet provides a web-link for end-users to change their LDAP password...u
can just give this link in ur app ..and iplanet will take care of the rest..
Krish Venkataraman
Bank Of America Corp.
Senior Analyst
"Mitali" <[email protected]> wrote:
>
Hi !
We have been successful in configuring the ldap security realm from weblogic
7.0.
We have also done the user authentication.
Now we want to allow the user himself to change his password from the
application.Can
the user password which is stored in an iplanet directory server be changed
from
application?If yes , then is there any extra configuration that needs
to be done -
Error -14002 -- connecting to external LDAP server -- HELP!
Hi all,
I did a clean install over an exisiting 10.4 Server that was connected via LDAP to our eDirectory. I exported and imported our custom mappings into /System/Library/DirectoryServices/Templates/LDAPv3 . (Which we can do on any of our 10.4 servers and its fine).
However it appears that the 10.5 server can't properly see the eDirectory server. We've tried all combinations of SSL on/off, port 636 or 389, using authentication or not. Whatever we do, Workgroup manager gives the following when trying to browse and will lock up if run from a client system. WGM will not lock up on the server but will still give the attached error.
"Error of type eDSOpenNodeFailed (-14002) on line 3873 of /SourceCache/WorkgroupManager/WorkgroupManager-319/PMMUGMainView.mm"
Interestingly, using an LDAP-browsing application like LDapper from the server is completely successful in browsing eDirectory.
Any takers??Assuming you meant /etc/openldap/ldap.conf I changed mine, which now reads
something similar to the following (there doesn't seem to be any way to
get the forum to not apply some sort of wiki-style markup)
arbela:~ nw$ cat /etc/openldap/ldap.conf
# LDAP Defaults
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
#BASE dc=example, dc=com
#URI ldap://ldap.example.com ldap://ldap-master.example.com:666
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
TLS_REQCERT never
arbela:~ nw$
But I still get the same error. -
When does Authentication provider see changes made in external LDAP server?
Hi,
We have Active Directory authentication provider configured and wrking fine.
If administrator makes changes to the users/groups in LDAP, when does
authentication provider will seee them? When user authenticates for the
first time? When provider initializes? Are user group assignments updated
dynamicaly by webLogic?
Regards,
AntonHi,
We have Active Directory authentication provider configured and wrking fine.
If administrator makes changes to the users/groups in LDAP, when does
authentication provider will seee them? When user authenticates for the
first time? When provider initializes? Are user group assignments updated
dynamicaly by webLogic?
Regards,
Anton -
How to access an External LDAP on a weblogic server using OPSS APIs.
Hi,
Can anyone let me know how I can access an External LDAP configured on a weblogic server using OPSS APIs( or alternative APIs).
I'm currently using the below snippet and I'm getting only the Users and groups from the DefaultAutheticator on the weblogic server and not the external LDAP Server.
I've verified the providers, users and groups on the weblogic server console and can see that external LDAP server content is being picked, but my below code does not query them.
import oracle.security.idm.IMException;
import oracle.security.idm.IdentityStore;
import oracle.security.idm.Role;
import oracle.security.jps.JpsContext;
import oracle.security.jps.JpsContextFactory;
import oracle.security.jps.JpsException;
import oracle.security.jps.service.idstore.IdentityStoreService;
List<Role> rowData = null;
JpsContextFactory ctxf = JpsContextFactory.getContextFactory();
JpsContext ctx = ctxf.getContext();
IdentityStoreService storeService = ctx.getServiceInstance(IdentityStoreService.class);
IdentityStore idStore = storeService.getIdmStore();
rowData = this.getRoles(idStore, "*");
Any help or pointers are highly appreciated.
Thanks,
BhaskerCan anyone please provide any suggestions. I trying to google around but still not able to find any solution.
Thanks,
Bhasker -
Identity Server using external LDAP
anyone have idea whether ID Server can use external an LDAP server for authentication, like the Policy Server in Portal Server 3 ?
Wilson.You typically need to use our JNDI store. We strongly recommend this for
performance reasons..
You can use the JNDI To LDAP bridge which is available from the sun web
site.
Michael Girdley
BEA Systems Inc
"Jack Archer" <[email protected]> wrote in message
news:[email protected]..
I'm trying to find out if it is possible to re-direct JNDI calls to the WL
server to an external LDAP server. I know you can install an external LDAP
server for security purposes, but I would like to use an external LDAP
server to handle all JNDI lookups (like for JNDI EJB name location, etc.).
Is this possible? -
External LDAP and attributes aliases mapping ?
I have mapped iwtUserInfoProvider-lastName = sn.
And when i after that access the Portal Server and try to uppdate for examlpe my "IMAP user name" in the User Info channel the Portal Server tries to update my "External LDAP Server". This update is unsuccessful and i get an "error storing user profile".
Why is the Portal Server trying to update my external LDAP server??
I only want it to fill in som info for me......By configuring External LDAP we map certain LDAP-parameters to portal-parameters. Thus while updating the User Info channel we get "error storing user profile". Edit the /etc/opt/SUNWips/desktop/default/iwtUserInfoProvider/edit.template file to not include the non-writable fields in the form, then the user info provider will not try to write those fields. This should help.
Thanks,
Raj_indts
Developer Technical Support
Sun Microsystems
http://www.sun.com/developers/support -
Hi.
Is it possible to use external LDAP server for my UCM server without using external LDAP server for my admin server?
That is I have a domain with admin server and UCM server.
My admin server doesn't have external LDAP.
So is it possible to use external LDAP server for my UCM server in such situation?
And if it is possible, could you give me some information about it?
(sorry for my english)First of all, thank you for links.
But I have a problem: I configured my own LDAP provider and I can see that 'Connection State' is good (5 out of 5 connections are good), but I can not log in into UCM with users in my LDAP (Invalid Credentials. Please try entering your user name and password again.).
Here is my LDAP provider configuration:
Provider Name: MyLDAP
Provider Description: MyLDAP
Connection State: 5 out of 5 connections are good
Last Activity Date: 12/17/12 4:23 PM
Provider Type: ldapuser
Provider Class: intradoc.provider.LdapUserProvider
Provider Connection: intradoc.provider.LdapConnection
Source Path: MyLDAP
LDAP Server: localhost
LDAP Suffix: dc=example,dc=com
LDAP Port: 10389
Number of connections: 5
Connection timeout: 10
Priority: 1
Credential Map:
SSL Enabled: No
Attribute Map: uid:dFullName
Role Prefix: ou=groups
Default Network Roles: guest
Filter Groups: Yes
Use Full Group Name: No
LDAP Admin DN: uid=admin,ou=system
And my LDAP structure:
"dc=example,dc=com"
_____"ou=groups,dc=example,dc=com"
__________"cn=Administrators,ou=groups,dc=example,dc=com"
__________"cn=admin,ou=groups,dc=example,dc=com"
_____"ou=people,dc=example,dc=com"
__________"uid=asdasd,ou=people,dc=example,dc=com"
__________"uid=qweqwe,ou=people,dc=example,dc=com"
In 'cn=Administrators' entry I have 'uniqueMember:uid=asdasd,ou=people,dc=example,dc=com' property
In 'cn=admin' entry I have 'uniqueMember:uid=qweqwe,ou=people,dc=example,dc=com' property
Nevertheless I can't log in into UCM with users in my LDAP (Invalid Credentials. Please try entering your user name and password again.).
Could you show me my mistake?
Edited by: Michael Baygeldin on Dec 17, 2012 5:34 AM -
How to configure webcenter services to use external LDAP?
Reassociating the identity store with an external LDAP server is mandatory only if you're using the Documents service and/or the Discussions service, in which case the WC_Spaces server, Content Server, and Collaboration server must all be configured to use the same external LDAP server.
The question is how to configure?
Is there any document which details this?
Please help! this is urgent.
RegardsRefer
http://docs.oracle.com/cd/E28280_01/webcenter.1111/e12405/wcadm_security_id_store.htm#WCADM1845
http://docs.oracle.com/cd/E28280_01/webcenter.1111/e12405/wcadm_security_id_store.htm#WCADM345
Thanks -
Set User Description by external ldap authenticator
Hi,
I used a customized iplanet Authentication Providers to authenticate the user.
After the system is started and I goes to "Security Realms > myrealm > Users and Groups -> Users", I am able to see a list of user from Ldap server. Name field is username. But description is empty. How could I populate description field by field in External Ldap server?
Thanks,Hi,
I used a customized iplanet Authentication Providers to authenticate the user.
After the system is started and I goes to "Security Realms > myrealm > Users and Groups -> Users", I am able to see a list of user from Ldap server. Name field is username. But description is empty. How could I populate description field by field in External Ldap server?
Thanks, -
CUBAC Enable external LDAP integration
Hi,
I've client where Attendant is seeing the User's Home Phone number. Customer's requirement is to show the Mobile and IP Phone extension.
To me it seems they aren't synchronizing with CUCM but directly with Microsoft AD. Enable external LDAP integration is checked and greyed out.
Is my doubt correct, the client is pulling the Phone information from AD directly?
How can I uncheck the External LDAP Integration checkbox, do I need to rerun the setup or LDAPServer.exe to do it? Would there be any loss of configuration?
If Customer wants to continue pulling the info from MS AD directly, can I add some kind of filters in CUBAC not to pick up Home phone field but Mobile Phone and IP Phone extension if those fields are populated?
CUBAC version is 3.1.8
Thanks,
inner_silenceHi Madhav,
See inline COMMENTS (below)
Bala
"madhav" <[email protected]> wrote:
>
Hi,
Context:
I'm using SunOne Directory server as the External LDAP server for my
application.
Q1 ) My understanding is that the default providers provided by Weblogic
communicate
ONLY with the embedded LDAP server. Is this understanding correct? That
means
if I'm integrating with the external LDAP server, I need to have custom
implementation
for ALL the providers ( i.e Authentication Provider, Authorization provider,
IDentity
Assertion Provider, RoleMapper , Credential Mapper etc). COMMENTS :
Your understading is correct. (for Authentication, Autherization, RoleMapper,
CredentialMapper). But you dont need to create custom implementation for all providers.
You can plug and play OR stack providers in the default realm (myrealm). Or you
can create your own realm and still can add the weblogic OOTB providers, wherever
you dont want to implement custom providers. OOTB BEA provides an Authentication
provider which can integrate with 3rd party Directory Servers (see http://e-docs.bea.com/wls/docs81/secmanage/providers.html#1172008
for more info). But if you wish to perform other services like Authorization,
CredentialMapping, RoleMapping with external LDAP providers, then YES you have
to write custom providers.
>
Q2) Or is there a way I can configure the weblogic to communicate with
an External
LDAP server so that I can use the default providers i.e when I invoke
request.isUserInRole(....),
the look up should be on the external LDAP NOT the internal LDAP.COMMENTS :
No the default providers are written to look up the Embeded LDAP. But writing
a provider is well documented (see http://e-docs.bea.com/wls/docs81/dvspisec/index.html
more info)
>
Regards,
Madhav
Maybe you are looking for
-
When I open iTunes, it will not allow me to preview or download TV shows. The preview and download options are gray and will not let me view them. I have tried installing the latest Quicktime but it tells me that I have to do software update and when
-
Sender File Adapter Bespoke Module Development
I have been following the How To ... Create Modules for the J2EE Adapter Engine to create a bespoke module for the Sender File Adapter. Initially all the module does is write a message to the Augit Log. The module has been deployed to XI successfully
-
3rd gen 40g dock connector touchwheel with 4 buttons above wheel
i have old 3rd gen 40g dock connector touchwheel with 4 buttons above wheel. does not have firewire port on top , just hold switch and funky headphone jack for wired remote control . battery has long since died but still runs fine off wall current ch
-
Hi All, I got a question while working with ALV interactive report. What are possibilities to create a push button on basic list. Thanks in advance. regards, deepthi
-
Creating truly custom mail rule - Subject line word length?
hey, first post... i am noting tons of spam where the subject line is one long mess consisting of junk words. There is no custom rule category allowing me to set something similar to: if SubjectLine has word with length >20 Junk It.. Until Apple catc