LDAP on WebLogic

Similar Messages

• URGENT : Add & Retrieve properties from Embedded LDAP in Weblogic 9.2

  I am using Embedded LDAP WebLogic 9.2 and i followed the steps mentioned in the URL below.I have nt changed anything except Server URL which points to localhost:7001.
  http://e-docs.bea.com/wlp/docs92/users/appendixa.html#wp1055363
  Questions:
  1)How to add additional attributes to embedded LDAP? (eg email, phone etc).
  2)How to read those properties from embedded LDAP using WebLogic Portal API? Any code samples?
  Any help is appreaciated.

  this problem is due to hard-coded user/pwd in installation scripts. Here are steps
  1) open file AIA_HOME/Infrastructure/install/wlscripts/FPWLCommonConfig.xml
  2) reach to target CreateStartupClasses
  3) there are three java tasks for com.oracle.oems.weblogic.AQJMSPasswordUtility
  4) in the task for oraesb, password is hardcoded as 'oraesb' in clear text.
  5) this should be password of 'ORAESB' database user.
  6) change this password value; and restart the installation.
  Regards,
  Vaibhav

• Load balancing and failover in Embedded LDAP in weblogic

  How to handle load balancing and failover in Embedded LDAP in weblogic server?

  You should consider posting this to the Weblogic and/or LDAP support forums. This forum is meant for Sun Web Server questions.
  Thanks
  Manish

• How to create Users/Roles for ldap in weblogic without using admin console

  Is it possible to create Users/Roles for ldap in weblogic without using admin console? if possible what are the files i need to modify in DefaultDomain?
  or is there any ant script for creating USers/Roles?
  Regards,
  Raghu.
  Edited by: user9942600 on Jul 2, 2009 1:00 AM
  Edited by: user9942600 on Jul 2, 2009 1:58 AM

  Hi..
  You can use wlst or jmx to perform all security config etc.. same as if it were perfomred from the admin console..
  .e.g. wlst create user
  ..after connecting to admin server
  serverConfig()
  cd("/SecurityConfiguration/your_domain_name/Realms/myrealm/AuthenticationProviders/DefaultAuthenticator")
  cmo.createUser("userName","Password","UserDesc")
  ..for adding/configuring a role
  cd("/SecurityConfiguration/your_domain_name/Realms/myrealm/RoleMappers/XACMLRoleMapper")
  cmo.createRole('','roleName', 'userName')
  ...see the mbean docs for all the different attributes, operations etc..
  ..Mark.

• How to use Domino LDAP in WebLogic Portal 8.1?

  Hi, all
  I'm trying to solve the problem of how to use Domino LDAP in WebLogic Portal 8.1. Anybody who have this experience please help me.
  Best Regards,
  Sean

  Hi,
  I just spoke to BEA and domino LDAP not supported although they gave me these
  LDAP filters that might help -
  http://support.bea.com/application?namespace=askbea&origin=ask_bea_answer.jsp&event=link.view_answer_page_solution&answerpage=solution&page=wls/S-09460.htm
  Sean Lin <[email protected]> wrote:
  Hi, all
  I'm trying to solve the problem of how to use Domino LDAP in WebLogic
  Portal 8.1. Anybody who have this experience please help me.
  Best Regards,
  Sean

• How we connect OPEN LDAP to weblogic server

  Hi All,
  How we connect OPEN LDAP to weblogic server

  There are several blogs for how you set up Open LDAP as a security provider:
  http://biemond.blogspot.com/2008/10/using-openldap-as-security-provider-in.html
  http://blogs.oracle.com/jamesbayer/2007/08/using_openldap_with_weblogic_s.html

• How to authenticate CXF-Webservice against external LDAP in WebLogic?

  Hi there,
  I'm trying to integrate our Camel-application into WebLogic 12c. All the incoming endpoints are CXF-based webservices. These are secured by "UsernameToken Timestamp" with the WSS4JInInterceptor configured like this:
  <bean id="wss4jInInterceptor" class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor">
            <constructor-arg>
                 <map>
                      <entry key="action" value="UsernameToken Timestamp" />
                      <entry key="passwordType" value="PasswordDigest" />
                      <entry key="passwordCallbackClass"
                           value="de.mycompany.camel.cxf.UserTokenCallbackHandler" />
                 </map>
            </constructor-arg>     
  </bean>
  My problem is: WSS4JInInterceptor expects the UserTokenCallbackHandler to return the password of the user delivered in the header <wsse:Username>. Is there any way to retrieve this from an external LDAP configured in WebLogic? I've already managed to retrieve the users, groups etc with JMX (javax.management.MBeanServerConnection and weblogic.security.providers.authentication.LDAPAuthenticatorMBean), but I can't figure out how to authenticate the user against the LDAP, i. e. retrieve the password.
  Or am I heading in a completely wrong direction and this is not the way to achieve authentication for CXF-Webservices in WebLogic?
  Please give me a hint (code-snippets preferred ;-) ) how to solve this.
  Regards,
  Frank

  I have run into the exact same situation ? Did you ever get around this ? If so, how ? Please let me know.

• LDAP in weblogic server

  I am new to weblogic server. l want to know about ldap, why it is used?. is it possible to configure ldap with security realms?. I want to know the procedure.

  Shows an example for the OID (LDAP) - http://middlewaremagic.com/weblogic/?p=7527

• LDAP in weblogic. Need additional GROUP from External Table

  I have the LDAP authentication in weblogic & I need to get the GROUP information from external table also since I have some more groups in table apart from LDAP groups.So how can I get that.
  I tried using GROUP variable in RPD but it didn't work.
  Please let me know if anyone has faced this issue in OBIEE11g

  HI,
  As per my knowledge OBIEE user should be authenticated from only one source. it should be either database authetication or LDAP authentication. we cant associate multiple initilization blocks for single system variable USER. so you should convey client to insert groups/users in LDAP.
  I hope this help you and understand it.
  Thanks
  Jay.

• Iplanet LDAP with Weblogic

  Hello All,
  I forgot the subject line. I'm trying to set up iPlanet Directory 4.1 with
  WebLogic 5.1 Sp3 on Solaris7. Weblogic will see the users I specify
  (username,groupname) but not
  the group, additionally it will allow you to login if you know the
  username and anypassword. I get the following error when loading the
  http://localhost:port/AdminRealm. I've gone through the LDAP
  properties file a million times. Lastly, now it does a core - dump
  while trying to start.
  Please help.
  Richard
  ################# Begin Error ###############################3
  java.lang.NullPointerException
  at weblogic.security.ldaprealm.LDAPDelegate.magicBunny(Compiled Code)
  at weblogic.security.ldaprealm.LDAPDelegate.addGroupMember
  (Compiled Code)
  at weblogic.security.ldaprealm.LDAPDelegate.getGroupMembers
  (Compiled Code)
  at weblogic.security.ldaprealm.LDAPDelegate.getGroupMembers
  (LDAPDelegate.java:518)
  at weblogic.security.ldaprealm.LDAPRealm.getGroupMembersInternal
  (LDAPRealm.java:81)
  at weblogic.security.acl.AbstractListableRealm.getGroupMembers
  (AbstractListableRealm.java:302)
  at weblogic.security.acl.FlatGroup.ensureFreshness
  (FlatGroup.java:149)
  at weblogic.security.acl.FlatGroup.members(FlatGroup.java:236)
  at admin.AdminRealm.composePage(Compiled Code)
  at admin.AdminServlet.service(AdminServlet.java:257)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:865) at
  weblogic.servlet.internal.ServletStubImpl.invokeServlet
  (ServletStubImpl.java:123)
  at weblogic.servlet.internal.ServletContextImpl.invokeServlet
  (ServletContextImpl.java:744)
  at weblogic.servlet.internal.ServletContextImpl.invokeServlet
  (ServletContextImpl.java:692)
  at weblogic.servlet.internal.ServletContextManager.invokeServlet
  (ServletContextManager.java:251)
  at weblogic.socket.MuxableSocketHTTP.invokeServlet
  (MuxableSocketHTTP.java:363)
  at weblogic.socket.MuxableSocketHTTP.execute
  (MuxableSocketHTTP.java:263)
  at weblogic.kernel.ExecuteThread.run(Compiled Code)

  I have the same requirement too. I have been looking at many sources and havent
  come across any that mentions anything related to this. If you come across anything
  please do let me know.
  Regards
  Vijay
  "Licheng" <[email protected]> wrote:
  >
  I also face the similar problem. In our case, one of the business requirements
  for the authentication process is that when a user is authenticated,
  but his password
  expires, the system should force the user to change password.
  With JAAS and WebLogic 7.0, I don't know the standard or "preferred"
  approach
  to this problem
  regards
  Licheng

• Domino ldap and weblogic server 6.1

  Hi,
  I am trying to use domino ldap for authentication in weblogic server 6.1
  I configured a custom ldap realm.
  But the users were not listed from domino ldap and authentication also failed.
  Can anybody help me?
  Thanx in advance.
  - prabha.

  at the moment it is possible for me to work, though. i worked around the
  problem and i set web.xml as a read only file. i still can't use wizards to
  create servlets and i can't edit web.xml with jbuilder.

• Embedded LDAP on Weblogic Server

  Hi Everyone
  i'm currently using the embedded LDAP available in Weblogic for Security for SOA 11g
  The users are getting updated on the system-jazn.xml file.But i dont know where the email information is getting stored. Does anyone know where it is stored.
  Is there way i would download the users,roles and user properties from the embedded LDAP.
  Regards
  Sabir

  Hi Sabir
  1. By default, as far as I know, from pure WLS point of view, we can create new users with just username and password like from WLS Admin Console.
  2. I am not much familiar with "The users are getting updated on the system-jazn.xml file". Is this like External Authentication Provider that you configured with WLS.
  3. For example, WLS can be configured with any External LDAP sources that has full User Profile and username and password etc. Then for say Weblogic Portal Applications, we have some procedure, to view the entire profile. Even for out of box Embedded LDAP in case of Weblogic Portal Appliations only we can View/Edit the full User Profile from something called Portal Admin Console. But this is all specific to Weblogic Portal Applications only.
  If you can give more details on this "system-jazn.xml" file, we can look into it. But when it comes to core WLS, all you can do, configure it with any External Security Provider from Weblogic Console. And additionally create your own custom Authentication Provider. Coming to Profile, I know for Weblogic Portal Applications deployed on this WLS + portal modules, we can View/Edit full Profile.
  HTH
  Ravi Jegga

• Issue while integrating external LDAP with weblogic

  Hi,
  i am trying integrating external LDAP (OpenLdap) with weblogic 10.3. I created a provider and provided required credentials and able to see users and group of the LDAP into the weblogic console. I am also able to login in the weblogic console with the users available in the LDAP after assigning the admin role to the ldap group. But i when i see the user's property (by clicking on the user in the admin console) it only shows the tabs for General, Password and Group only. on the other hand if i see the users from DefaultAuthenticator, it shows the Attribute tab apart from the General, Password and Group.
  Can anyone let me knwo how can we get the Attribute tab for the Ldap users.
  thx,
  Ajay

  Hi Ajay
  By default Weblogic has READ ONLY adapters for any External Security Providers that are configured like any AD Providers. READ ONLY means, you can only read the data from the ldap but not modify it, hence may be its not showing the Attributes tag. For Default Authenticator, see the first paragraph note in Attributes tab, that says the same thing. NOW, may be WLS can atleast show Attributes in READ only format, but it needs some sort of mappings to be defined. Say on Weblogic side, we have like firstName, lastName which on any typical AD will be like sn (surname = lastname), givenname (firstname) etc etc. This mapping is tough to generalize.
  One thing for sure is, from Weblogic you cannot modify or edit any attributes for any user in external AD. If you really want to get those attributes, you may need to use some javax.ldap apis or some 3rd party ready to use tools/apis. I remember Weblogic Portal has a facility to configure a xml file that defines attributes mapping and get all attributes for any user. But again thats in Weblogic Portal product and not part of weblogic server.
  If you have any SOA Software, they have some utilities for the same.
  Thanks
  Ravi Jegga

• JNDI, LDAP, and Weblogic 6.0

  Hi-
  We are encountering an issue with JNDI and spurious "socket closed"
  exceptions. The players in our environment are Weblogic 6.0, Netscape
  Directory Server 4.1, (both running on Solaris 2.8) and JNDI as of JDK 1.3.
  We do JNDI lookups to connect to LDAP and most of the time everything works
  fine. Occasionally we get the following exception.
  java.lang.NullPointerException
  at com.sun.jndi.ldap.Connection.run(Connection.java:568)
  at java.lang.Thread.run(Thread.java:484)
  Exception encountered: Socket closed
  javax.naming.CommunicationException: Socket closed. Root exception is
  java.net.SocketException: Socket closed
  at java.net.SocketOutputStream.socketWrite(Native Method)
  at java.net.SocketOutputStream.write(SocketOutputStream.java:83)
  at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:72)
  at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:130)
  at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:210)
  at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:497)
  at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1720)
  at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1584)
  at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1509)
  at
  com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.ja
  va:371)
  at
  com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeD
  irContext.java:331)
  at
  com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeD
  irContext.java:316)
  at
  javax.naming.directory.InitialDirContext.search(InitialDirContext.java:241)
  at adpsis.posse.ldap.LDAPReader.find(LDAPReader.java:37)
  at adpsis.posse.prfpos.PreferencesEJB.getUserName(PreferencesEJB.java:589)
  at
  adpsis.posse.prfpos.PreferencesEJB.getColorAttributes(PreferencesEJB.java:39
  1)
  at
  adpsis.posse.prfpos.PreferencesEJB.getColorPreferences(PreferencesEJB.java:3
  02)
  at
  adpsis.posse.prfpos.PreferencesEJBImpl.getColorPreferences(PreferencesEJBImp
  l.java:250)
  at
  adpsis.posse.prfpos.PreferencesEJBEOImpl.getColorPreferences(PreferencesEJBE
  OImpl.java:287)
  at
  adpsis.posse.prfpos.PreferencesEJBEOImpl_WLSkel.invoke(PreferencesEJBEOImpl_
  WLSkel.java:116)
  at
  weblogic.rmi.internal.BasicServerAdapter.invoke(BasicServerAdapter.java:373)
  at
  weblogic.rmi.cluster.ReplicaAwareServerRef.invoke(ReplicaAwareServerRef.java
  :128)
  at
  weblogic.rmi.internal.BasicServerAdapter.invoke(BasicServerAdapter.java:237)
  at
  weblogic.rmi.internal.BasicRequestHandler.handleRequest(BasicRequestHandler.
  java:118)
  at
  weblogic.rmi.internal.BasicRequestDispatcher.dispatch(BasicRequestDispatcher
  .java:115)
  at weblogic.rmi.internal.ServerRequest.sendOneWayRaw(ServerRequest.java:88)
  at weblogic.rmi.internal.ServerRequest.sendReceive(ServerRequest.java:108)
  at
  weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteRef.java
  :247)
  at
  weblogic.rmi.cluster.ReplicaAwareRemoteRef.invoke(ReplicaAwareRemoteRef.java
  :225)
  at
  adpsis.posse.prfpos.PreferencesEJBEOImpl_WLStub.getColorPreferences(Preferen
  cesEJBEOImpl_WLStub.java:221)
  at adpsis.posse.transformer.CSSServlet.doPost(CSSServlet.java:86)
  at adpsis.posse.transformer.CSSServlet.doGet(CSSServlet.java:214)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:748)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
  at
  weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
  :213)
  at
  weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletCo
  ntext.java:1265)
  at
  weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java
  :1631)
  at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:137)
  at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
  The only way to recover is to restart the Weblogic server. The LDAP server
  appears to be running normally and continues to service other instances of
  Weblogic. No errors are logged in the LDAP server, the JNDI lookup that
  establishes the DirContext works fine on restart and is used multiple times
  with no issues until..poof..socket closed. I'm not certain which part is at
  issue, Weblogic, LDAP, or JNDI.
  Any ideas?
  Regards,
  Brett Schmoll
  ADP/SIS

  WLS 6.0 will be supported in the next release of WLCS, which is due in the
  spring.
  - Ginny
  "aamerG" <[email protected]> wrote in message
  news:3a5cb774$[email protected]..
  Hi everyone,
  we are starting a new development project and would like to use Weblogic
  6.0. How soon do you think there we be a version of WLCS which works with
  6.0.
  TIA

• Hooking LDAP with Weblogic for Authentication

  I have a lot of users in an LDAP-Directory and I would like to map this directory to a Website on my Weblogic instance.
  Now, I've added LDAP into my Security Realm in Weblogic, what do i add to the web.xml ? Is this sufficient?
  Do I need to change anyting else in my Weblogic configuration than adding OpenLDAP Support in Authentication?
  Thanks!

  HI Tim,
  Yes LDAP can be used trough SAP BP CMS (BO authentication).
  That's means all the users has to be imported into CMS and after that BPC is using for authentication BO certificate to authenticate to CMS.
  So you have also SSO.
  You don't need Active directory in this case.
  Any way BPC is still working also with Microsoft Active directory without CMS but you have to decide what kind of authentication satisfy better customer requirements.
  You can use or Microsoft Active Directory or CMS but you cannot use both in the same time.
  Kind Regards
  Sorin Radulescu