LDAP security authentication in weblogic sp4 (URGENT)

Similar Messages

• Weblogic security authentication; question to interact with the realm

  Hi, I have a quick question about weblogic security authentication....
  We are using weblogic 81sp3. We have user-group info in an Novell eDirectory LDAP server.
  Currently, a Novell Authenticator provider is configured under : Security > Realms > myRealm > Providers > Authentication This tells Weblogic from where to get the user and groups. Weblogic caches this information of the logged on users for certain time ( example : 60 secs ) after which it cleans the cache for all inactive users. We want to interact with the Weblogic cache. Add more user profile information to this cache and use it in our application .
  Does somebody know how to programmatically interact with Weblogic user-group cache - read , write , update and delete user-group info in cache and control time to live for the cache ?

  already checked
  TTLCache class which weblogic provides. But they seem to depracetd it
  help ?

• Security Authentication in LDAP

  Hi Chris/Raj/All,
  We have one more generic issue. Please help us if possible.
  I am connecting to LDAP Server(Microsoft ADS) from my weblogic workshop 8.1.We are using DirContext and InitialDirContext(java api) Through the java program I am able to connect to the port 389 by means of simple security authentication.
  Our requirement is for SSL security authentication ie to connect ot port 636.
  From our side we have done the following
  1.We have installed the public certicate in the jre environment(lib/security in both the cacerts and jssecacerts)
  2.We have also installed the cetificate in the ADS Server and enabled the SSL.
  When we try to connect to port 636 with simple authentication we get Communication Exception
  When we try to connect to port 636 with ssl authentication we get AuthenticationNotSupportedException
  We also would like to know whether there is any Authentication Process like password encryption and so on.... to be followed.
  Thanks & Regards,
  Christoper.

  Hi Christoper,
  Based on your description, this seems to be more of a security related question than a workshop one.
  Please post to the security newsgroup at http://forums.bea.com/bea/category.jspa?categoryID=2011
  with information on service pack installed
  Thanks
  Raj

• LDAP groups and WebLogic Roles - Urgent ( weblogic 6.1 sp1, iPLanet 5.1)

  I have 2 questions and these are very urgent :-
  1. Where the mapping can be defined between LDAP groups and WebLogic Roles. I have
  2 groups in iPLanet :- Contarctors and employees and I have 2 security roles in weblogic:-
  contractactors and employess. How do I map LDAP group contractors to weblogic security
  Role contractors? Similarly for employees ?
  2. I have not defined contarctors and employeees under People container in IPlanet.
  e.g. The RDN for contractor is
  uid=1234,ou=dir,dc=orams,dc=com
  Can I still use the defualt security realm of weblogic (the WebLogic Security Realm
  under People ) OR I have to write my own custom code ?
  3. I am planning to use Roles insetad of groups to manage the logical grouping in
  iPLant. Can I still use the groups in WebLogic security realm ( in the configuratin
  parameters ?)
  This is very urgent ....so if any of you can throw any hints that will be greatly
  appreciated.
  --Sunita

  Hi Ariel,
  The driver is bundled with the product in WLS 6.1sp1. you don't have to
  download any additional driver. Use it as you normally would only thing to
  remember is if you are trying to write standalone java code then you have to
  have weblogic.jar in your classpath. For the rest of the info follow the wls
  docs for 6.1
  HTH
  sree
  "Ariel" <[email protected]> wrote in message
  news:3bb4a643$[email protected]..
  We want to connect our Weblogic 6.1 sp1 server to a SQLServer 2000 db. We
  downloaded the JDriver from bea.com, but all the istructions that camewith
  it are for WLserver 5.1.
  What has to be done to do this with 6.1 sp1?
  Thanks,
  Ariel

• LDAP security provider and web service authentication

  Background: we are currently developing web services to our existing weblogic application. Our users can configure user/password authentication in one of three ways: database, LDAP, or SSO. Setting SSO aside, we need to implement the same authentication for database and LDAP that we use in our existing logon servlet in our web services. In our servlet we detect which they are configured for and, if database, authenticate the encrypted password to a database table we have for user id/password. If LDAP we use weblogic.servlet.security.ServletAuthentication and the weak() method to authenticate.
  We've to use SOAP headers to communicate username/password from the client to the web service. We want to code a SOAP message handler to grab the username/password and do the authentication there. We've successfully put something together that handles the database authentication no problem and are now struggling with how to handle the LDAP authentication. We distribute a LDAP security provider we've coded for LDAP authentication. I guess what I am looking for is an equivalent functionality provided with weblogic.servlet.security.ServletAuthentication. Note that I realize the weblogic.servlet.security package has been deprecated starting with Weblogic 9.0 but cannot find what functionality replaces it. Any help there would be appreciated as well.
  Note that I am fairly new to web service development (about 10 months now) and definitely new to web service security and Weblogic security. I tried digging into the volumes of documentation out there regarding these two topics but am simply having a difficult time sorting it all out and figuring out how to do what I want to do.
  Thanks in advance!
  Julia

  Hi,
  Add Provider (LDAP Credentials) in Admin console Security Realm --> defaultrealm -->Providers. Configuring Ldap in Admin Console will enable Admin Server to connect to LDAP. All the LDAP preconfigured Users/Groups will be available in Users and Groups Tab of Security Realms >defaultrealm >Users and Groups. Add Roles using Security Realms >defaultrealm > Roles and Policies > Global Roles > Roles. Add Role Conditions to the role by specifying users/groups configured in LDAP. If your webservice runs with SSL Anotate the Webservice file something like this below.
  @RolesAllowed({
  @SecurityRole(role="test")
  @Policy(
  uri="policy:Wssp1.2-2007-Https-UsernameToken-Plain.xml",
  attachToWsdl=true)
  Here the role is Preconfigired role in AdminConsole. Add the following tag in the soapenv:header.
  <soapenv:Header>
  <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
  <wsse:UsernameToken>
  <wsse:Username>test</wsse:Username>
  <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password>
  </wsse:UsernameToken>
  </wsse:Security>
  </soapenv:Header>

• Authentication in weblogic portal server 8.1 sp2 using external LDAP

  Hi,
  I am trying to use external LDAP for authentication.
  I have configured the ActiveDirectoryAuthenticator giving the necessary
  values
  ( and added
  "-Dcom.bea.p13n.usermgmt.AuthenticationProviderName=ActiveDirectoryAuthentic
  ator" in startWeblgoic.cmd )
  and can see the users and the groups from my LDAP provider in the admin
  console and in the admin portal's "users and groups".
  A set of users are given permission to access the restricted site and those
  users are visible in the global role with the permission.
  The web.xml is configured for BASIC auth-method, and the role is
  <externally-defined/> in weblogic.xml.
  Now when I access a restricted page, I am shown a dialog prompt to key in
  the username and password.
  Even when I key in the valid credentials, the restricted page is not shown
  and an "Unauthorized xxx" 401 access error is thrown.
  Any clue, on what i am missing.?
  Please let me know if any suggestion / idea.
  Regards,
  Arun.

  Assuming your application is a WebLogic Portal application, then yes you would definitely need to install WLP 8.1. WLP version 8.1 is the only version of WLP that will run on WLS/WLW version 8.1.
  In order to obtain the product installer, you'll need to contact Oracle Support and file a request. It is not available for download from any Oracle public site. Only version 10.3 is available for download.
  Brad

• Setting up LDAP for authentication to portal:default property set named "ldap

  Hi
  I am trying to implement the LDAP authentication to WebLogic Portal .Iam went
  thru the docmentation ( http://edocs.bea.com/wlp/docs40/p13ndev/users.htm#1131824).It
  mentions using the default property set named "ldap" and deploying ldapprofile.jar.My
  quenstion is:
  -Is there a way to look into the property using EBCC
  - Apart from deploying,configuring the ldapprofile.jar,do I have to do any additional
  steps in order to make my portal(say,stockportal) authenticate users from LDAP?
  -If a create my own portal,should I create a similar "ldap" property set?If so,how.
  Any suggestions/help is appreciated.Thanks
  - Mike

  Thanks Dave.
  "David Anderson" <[email protected]> wrote:
  You should be able to view the property set for LDAP through the EBCC
  if you
  have the propertysetws.jar installed in your Portal domain. This provides
  the ability for the EBCC to retrieve property set information from your
  server.
  Dave
  "mike" <[email protected]> wrote in message
  news:[email protected]...
  Hi Adrian
  Thank you for the pointers.Much appreciate it.However,one questionstill
  persists.
  What is the significance of the property set "ldap" mentioned in the
  document(http://edocs.bea.com/wlp/docs40/p13ndev/users.htm#1131824).Where
  does this property set feature vis-a-vis setting up LDAP securityrealm;does it
  mater prior to/after the setting up as mentioned in the document pointeryou just
  gave .
  Is it sufficinet that i follow the procedure to set up the LDAP oris
  there more
  to post setting,like creating a property set (similar to "ldap" orcloning
  it)
  apaprt frpom deploying ldapprofile.jar.
  Thanks.
  - Mike
  "Adrian Fletcher" <[email protected]> wrote:
  Mike,
  The documentation that covers LDAP authentication is listed under
  Weblogic
  Server rather than Weblogic Portal.
  See Configuring the LDAP Security Realm in Managing Security
  (http://e-docs.bea.com/wls/docs61////adminguide/cnfgsec.html#1071872)
  Also take a look at the FAQ - Why can't I boot WebLogic Server whenusing
  the LDAP Security Realm?
  (http://e-docs.bea.com/wls/docs61//faq/security.html#25833)
  Hope this helps,
  Sincerely,
  Adrian.
  Adrian Fletcher.
  Senior Software Engineer,
  BEA Systems, Inc.
  Boulder, CO.
  email: [email protected]
  "mike" <[email protected]> wrote in message
  news:[email protected]...
  Hi
  I am trying to implement the LDAP authentication to WebLogic Portal.Iam
  went
  thru the docmentation
  http://edocs.bea.com/wlp/docs40/p13ndev/users.htm#1131824).It
  mentions using the default property set named "ldap" and deployingldapprofile.jar.My
  quenstion is:
  -Is there a way to look into the property using EBCC
  - Apart from deploying,configuring the ldapprofile.jar,do I have
  to
  do any
  additional
  steps in order to make my portal(say,stockportal) authenticate usersfrom
  LDAP?
  -If a create my own portal,should I create a similar "ldap" propertyset?If so,how.
  Any suggestions/help is appreciated.Thanks
  - Mike

• Active Directory Authentication in Weblogic 8.1

  Hi,
  We want to do authentication from Microsoft Active Directory using weblogic 8.1.
  I have created a Active directory and
  configured weblogic from console to use it. But it is still not working. Your
  help with these question would be highly
  appreciated.
  1. Is there anyone in group who have tried this before. Please let me know how
  to proceed.
  2. Is there any tool by which I can get to know the different attribute asked
  for configuration in Weblogic?
  3. I am not able to login to my application after configuration. Is there any
  other way to come to know whether it is working
  or not?
  There could be plethora of reason but nothing which can come to my mind. Everything
  seems to be configured correctly. Here is
  portion of my config.xml related with authentication:
  <FileRealm Name="wl_default_file_realm"/>
  <PasswordPolicy Name="wl_default_password_policy"/>
  <Realm FileRealm="wl_default_file_realm" Name="wl_default_realm"/>
  <Security GuestDisabled="false" Name="vendavo-dev"
  PasswordPolicy="wl_default_password_policy"
  Realm="wl_default_realm" RealmSetup="true">
  <weblogic.security.providers.authentication.DefaultAuthenticator
  ControlFlag="SUFFICIENT"
  Name="Security:Name=myrealmDefaultAuthenticator" Realm="Security:Name=myrealm"/>
  <weblogic.security.providers.authentication.DefaultIdentityAsserter
  ActiveTypes="AuthenticatedUser"
  Name="Security:Name=myrealmDefaultIdentityAsserter" Realm="Security:Name=myrealm"/>
  <weblogic.security.providers.authorization.DefaultRoleMapper
  Name="Security:Name=myrealmDefaultRoleMapper" Realm="Security:Name=myrealm"/>
  <weblogic.security.providers.authorization.DefaultAuthorizer
  Name="Security:Name=myrealmDefaultAuthorizer" Realm="Security:Name=myrealm"/>
  <weblogic.security.providers.authorization.DefaultAdjudicator
  Name="Security:Name=myrealmDefaultAdjudicator" Realm="Security:Name=myrealm"/>
  <weblogic.security.providers.credentials.DefaultCredentialMapper
  Name="Security:Name=myrealmDefaultCredentialMapper" Realm="Security:Name=myrealm"/>
  <weblogic.management.security.authentication.UserLockoutManager
  Name="Security:Name=myrealmUserLockoutManager" Realm="Security:Name=myrealm"/>
  <weblogic.management.security.Realm
  Adjudicator="Security:Name=myrealmDefaultAdjudicator"
  AuthenticationProviders="Security:Name=myrealmDefaultAuthenticator|Security:Name=myrealmDefaultIdentityAsserter|Security:Name
  =myrealmADAuthenticator"
  Authorizers="Security:Name=myrealmDefaultAuthorizer"
  CredentialMappers="Security:Name=myrealmDefaultCredentialMapper"
  DefaultRealm="true" DisplayName="myrealm"
  Name="Security:Name=myrealm"
  RoleMappers="Security:Name=myrealmDefaultRoleMapper"
  UserLockoutManager="Security:Name=myrealmUserLockoutManager"/>
  <weblogic.security.providers.pk.DefaultKeyStore
  Name="Security:Name=myrealmDefaultKeyStore" Realm="Security:Name=myrealm"/>
  <weblogic.security.providers.authentication.ActiveDirectoryAuthenticator
  ControlFlag="SUFFICIENT" Credential="{3DES}hvEo4sy7g1E="
  DisplayName="ADAuthenticator" FollowReferrals="false"
  GroupBaseDN="ou=ou=Groups,dc=devdc,dc=com" Host="venper5"
  Name="Security:Name=myrealmADAuthenticator"
  Principal="vendev" Realm="Security:Name=myrealm" UserBaseDN="ou=Users,dc=devdc,dc=com"/>
  </Security>
  First, of all is it possible to use Active Directory authentication in Weblogic
  without writing any custom code. If yes, how?
  Thanks in advance,
  Amit Tyagi

  Amit,
  We have successfully used WLS 8.1 sp1 with AD - but not without our share of ups
  and downs though.
  |
  |
  1) First, make sure you are sending right LDAP queries to AD. To verify this,
  we used free 3rd party LDAP browser from Softerra. There is also java based free
  browser from Univ of Michigan. Personally, I like Softerra's LDAP browser better.
  Play with your LDAP settings using this and make sure AD is returning the right
  data.
  |
  2) AD has some default settings that makes it return only the top 1000 users.
  Use ntdsutil.exe to modify these default settings
  |
  3) AD needs to have the right set of users and groups. To configure this, refer
  to WLS docs. This is very well documented in WLS docs. Also refer to this article
  http://dev2dev.bea.com/products/wlportal/whitepapers/wlp70_MSADS.jsp as additional
  reference
  |
  4) Also, there are some bugs with 8.1 portal sp1 and AD. It cannot take more than
  one Authentication provider. sp2 is supposed to have fixed it. For sp1 we used
  another product AD/AM (AD in Application Mode) in combination with MIIS server.
  But if you are using sp2, you shouldn't be worry about this.
  |
  5) In your providers, you might want to get rid of the DefaultAuthentication provider,
  once you are able to establish a connection with your ActiveDirectoryAuthentication
  provider. The DefaultAuthentication provider causes some problems and does not
  let ActiveDirectoryAuthentication provider to behave properly. We haven't fully
  investgated the root of this prob. When we deleted DefaultAuthentication provider,
  everything worked normally - so we didn't really care that much :-)
  |
  6) Make sure you have your JAAS options set to OPTIONAL initially and make sure
  your are able to authenticate talk to your AD.
  |
  These are the ones I could think of. Hope this helps..
  Regards,
  Anant
  "Amit" <[email protected]> wrote:
  >
  Hi,
  We want to do authentication from Microsoft Active Directory using weblogic
  8.1.
  I have created a Active directory and
  configured weblogic from console to use it. But it is still not working.
  Your
  help with these question would be highly
  appreciated.
  1. Is there anyone in group who have tried this before. Please let me
  know how
  to proceed.
  2. Is there any tool by which I can get to know the different attribute
  asked
  for configuration in Weblogic?
  3. I am not able to login to my application after configuration. Is there
  any
  other way to come to know whether it is working
  or not?
  There could be plethora of reason but nothing which can come to my mind.
  Everything
  seems to be configured correctly. Here is
  portion of my config.xml related with authentication:
  <FileRealm Name="wl_default_file_realm"/>
  <PasswordPolicy Name="wl_default_password_policy"/>
  <Realm FileRealm="wl_default_file_realm" Name="wl_default_realm"/>
  <Security GuestDisabled="false" Name="vendavo-dev"
  PasswordPolicy="wl_default_password_policy"
  Realm="wl_default_realm" RealmSetup="true">
  <weblogic.security.providers.authentication.DefaultAuthenticator
  ControlFlag="SUFFICIENT"
  Name="Security:Name=myrealmDefaultAuthenticator" Realm="Security:Name=myrealm"/>
  <weblogic.security.providers.authentication.DefaultIdentityAsserter
  ActiveTypes="AuthenticatedUser"
  Name="Security:Name=myrealmDefaultIdentityAsserter" Realm="Security:Name=myrealm"/>
  <weblogic.security.providers.authorization.DefaultRoleMapper
  Name="Security:Name=myrealmDefaultRoleMapper" Realm="Security:Name=myrealm"/>
  <weblogic.security.providers.authorization.DefaultAuthorizer
  Name="Security:Name=myrealmDefaultAuthorizer" Realm="Security:Name=myrealm"/>
  <weblogic.security.providers.authorization.DefaultAdjudicator
  Name="Security:Name=myrealmDefaultAdjudicator" Realm="Security:Name=myrealm"/>
  <weblogic.security.providers.credentials.DefaultCredentialMapper
  Name="Security:Name=myrealmDefaultCredentialMapper" Realm="Security:Name=myrealm"/>
  <weblogic.management.security.authentication.UserLockoutManager
  Name="Security:Name=myrealmUserLockoutManager" Realm="Security:Name=myrealm"/>
  <weblogic.management.security.Realm
  Adjudicator="Security:Name=myrealmDefaultAdjudicator"
  AuthenticationProviders="Security:Name=myrealmDefaultAuthenticator|Security:Name=myrealmDefaultIdentityAsserter|Security:Name
  =myrealmADAuthenticator"
  Authorizers="Security:Name=myrealmDefaultAuthorizer"
  CredentialMappers="Security:Name=myrealmDefaultCredentialMapper"
  DefaultRealm="true" DisplayName="myrealm"
  Name="Security:Name=myrealm"
  RoleMappers="Security:Name=myrealmDefaultRoleMapper"
  UserLockoutManager="Security:Name=myrealmUserLockoutManager"/>
  <weblogic.security.providers.pk.DefaultKeyStore
  Name="Security:Name=myrealmDefaultKeyStore" Realm="Security:Name=myrealm"/>
  <weblogic.security.providers.authentication.ActiveDirectoryAuthenticator
  ControlFlag="SUFFICIENT" Credential="{3DES}hvEo4sy7g1E="
  DisplayName="ADAuthenticator" FollowReferrals="false"
  GroupBaseDN="ou=ou=Groups,dc=devdc,dc=com" Host="venper5"
  Name="Security:Name=myrealmADAuthenticator"
  Principal="vendev" Realm="Security:Name=myrealm" UserBaseDN="ou=Users,dc=devdc,dc=com"/>
  </Security>
  First, of all is it possible to use Active Directory authentication in
  Weblogic
  without writing any custom code. If yes, how?
  Thanks in advance,
  Amit Tyagi

• Internal error message configuring LDAP security options in CMC

  After entering LDAP security information in Central Management Console - option authentication, when clicking 'Finish' an error message appears: "internal error in secLdap complement".  How can I solve this problem ?

  Hi,
  Please check that whether you are following the proper steps while configuring the LDAP.
  You can refer the BusinessObjects Admin guide for the configuration:
  http://help.sap.com/businessobject/product_guides/boexir31/en/xi3-1_bip_admin_en.pdf
  And also, please check troubleshooting section for more information.
  Regards,
  Noor.

• Create , delete "security roles" in weblogic console - sample Security providers

  Hi Everyone:
  Weblogic gave out sample Security Providers for version 7.0 and 8.1. In
  those sample Security Provider , the author of codes used property files as
  Security Providers Database, however he/she didn't show how to create a
  Manageable Sample Role Mapping Provider or Manageable Sample Authentication
  Provider, so Administrator of weblogic console can create and delete
  "security roles" in weblogic console.
  Have anyone known how to do that?
  Ming Qin

  "ming qin" <[email protected]> wrote in message news:[email protected]..
  Hi Everyone:
  Weblogic gave out sample Security Providers for version 7.0 and 8.1.In
  those sample Security Provider , the author of codes used property filesas
  Security Providers Database, however he/she didn't show how to create a
  Manageable Sample Role Mapping Provider or Manageable SampleAuthentication
  Provider, so Administrator of weblogic console can create and delete
  "security roles" in weblogic console.
  Have anyone known how to do that?
  I would ask in the weblogic.developer.interest.management.console newsgroup.
  >
  Ming Qin

• Serious security bug in weblogic 6.0

  when I use jaas authenticated to weblogic server 6.0. everything is beatiful. but
  I easily bypass the jaas authentication and could login to weblogic server 6.0
  as anybody with any credential. Think about it, if I login as system and with
  wrong password, and I get in , and the caller will be system.
  If anyone inside weblogic team is interested in talking about it, please give
  me a email. I don't want to post the way how I did it right now

  This potential vulnerability has been confirmed and has been fixed in BEA WebLogic
  Server 6.0 Service Pack 1 (SP1). SP1 is currently available for download from
  the BEA Download Center at
  http://commerce.bea.com/downloads/weblogic_server.jsp#wls.
  BEA advises every Service Pack be applied as they are released. Service Packs
  include a roll up of all bug fixes for each version of the product, as well as
  each of the previously released Service Packs.
  BEA treats security issues with the highest degree of urgency and does everything
  possible to ensure the security of all customer assets. As a policy, if there
  are any security-related issues with any BEA product, BEA will distribute an advisory
  and instructions with the appropriate course of action.
  Because the security of your site, data, and code is
  our highest priority, we are committed to communicating all
  security-related issues clearly and openly.
  BEA has established a permission-based emailing list specifically
  targeted for product security advisories. As a policy, if a user has opted in
  to our emailing list and there are any security issues with the BEA product(s)
  he/she is using, BEA will distribute an advisory and instructions via email with
  the appropriate course of action.
  REPORTING SECURITY ISSUES
  For immediate attention, BEA has established an email address to which you can
  send reports of any possible security issues in BEA products.
  These reports should be sent to: [email protected]
  All correspondence to this address will be promptly reviewed and all necessary
  actions taken to ensure the continued security of all customer assets.
  SUBSCRIBE TO EMAIL ALERT
  You may subscribe to the permission-based emailing list to receive alerts of security
  advisories by registering with BEA at:
  http://contact.beasys.com/bea/www/securityelogin.jsp.
  Sincerely,
  Marc Bishop
  Security Product Manager
  BEA WebLogic Server

• LDAP Security Realm

  Using Weblogic 7.0 I have an LDAP security realm setup with the LDAP URL admins
  user name and password. I want to be able to interface this connection to access
  the LDAP and make changes to user information within in the ldap. Right now in
  my code I make a connection to the LDAP and supply the same user name and password
  set up in the LDAP security realm. I want to be able to rather then re-supply
  the URL and user name and password in my code I want to be able to just get that
  (or create a connection simil;ar to a jdbc connection pool) connection to the
  LDAP that configured in the Security Realm. Is this possible? And how would I
  go about it if so?
  Thanks
  Sjb

  the LDAPConnection pool which is used WLS Realm is not accessible to public
  for programming.
  thanks
  kiran
  "Sjb" <[email protected]> wrote in message
  news:3f5744c1$[email protected]..
  >
  Using Weblogic 7.0 I have an LDAP security realm setup with the LDAP URLadmins
  user name and password. I want to be able to interface this connection toaccess
  the LDAP and make changes to user information within in the ldap. Rightnow in
  my code I make a connection to the LDAP and supply the same user name andpassword
  set up in the LDAP security realm. I want to be able to rather thenre-supply
  the URL and user name and password in my code I want to be able to justget that
  (or create a connection simil;ar to a jdbc connection pool) connection tothe
  LDAP that configured in the Security Realm. Is this possible? And howwould I
  go about it if so?
  Thanks
  Sjb

• WLC connect LDAP for Authentication, but could not connect to server

  Hi Everyone, I got a problem when I use WLC 5508 connect to LDAP for authentication, but no luck there, it's a simple config, but not easy to work on my job, I got the following messgae:
  Service Port - Not connected
  Distrubution port include:
       Management Interface - in AP Management VLAN - 30
       Student AP interface - in Student VLAN - 20
       Staff AP interface - in Staff VLAN - 10
  AD is in Staff VLAN - 10
  WLC LDAP Server setting
  Base DN:OU=wws_ou,DC=ww,DC=yc,DC=com,DC=hk
  User Attribute: sAMAccountName
  User Object Type: Person
  Debug aaa all enable message
  *LDAP DB Task 1: Jul 09 01:40:58.969: ldapInitAndBind [1] called lcapi_init (rc = 0 - Success)
  *LDAP DB Task 1: Jul 09 01:41:00.969: ldapInitAndBind [1] configured Method Anonymous lcapi_bind (rc = 1005 - LDAP bind failed)
  *LDAP DB Task 1: Jul 09 01:41:00.969: ldapClose [1] called lcapi_close (rc = 0 - Success)
  *LDAP DB Task 1: Jul 09 01:41:00.969: LDAP server 1 changed state to IDLE
  *LDAP DB Task 1: Jul 09 01:41:00.969: LDAP server 1 changed state to RETRY
  *LDAP DB Task 1: Jul 09 01:41:00.969: LDAP_OPT_REFERRALS = -1
  WLC GUI Log:
  *LDAP DB Task 1: Jul 09 02:56:13.045: %AAA-3-LDAP_CONNECT_SERVER_FAILED: ldap_db.c:1038 Could not connect to LDAP server 1, reason: 1005 (LDAP bind failed).
  *LDAP DB Task 1: Jul 09 02:56:11.045: %AAA-3-LDAP_CONNECT_SERVER_FAILED: ldap_db.c:1038 Could not connect to LDAP server 1, reason: 1005 (LDAP bind failed).
  *LDAP DB Task 1: Jul 09 02:56:09.045: %AAA-3-LDAP_CONNECT_SERVER_FAILED: ldap_db.c:1038 Could not connect to LDAP server 1, reason: 1005 (LDAP bind failed).
  LDP Message of LDAP BaseDN:
  Expanding base 'CN=Frankie F. Yeung,OU=wws_ou,DC=ww,DC=yc,DC=com,DC=hk'...
  Result <0>: (null)
  Matched DNs:
  Getting 1 entries:
  >> Dn: CN=Frankie F. Yeung,OU=wws_ou,DC=ww,DC=yc,DC=com,DC=hk
  4> objectClass: top; person; organizationalPerson; user;
  1> cn: Frankie F. Yeung;
  1> sn: Yeung;
  1> givenName: Frankie;
  1> initials: F;
  1> distinguishedName: CN=Frankie F. Yeung,OU=OU=wws_ou,DC=ww,DC=yc,DC=com,DC=hk;
  1> instanceType: 0x4 = ( IT_WRITE );
  1> whenCreated: 8/10/2011 10:28:14 China Standard Time China Standard Time;
  1> whenChanged: 8/10/2011 10:31:26 China Standard Time China Standard Time;
  1> displayName: Frankie F. Yeung;
  1> uSNCreated: 3850555;
  1> uSNChanged: 3850571;
  1> name: Frankie F. Yeung;
  1> objectGUID: 6ebfc7e9-6989-4f11-bae7-62c23af67edc;
  1> userAccountControl: 0x10200 = ( UF_NORMAL_ACCOUNT | UF_DONT_EXPIRE_PASSWD );
  1> badPwdCount: 0;
  1> codePage: 0;
  1> countryCode: 0;
  1> badPasswordTime: 0;
  1> lastLogoff: 0;
  1> lastLogon: 0;
  1> pwdLastSet: <ldp error <0x0>: cannot format time field;
  1> primaryGroupID: 513;
  1> objectSid: S-1-5-21-3867848445-1581729766-1247451615-2172;
  1> accountExpires: <ldp error <0x0>: cannot format time field;
  1> logonCount: 0;
  1> sAMAccountName: fckyeung;
  1> sAMAccountType: 805306368;
  1> userPrincipalName: [email protected];
  1> objectCategory: CN=Person,CN=Schema,CN=Configuration,OU=wws_ou,DC=ww,DC=yc,DC=com,DC=hk;
  Hope I can resolve this problem ASAP, thanks!

  Your AD is in the Staff Vlan so maybe the WLC uses the Staff interface instead of management to contact the AD. I don't know how you sniffed exactly.
  The comment about eap methods you saw is when you use LDAP with dot1x security. It is the same as saying "You cannot do peap-mschapv2 or eap-fast-mschpv2 with LDAP".
  But you can do LDAP for web authentication, that has no eap methods.
  Your original problem was a binding problem from the WLC, so we can expect that the WLC really is sending traffic towards AD.

• How to disable authentication for weblogic server

  Hi expert,
  I have a web application deployed on weblogic server 12c. And I have a client which connects to the web application.  The client will authenticate with server with digest authentication (challenge\response). We use the default authentication in weblogic server and the authentication is done by weblogic server. And it works fine.
  However, I want to run a performance testing to replay all client requests including the requests for authentication. Since it's challenge/response authentication mechanism, the original requests can not pass authentication and weblogic server replies 401. I want to know is there any way to disable weblogic authentication so that the authentication passes when I replay my original request?
  Thanks very much!
  Regards,
  Yan

  You can disable the security of the application in the web.xml. Here there is a security-constraint configured that tells WebLogic what to do, for example,
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>All</web-resource-name>
  <url-pattern>/faces/*</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <role-name>MANAGER</role-name>
  <role-name>EMPLOYEE</role-name>
  </auth-constraint>
  <user-data-constraint>
  <transport-guarantee>NONE</transport-guarantee>
  </user-data-constraint>
  </security-constraint>
  If you put the security-constraint in comments, you can access the application, without authentication (note that the application itself probably uses the authentication in order to set certain things, so I do not if this is going to work).

• LDAP Web Authentication

  1. In WLC GUI, Security > AAA > LDAP, what other User Base DN / User Attribute / User Object Type syntax to use when you have 2 or more OU (not pertaining to sub-OUs)? aside from using the domail alone, ex: dc=cisco,dc=com
  2. Can OU be grouped in the active directory? then the WLC LDAP config will be pointing to the group created in the active directory?
  Reference in configuring LDAP Web Authentication:
  Web Authentication Using LDAP on Wireless LAN Controllers (WLCs) Configuration Example, Document ID: 108008
  Any help would be appreciated. Thank you in advance!

  LDAP with web authentication only shows up in 5.0 config guides and later.
  The 2006 only supports up to 4.2 software. I think this should answer your question :-) It's a no