Portal embedded LDAP
Folks,
Does anyone know what is the technical product used as embedded LDAP for WLP 8.1?
(doesn't appear clearly on install).
Does this directory remain open for external applications or is it totally hidden?
Arnaud,
The Embedded LDAP server is a modified version of the VDE product from
Octetstring
You should post questions about it to weblogic.developer.interest.security.
-Phil
"Arnaud" <[email protected]> wrote in message
news:3f85787b$[email protected]..
>
Folks,
Does anyone know what is the technical product used as embedded LDAP forWLP 8.1?
(doesn't appear clearly on install).
Does this directory remain open for external applications or is it totallyhidden?
Similar Messages
-
Portal 7 and embedded LDAP server
I searched for this on support but nothing much came up on Portal 7, so here
goes:
We're thinking of moving to LDAP for user authentication. LDAP 2 is
supported by the current Portal. What LDAP version is supported by the
embedded LDAP server that comes with WLS? Can I convert sooner or later?
Do I have to wait on something?
Should I put off putting my users into LDAP 2 (OpenLDAP) or wait and use the
embedded LDAP?
Thanks,
SteveTure,
Can use LDAP for UUP without using it for authentication/authorization? If so,
how, or at least can you kindly point to a document that descrips how?
Thanks
Ture Hoefner <[email protected]> wrote:
Hello Steve,
I think you may be confusing the LDAP v2 specification with the WLS
6.x, 7.x
V2 LdapRealm. The "V2" in "V2 LdapRealm" does not have anything to do
with the
LDAP v2 spec. It is just version 2 of the LdapRealm (
http://e-docs.bea.com/wls/docs70/secmanage/security6.html#1071872 )
Portal
doesn't really care which LDAP server you are using (and it works with
both the
original LdapRealm and the V2 LdapRealm).
When using Portal with LDAP, there are three things you can use it
for:
1) authentication/authorization, using WLS security framework, and/or
2) read-only Unified User Profile (UUP) via LdapPropertyManager in
ldapprofile.jar to get user properties from LDAP, and/or
3) read/write UUP via your own custom EntityPropertyManager to get/set
user
properties from LDAP.
If you are using LDAP for authentication/authorization, then just follow
instructions from WLS for configuring it. Your Portal app is a J2EE
app that
will use this service from your WLS app server.
If you are using LDAP for a UUP then it doesn't really matter which LDAP
server
you use, as long as it really follows the LDAP spec. Portal just uses
JNDI to
search for attributes in the LDAP server and provides them to you as
user
properties.
Steve Lewis wrote:
I searched for this on support but nothing much came up on Portal 7,so here
goes:
We're thinking of moving to LDAP for user authentication. LDAP 2 is
supported by the current Portal. What LDAP version is supported bythe
embedded LDAP server that comes with WLS? Can I convert sooner orlater?
Do I have to wait on something?
Should I put off putting my users into LDAP 2 (OpenLDAP) or wait anduse the
embedded LDAP?
Thanks,
Steve--
Ture Hoefner
BEA Systems, Inc.
4001 Discovery Drive
Suite 340
Boulder, CO 80303
www.bea.com -
Embedded LDAP configuration in Portal
Hi,
I am currently working on WL10.1MP1, and need to know the probable files involved in Embedded LDAP Configuration in the domain.
Can anyone let me know.
Regards
LakshmiHi Lakshmi,
Default configurations are part of config.xml, security.xml and ldif files in security folder and files in data/LDAP folder in Admin Server.
Vishnu -
URGENT : Add & Retrieve properties from Embedded LDAP in Weblogic 9.2
I am using Embedded LDAP WebLogic 9.2 and i followed the steps mentioned in the URL below.I have nt changed anything except Server URL which points to localhost:7001.
http://e-docs.bea.com/wlp/docs92/users/appendixa.html#wp1055363
Questions:
1)How to add additional attributes to embedded LDAP? (eg email, phone etc).
2)How to read those properties from embedded LDAP using WebLogic Portal API? Any code samples?
Any help is appreaciated.this problem is due to hard-coded user/pwd in installation scripts. Here are steps
1) open file AIA_HOME/Infrastructure/install/wlscripts/FPWLCommonConfig.xml
2) reach to target CreateStartupClasses
3) there are three java tasks for com.oracle.oems.weblogic.AQJMSPasswordUtility
4) in the task for oraesb, password is hardcoded as 'oraesb' in clear text.
5) this should be password of 'ORAESB' database user.
6) change this password value; and restart the installation.
Regards,
Vaibhav -
Urgent : How to create Manager and Reportee of a User in Embedded LDAP in W
Hi All,
I have created user in Weblogic Server Embdeed LDAP (Console-->SecurityRealm)
however how can I assign another user as Manager of this user and some other user as reportee of this user.
Basically how to create Manager and Reportee of a User in Embedded LDAP in Weblogic 10.3.5
ie I have a user A and user B created in Security Realm.
Now I want user A to be as Manager of User B so that when I use getManager() function in Human Task,I get A as Manager of B.
Thanks
Edited by: Vivek on 28 Sep, 2011 3:54 AMTo get an idea check these links.
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/aaa1a890-0201-0010-eb93-ae3d2bb74a78
BSP/HowTo - Customizing the design of System Logon page in NetWeaver '04
-Aman -
Embedded LDAP Server or relational database
Hi,
I'm pretty new to this subject, but I do have a question. Here is the situation.
I need to set up a login portal (in weblogic 8.1) for a webapplication. Customers
(in the future) can login into a secure part of the website, where they can modify
their personal settings and information. We are talking about < 100.000 users.
Now I was thinking of using the embedded LDAP server to set up the authorisation
and identification, but because 2 variables are needed to see if it is a customer
of the company, I am also looking into the possibility of using a relation database
(oracle) to set up the username - password authentication table.
Can somebody tell me the (dis)advantages of using LDAP instead of the relational
database (oracle)? Or give me advise which authorisation method is the best one?
Your help is needed!
Thanks in advance,
Hans
the customer more information is needed toEnsure that the managed server is running with "Managed Server Independence Enabled" flag checked.
It can be checked on console via Environment --> Servers --> <ServerName> --> Configuration --> Tuning
For more information, please check
http://docs.oracle.com/cd/E14571_01/web.1111/e13708/failures.htm#START169
The above flag is required for the managed server to use the local LDAP repository.
Arun -
Embedded LDAP on Weblogic Server
Hi Everyone
i'm currently using the embedded LDAP available in Weblogic for Security for SOA 11g
The users are getting updated on the system-jazn.xml file.But i dont know where the email information is getting stored. Does anyone know where it is stored.
Is there way i would download the users,roles and user properties from the embedded LDAP.
Regards
SabirHi Sabir
1. By default, as far as I know, from pure WLS point of view, we can create new users with just username and password like from WLS Admin Console.
2. I am not much familiar with "The users are getting updated on the system-jazn.xml file". Is this like External Authentication Provider that you configured with WLS.
3. For example, WLS can be configured with any External LDAP sources that has full User Profile and username and password etc. Then for say Weblogic Portal Applications, we have some procedure, to view the entire profile. Even for out of box Embedded LDAP in case of Weblogic Portal Appliations only we can View/Edit the full User Profile from something called Portal Admin Console. But this is all specific to Weblogic Portal Applications only.
If you can give more details on this "system-jazn.xml" file, we can look into it. But when it comes to core WLS, all you can do, configure it with any External Security Provider from Weblogic Console. And additionally create your own custom Authentication Provider. Coming to Profile, I know for Weblogic Portal Applications deployed on this WLS + portal modules, we can View/Edit full Profile.
HTH
Ravi Jegga -
WLP Embedded LDAP dependency in 10.3 ?
Hi,
what's the party line on the embedded LDAP dependency in 10.3 ? Since the WLS version is now up to 10.3 is the dependency gone?
I tried creating a domain with an RDBMS security store but got a weird security related error when trying to deploy a portal app. Verified configuration with a regular webapp that deployed/worked fine.
Thanks,
PetriHi Petri,
I hope you are doing well.
For WLP 10.3, only the authorization and role mapper providers which utilize the embedded LDAP are supported by WLP. The next version of WLP is planned to work with the rdbms-based providers.
Brad -
How to change password for a user in WLS 7.0 embedded ldap in code?
I asked the similar question before but don't have an answer yet.
I need to change password for a user in my Java code. Any help will be
appreciated.
Here is my stack trace:
c:\Test>java -classpath . testEmbeddedLdap
attribute: uid
attribute: description
attribute: objectclass
attribute: wlsMemberOf
attribute: sn
attribute: cn
javax.naming.NoPermissionException: [LDAP: error code 50 - Insufficient
Access Rights]; remaining name
'uid=myRegularUser,ou=people,ou=myrealm,dc=mydomain'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2872)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2810)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2616)
at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1374)
at
com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDir
Context.java:255)
at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(Partial
CompositeDirContext.java:172)
at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(Partial
CompositeDirContext.java:161)
at
javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.
java:146)
at testEmbeddedLdap.main(testEmbeddedLdap.java:30)
Here is my testing code:
<PRE>
import java.util.*;
import javax.naming.*;
import javax.naming.directory.*;
public class testEmbeddedLdap {
public static void main(String[] argv) {
Hashtable env = new Hashtable(11);
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://localhost:7001");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, "uid=myAdministrator, ou=people,
ou=myrealm, dc=mydomain");
env.put(Context.SECURITY_CREDENTIALS, "myAdministrator");
try {
DirContext ctx = new InitialDirContext(env);
String
sUser="uid=myRegularUser,ou=people,ou=myrealm,dc=mydomain";
String sOldPassword="myRegularUser";
String sNewPassword="newpassword";
for (NamingEnumeration ae = ctx.getAttributes(sUser).getAll();
ae.hasMore(); ) {
Attribute attr = (Attribute)ae.next();
System.out.println("attribute: " + attr.getID());
ModificationItem[] mods = new ModificationItem[2];
Attribute mod0 = new BasicAttribute("userpassword",
sOldPassword);
mods[0] = new ModificationItem(DirContext.REMOVE_ATTRIBUTE,
mod0);
Attribute mod1 = new BasicAttribute("userpassword",
sNewPassword);
mods[1] = new ModificationItem(DirContext.ADD_ATTRIBUTE, mod1);
ctx.modifyAttributes(sUser, mods);
ctx.close();
} catch (NamingException e) {
e.printStackTrace();
</PRE>
"Neil Smithline" <[email protected]> wrote in message
news:[email protected]...
Two things. First, I'm not exactly sure what password you are trying to
change. The LDAP server's password or a user's password in the LDAP
server. Second, could you please post a stack trace.
Thanks - Neil
K Wong wrote:
I am using (javax.naming.directory.DirContext.modifyAttributes) to
change
password to our development Weblogic 7.0 embedded LDAP.
I login as the system administrator (a user in the administratorsgroup),
but always gets the javax.naming.NoPermissionException - InsufficientAccess
Rights.
What user should I use? Any help will be appreciated.Hai,
This condition based execution requires - javascript coding.
In miscelleaneous tools bar, you have an option of SCRIPT_ITEM writer tool, drag the tool into your WAD layout, and select the properties , choose the editor option and paste your coding. that's it.
Alternate option :
in your web application design layout , you will fine XHTML coding editor , there you need to write coding and execute the same.
Hope this will help to you.
Assign Points if its really useful.
Cheers !!!
Bye
Regards,
Giri -
Weblogic.server.ServiceFailureException:com- embedded LDAP error
Hi
While starting teh weblogic server, I am getting error as
weblogic.server.ServiceFailureException: Error initialisng embedded LDAP server - with nested exception
java.lang.ClassCastException:com.octetstring.vde.backend.BackendRoot
the server is not started (I have installed it as a window service in Win2k)
Any help on this ?there are few different ways to fix this. I do this frequently
--Delete the data folder and boot the server it will fix the issue. You will lose all the users information (except admin user) need to recrate any ohter users you created.make sure backup data folder
-- Second get the data folder from domain_bak folder
Hope this will fix your problem
Thanks
ksr
Edited by: ksr11 on Nov 24, 2010 10:33 AM -
Can't connect to weblogic embedded LDAP from an init block
Hi
I am trying to use weblogic's embedded LDAP directory in an OBIEE RPD initialisation block, using 10g security model in OBIEE 11g. I need the internal user, BISystemUser, to be validated by an init block in the rpd, but I am not able to configure the weblogic LDAP in an init block, as it is done with AD, for example.
I am following the instructions on "Viewing the Contents of the Embedded LDAP Server from an LDAP Browser" section of this document, http://docs.oracle.com/cd/E21764_01/web.1111/e13707/ldap.htm#i1104934 and I am getting: "LDAP bind failure: Can't connect to LDAP server". Weblogic is up and running, I can connect to its console, OBIEE, etc.
I am using this settings on OBIEE:
Hostname: localhost (I've tried using the actual hostname)
Base DN: dc=bifoundation_domain
Bind DN: cn=Admin
Port: 7001
(I've already reset LDAP's Admin password to a known value).
The curious thing is that I can connect to the same LDAP using the same settings with LDAPExplorerTool2 opensource tool.
Does anyone have an idea what else is missing?
Thank you.i also have this problem..do u have any solution?
-
"ming qin" <[email protected]> wrote in message news:[email protected]..
I would like to have entries as users.There are a few issues that arise as the number of users increases. The
first is management
of all these users. Will you be able to load/update/manage all of the users
via the WLS console?
You can certainly use external LDAP tools to manage the data in the WLS
embedded LDAP
server, but using an external LDAP server may offer better tools for
management than those
offered in WLS.
The second is performance. Since the ldap server embedded within WLS uses
in-memory
indices, the time to load the indices and the memory required for storing
them increases as
the number of users increases. 20-50K seems to have reasonable performance.
The last is extensibility. The WLS default authenticator stores user,
description, and password.
You may have different requirements and want to store additional
information. -
Special characters not supported in Embedded LDAP
Hi All,
I had a very hectic time trying to debug this issue.
The requirement was to provide support for + as a special character in the userId.
As the RFC says to escape it using a backslash.I did exactly that.
However, it kept on giving me Naming Violation... LDAP error code 64.
SO, inorder to verify the code which I had writted ... I connected the Apache Directory Server in place.
This time round the code worked.
Can someone help me with the resolution ... as in, does the Embedded LDAP schema needs modification.... apparently it does.
Thanks & Regards
Yukti KauraThanks !
How do we raise a support issue .Is there any Id where I can drop a mail ?
Yukti -
Weblogic 9.2 Embedded LDAP Login denied!
Hi,
I am trying to put together users/ groups in the Embeded ldap for LDAP authentication. I saw in the embedded LDAP, the tree as
domainName->myrealm->groups,people etc by default.
Now, under the LDAP root domainName, I created a directory structure as:
domainName->myorg->groups,users.
In the weblogic console ( myrealm is the default security realm.)
under myrealm, I created LDAP Authentication Provider and gave all the LDAP provider specific info for searching etc.
I was able to see the users using the console screen.
Now in my Web Application, using the "FORM based Authentication"(using j_username etc) I tried to login.
I saw the AdminServer log:
--getDNForUser search("ou=people,ou=myrealm,dc=domainA", "(&(uid=ldapuser2)(objectclass=person))", base DN & below)
with the following exception:
--javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User ldapuser2 denied
at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:191)
which means, Weblogic was trying to use the LDAP params which were pointing to 'myrealm'.
I was expecting weblogic to search as I specified in the provider:
"ou=users,ou=myorg,dc=domainA" rather than "ou=people,ou=myrealm,dc=domainA".
Remember I am using Embeded LDAP.
Please let me know whether what I am trying to achieve is something that Weblogic is capable of.
By the way, when I put my users under the 'myrealm' directory it does authenticate.
Please let me know
Thank you in advance.
AzimThese are the steps that I followed to connect weblogic 9.2 with LDAP Port 636(SSL Enabled) and it worked fine.
Steps for Installation of SSL
1. Modify the Provider Specific configuration in the Admin Console to use port 636 and ‘SSL Enabled’ (OR Modify config.xml)
<wls:port>636</wls:port>
<wls:ssl-enabled>true</wls:ssl-enabled>
2. Back up the D:\apps\bea\wls92\weblogic92\server\lib directory
3. Copy the certificate (xxxx.cer) to that directory
4. Import the certificate into the keystore:
5. D:\apps\bea\wls92\jrockit_150_12\bin\keytool -v -import -alias ldapcert -keystore DemoTrust.jks -file entrust_ssl_ca.cer -storepass DemoTrustKeyStorePassPhrase
6. Add the following parameter to the JAVA_OPTIONS in the start script (setDomainEnv.cmd):
a. -Dweblogic.security.SSL.allowSmallRSAExponent=true
7. Restart WebLogic (Admin) Server -
How to configure human workflow using embedded ldap in standalone weblogic
I am trying to use embedded ldap to select users for a human workflow. I have created an application server instance using soa server details but the realm field in human workflow remains empty.
Please let me know what would be right steps.Can you provide more details about the context of where this happens? Are you selecting users in the Organization editor in BPM studio? Is this on 11.1.1.3 or 11.1.1.4?
Maybe you are looking for
-
Since upgrading to itunes v. 12.0.1.26 and Yosemite (same day), iTunes has been making me log in every single time I open it. Not only that, but it makes me log in several times, for iCloud, for iTunes match, for whatever else we do on iTunes. It giv
-
Variance Journal Appear in Reversal Goods Receipt of CO Production Order
Good afternoon Currently we face a problem that variance journal appear when doing Reversal Goods Receipt (MBST) of CO Production Order. But the variance journal appear after we reverse goods receipt for the second time, third time, and so on. No pro
-
File Name and Path special field
Post Author: puser01 CA Forum: .NET I have a report created in CR 9 with the File Name and Path special field on the report displayed correctly. when i try to run it on CR XI environment i get this: C:\WINDOWS\TEMP\{4D86438D-54F5-4EEF-A0AB-05D5EB2BFF
-
Mouse right-click doesn't work while clicking on files in folders
Hi there, I have an iMac 8,1 with 10.6.8 OS. Mouse is a Logitech M-BZ105A connected via USB. About a week ago, I've noticed weird problem with my mouse: nothing happens when I right-click on files in folders. Nothing shows up. - left-click works (it'
-
Sun Solaris 10,Upgrade 8 or higher,having issues with VxFS,for Oracle 11gr2
A while ago, we tried doing a prototype upgrade of our main Oracle 10g db to Oracle 11gr2. The OS on which our Oracle 10g is running is Sun Solaris 10, upgrade 4. According to Oracle 11gr2 documentation, we need Sun Solaris 10, upgrade 6 or higher fo