Portal embedded LDAP

Similar Messages

• Portal 7 and embedded LDAP server

  I searched for this on support but nothing much came up on Portal 7, so here
  goes:
  We're thinking of moving to LDAP for user authentication. LDAP 2 is
  supported by the current Portal. What LDAP version is supported by the
  embedded LDAP server that comes with WLS? Can I convert sooner or later?
  Do I have to wait on something?
  Should I put off putting my users into LDAP 2 (OpenLDAP) or wait and use the
  embedded LDAP?
  Thanks,
  Steve

  Ture,
  Can use LDAP for UUP without using it for authentication/authorization? If so,
  how, or at least can you kindly point to a document that descrips how?
  Thanks
  Ture Hoefner <[email protected]> wrote:
  Hello Steve,
  I think you may be confusing the LDAP v2 specification with the WLS
  6.x, 7.x
  V2 LdapRealm. The "V2" in "V2 LdapRealm" does not have anything to do
  with the
  LDAP v2 spec. It is just version 2 of the LdapRealm (
  http://e-docs.bea.com/wls/docs70/secmanage/security6.html#1071872 )
  Portal
  doesn't really care which LDAP server you are using (and it works with
  both the
  original LdapRealm and the V2 LdapRealm).
  When using Portal with LDAP, there are three things you can use it
  for:
  1) authentication/authorization, using WLS security framework, and/or
  2) read-only Unified User Profile (UUP) via LdapPropertyManager in
  ldapprofile.jar to get user properties from LDAP, and/or
  3) read/write UUP via your own custom EntityPropertyManager to get/set
  user
  properties from LDAP.
  If you are using LDAP for authentication/authorization, then just follow
  instructions from WLS for configuring it. Your Portal app is a J2EE
  app that
  will use this service from your WLS app server.
  If you are using LDAP for a UUP then it doesn't really matter which LDAP
  server
  you use, as long as it really follows the LDAP spec. Portal just uses
  JNDI to
  search for attributes in the LDAP server and provides them to you as
  user
  properties.
  Steve Lewis wrote:
  I searched for this on support but nothing much came up on Portal 7,so here
  goes:
  We're thinking of moving to LDAP for user authentication. LDAP 2 is
  supported by the current Portal. What LDAP version is supported bythe
  embedded LDAP server that comes with WLS? Can I convert sooner orlater?
  Do I have to wait on something?
  Should I put off putting my users into LDAP 2 (OpenLDAP) or wait anduse the
  embedded LDAP?
  Thanks,
  Steve--
  Ture Hoefner
  BEA Systems, Inc.
  4001 Discovery Drive
  Suite 340
  Boulder, CO 80303
  www.bea.com

• Embedded LDAP configuration in Portal

  Hi,
  I am currently working on WL10.1MP1, and need to know the probable files involved in Embedded LDAP Configuration in the domain.
  Can anyone let me know.
  Regards
  Lakshmi

  Hi Lakshmi,
  Default configurations are part of config.xml, security.xml and ldif files in security folder and files in data/LDAP folder in Admin Server.
  Vishnu

• URGENT : Add & Retrieve properties from Embedded LDAP in Weblogic 9.2

  I am using Embedded LDAP WebLogic 9.2 and i followed the steps mentioned in the URL below.I have nt changed anything except Server URL which points to localhost:7001.
  http://e-docs.bea.com/wlp/docs92/users/appendixa.html#wp1055363
  Questions:
  1)How to add additional attributes to embedded LDAP? (eg email, phone etc).
  2)How to read those properties from embedded LDAP using WebLogic Portal API? Any code samples?
  Any help is appreaciated.

  this problem is due to hard-coded user/pwd in installation scripts. Here are steps
  1) open file AIA_HOME/Infrastructure/install/wlscripts/FPWLCommonConfig.xml
  2) reach to target CreateStartupClasses
  3) there are three java tasks for com.oracle.oems.weblogic.AQJMSPasswordUtility
  4) in the task for oraesb, password is hardcoded as 'oraesb' in clear text.
  5) this should be password of 'ORAESB' database user.
  6) change this password value; and restart the installation.
  Regards,
  Vaibhav

• Urgent : How to create Manager and Reportee of a User in Embedded LDAP in W

  Hi All,
  I have created user in Weblogic Server Embdeed LDAP (Console-->SecurityRealm)
  however how can I assign another user as Manager of this user and some other user as reportee of this user.
  Basically how to create Manager and Reportee of a User in Embedded LDAP in Weblogic 10.3.5
  ie I have a user A and user B created in Security Realm.
  Now I want user A to be as Manager of User B so that when I use getManager() function in Human Task,I get A as Manager of B.
  Thanks
  Edited by: Vivek on 28 Sep, 2011 3:54 AM

  To get an idea check these links.
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/aaa1a890-0201-0010-eb93-ae3d2bb74a78
  BSP/HowTo - Customizing the design of System Logon page in NetWeaver '04
  -Aman

• Embedded LDAP Server or relational database

  Hi,
  I'm pretty new to this subject, but I do have a question. Here is the situation.
  I need to set up a login portal (in weblogic 8.1) for a webapplication. Customers
  (in the future) can login into a secure part of the website, where they can modify
  their personal settings and information. We are talking about < 100.000 users.
  Now I was thinking of using the embedded LDAP server to set up the authorisation
  and identification, but because 2 variables are needed to see if it is a customer
  of the company, I am also looking into the possibility of using a relation database
  (oracle) to set up the username - password authentication table.
  Can somebody tell me the (dis)advantages of using LDAP instead of the relational
  database (oracle)? Or give me advise which authorisation method is the best one?
  Your help is needed!
  Thanks in advance,
  Hans
  the customer more information is needed to

  Ensure that the managed server is running with "Managed Server Independence Enabled" flag checked.
  It can be checked on console via Environment --> Servers --> <ServerName> --> Configuration --> Tuning
  For more information, please check
  http://docs.oracle.com/cd/E14571_01/web.1111/e13708/failures.htm#START169
  The above flag is required for the managed server to use the local LDAP repository.
  Arun

• Embedded LDAP on Weblogic Server

  Hi Everyone
  i'm currently using the embedded LDAP available in Weblogic for Security for SOA 11g
  The users are getting updated on the system-jazn.xml file.But i dont know where the email information is getting stored. Does anyone know where it is stored.
  Is there way i would download the users,roles and user properties from the embedded LDAP.
  Regards
  Sabir

  Hi Sabir
  1. By default, as far as I know, from pure WLS point of view, we can create new users with just username and password like from WLS Admin Console.
  2. I am not much familiar with "The users are getting updated on the system-jazn.xml file". Is this like External Authentication Provider that you configured with WLS.
  3. For example, WLS can be configured with any External LDAP sources that has full User Profile and username and password etc. Then for say Weblogic Portal Applications, we have some procedure, to view the entire profile. Even for out of box Embedded LDAP in case of Weblogic Portal Appliations only we can View/Edit the full User Profile from something called Portal Admin Console. But this is all specific to Weblogic Portal Applications only.
  If you can give more details on this "system-jazn.xml" file, we can look into it. But when it comes to core WLS, all you can do, configure it with any External Security Provider from Weblogic Console. And additionally create your own custom Authentication Provider. Coming to Profile, I know for Weblogic Portal Applications deployed on this WLS + portal modules, we can View/Edit full Profile.
  HTH
  Ravi Jegga

• WLP Embedded LDAP dependency in 10.3 ?

  Hi,
  what's the party line on the embedded LDAP dependency in 10.3 ? Since the WLS version is now up to 10.3 is the dependency gone?
  I tried creating a domain with an RDBMS security store but got a weird security related error when trying to deploy a portal app. Verified configuration with a regular webapp that deployed/worked fine.
  Thanks,
  Petri

  Hi Petri,
  I hope you are doing well.
  For WLP 10.3, only the authorization and role mapper providers which utilize the embedded LDAP are supported by WLP. The next version of WLP is planned to work with the rdbms-based providers.
  Brad

• How to change password for a user in WLS 7.0 embedded ldap in code?

  I asked the similar question before but don't have an answer yet.
  I need to change password for a user in my Java code. Any help will be
  appreciated.
  Here is my stack trace:
  c:\Test>java -classpath . testEmbeddedLdap
  attribute: uid
  attribute: description
  attribute: objectclass
  attribute: wlsMemberOf
  attribute: sn
  attribute: cn
  javax.naming.NoPermissionException: [LDAP: error code 50 - Insufficient
  Access Rights]; remaining name
  'uid=myRegularUser,ou=people,ou=myrealm,dc=mydomain'
  at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2872)
  at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2810)
  at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2616)
  at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1374)
  at
  com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDir
  Context.java:255)
  at
  com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(Partial
  CompositeDirContext.java:172)
  at
  com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(Partial
  CompositeDirContext.java:161)
  at
  javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.
  java:146)
  at testEmbeddedLdap.main(testEmbeddedLdap.java:30)
  Here is my testing code:
  <PRE>
  import java.util.*;
  import javax.naming.*;
  import javax.naming.directory.*;
  public class testEmbeddedLdap {
  public static void main(String[] argv) {
  Hashtable env = new Hashtable(11);
  env.put(Context.INITIAL_CONTEXT_FACTORY,
  "com.sun.jndi.ldap.LdapCtxFactory");
  env.put(Context.PROVIDER_URL, "ldap://localhost:7001");
  env.put(Context.SECURITY_AUTHENTICATION, "simple");
  env.put(Context.SECURITY_PRINCIPAL, "uid=myAdministrator, ou=people,
  ou=myrealm, dc=mydomain");
  env.put(Context.SECURITY_CREDENTIALS, "myAdministrator");
  try {
  DirContext ctx = new InitialDirContext(env);
  String
  sUser="uid=myRegularUser,ou=people,ou=myrealm,dc=mydomain";
  String sOldPassword="myRegularUser";
  String sNewPassword="newpassword";
  for (NamingEnumeration ae = ctx.getAttributes(sUser).getAll();
  ae.hasMore(); ) {
  Attribute attr = (Attribute)ae.next();
  System.out.println("attribute: " + attr.getID());
  ModificationItem[] mods = new ModificationItem[2];
  Attribute mod0 = new BasicAttribute("userpassword",
  sOldPassword);
  mods[0] = new ModificationItem(DirContext.REMOVE_ATTRIBUTE,
  mod0);
  Attribute mod1 = new BasicAttribute("userpassword",
  sNewPassword);
  mods[1] = new ModificationItem(DirContext.ADD_ATTRIBUTE, mod1);
  ctx.modifyAttributes(sUser, mods);
  ctx.close();
  } catch (NamingException e) {
  e.printStackTrace();
  </PRE>
  "Neil Smithline" <[email protected]> wrote in message
  news:[email protected]...
  Two things. First, I'm not exactly sure what password you are trying to
  change. The LDAP server's password or a user's password in the LDAP
  server. Second, could you please post a stack trace.
  Thanks - Neil
  K Wong wrote:
  I am using (javax.naming.directory.DirContext.modifyAttributes) to
  change
  password to our development Weblogic 7.0 embedded LDAP.
  I login as the system administrator (a user in the administratorsgroup),
  but always gets the javax.naming.NoPermissionException - InsufficientAccess
  Rights.
  What user should I use? Any help will be appreciated.

  Hai,
  This condition based execution requires - javascript coding.
  In miscelleaneous tools bar, you have an option of SCRIPT_ITEM writer tool, drag the tool into your WAD layout, and select the properties , choose the editor option and paste your coding. that's it.
  Alternate option :
  in your web application design layout , you will fine XHTML coding editor , there you need to write coding and execute the same.
  Hope this will help to you.
  Assign Points if its really useful.
  Cheers !!!
  Bye
  Regards,
  Giri

• Weblogic.server.ServiceFailureException:com- embedded LDAP error

  Hi
  While starting teh weblogic server, I am getting error as
  weblogic.server.ServiceFailureException: Error initialisng embedded LDAP server - with nested exception
  java.lang.ClassCastException:com.octetstring.vde.backend.BackendRoot
  the server is not started (I have installed it as a window service in Win2k)
  Any help on this ?

  there are few different ways to fix this. I do this frequently
  --Delete the data folder and boot the server it will fix the issue. You will lose all the users information (except admin user) need to recrate any ohter users you created.make sure backup data folder
  -- Second get the data folder from domain_bak folder
  Hope this will fix your problem
  Thanks
  ksr
  Edited by: ksr11 on Nov 24, 2010 10:33 AM

• Can't connect to weblogic embedded LDAP from an init block

  Hi
  I am trying to use weblogic's embedded LDAP directory in an OBIEE RPD initialisation block, using 10g security model in OBIEE 11g. I need the internal user, BISystemUser, to be validated by an init block in the rpd, but I am not able to configure the weblogic LDAP in an init block, as it is done with AD, for example.
  I am following the instructions on "Viewing the Contents of the Embedded LDAP Server from an LDAP Browser" section of this document, http://docs.oracle.com/cd/E21764_01/web.1111/e13707/ldap.htm#i1104934 and I am getting: "LDAP bind failure: Can't connect to LDAP server". Weblogic is up and running, I can connect to its console, OBIEE, etc.
  I am using this settings on OBIEE:
  Hostname: localhost (I've tried using the actual hostname)
  Base DN: dc=bifoundation_domain
  Bind DN: cn=Admin
  Port: 7001
  (I've already reset LDAP's Admin password to a known value).
  The curious thing is that I can connect to the same LDAP using the same settings with LDAPExplorerTool2 opensource tool.
  Does anyone have an idea what else is missing?
  Thank you.

  i also have this problem..do u have any solution?

• How many entries is embedded LDAP of weblogic 8.1 capable to store ? let's assume we use default LDAP schema being defined in schema.core.xml

   

  "ming qin" <[email protected]> wrote in message news:[email protected]..
  I would like to have entries as users.There are a few issues that arise as the number of users increases. The
  first is management
  of all these users. Will you be able to load/update/manage all of the users
  via the WLS console?
  You can certainly use external LDAP tools to manage the data in the WLS
  embedded LDAP
  server, but using an external LDAP server may offer better tools for
  management than those
  offered in WLS.
  The second is performance. Since the ldap server embedded within WLS uses
  in-memory
  indices, the time to load the indices and the memory required for storing
  them increases as
  the number of users increases. 20-50K seems to have reasonable performance.
  The last is extensibility. The WLS default authenticator stores user,
  description, and password.
  You may have different requirements and want to store additional
  information.

• Special characters not supported in Embedded LDAP

  Hi All,
  I had a very hectic time trying to debug this issue.
  The requirement was to provide support for + as a special character in the userId.
  As the RFC says to escape it using a backslash.I did exactly that.
  However, it kept on giving me Naming Violation... LDAP error code 64.
  SO, inorder to verify the code which I had writted ... I connected the Apache Directory Server in place.
  This time round the code worked.
  Can someone help me with the resolution ... as in, does the Embedded LDAP schema needs modification.... apparently it does.
  Thanks & Regards
  Yukti Kaura

  Thanks !
  How do we raise a support issue .Is there any Id where I can drop a mail ?
  Yukti

• Weblogic 9.2 Embedded LDAP Login denied!

  Hi,
  I am trying to put together users/ groups in the Embeded ldap for LDAP authentication. I saw in the embedded LDAP, the tree as
       domainName->myrealm->groups,people etc by default.
  Now, under the LDAP root domainName, I created a directory structure as:
       domainName->myorg->groups,users.
  In the weblogic console ( myrealm is the default security realm.)
  under myrealm, I created LDAP Authentication Provider and gave all the LDAP provider specific info for searching etc.
  I was able to see the users using the console screen.
  Now in my Web Application, using the "FORM based Authentication"(using j_username etc) I tried to login.
  I saw the AdminServer log:
  --getDNForUser search("ou=people,ou=myrealm,dc=domainA", "(&(uid=ldapuser2)(objectclass=person))", base DN & below)
  with the following exception:
  --javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User ldapuser2 denied
       at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:191)
  which means, Weblogic was trying to use the LDAP params which were pointing to 'myrealm'.
  I was expecting weblogic to search as I specified in the provider:
  "ou=users,ou=myorg,dc=domainA" rather than "ou=people,ou=myrealm,dc=domainA".
  Remember I am using Embeded LDAP.
  Please let me know whether what I am trying to achieve is something that Weblogic is capable of.
  By the way, when I put my users under the 'myrealm' directory it does authenticate.
  Please let me know
  Thank you in advance.
  Azim

  These are the steps that I followed to connect weblogic 9.2 with LDAP Port 636(SSL Enabled) and it worked fine.
  Steps for Installation of SSL
  1.     Modify the Provider Specific configuration in the Admin Console to use port 636 and ‘SSL Enabled’ (OR Modify config.xml)
       <wls:port>636</wls:port>
       <wls:ssl-enabled>true</wls:ssl-enabled>
  2.     Back up the D:\apps\bea\wls92\weblogic92\server\lib directory
  3.     Copy the certificate (xxxx.cer) to that directory
  4.     Import the certificate into the keystore:
  5.     D:\apps\bea\wls92\jrockit_150_12\bin\keytool -v -import -alias ldapcert -keystore DemoTrust.jks -file entrust_ssl_ca.cer -storepass DemoTrustKeyStorePassPhrase
  6.     Add the following parameter to the JAVA_OPTIONS in the start script (setDomainEnv.cmd):
  a.     -Dweblogic.security.SSL.allowSmallRSAExponent=true
  7.     Restart WebLogic (Admin) Server

• How to configure human workflow using embedded ldap in standalone weblogic

  I am trying to use embedded ldap to select users for a human workflow. I have created an application server instance using soa server details but the realm field in human workflow remains empty.
  Please let me know what would be right steps.

  Can you provide more details about the context of where this happens? Are you selecting users in the Organization editor in BPM studio? Is this on 11.1.1.3 or 11.1.1.4?