Using LDAP as security realm
Hi,
Our goal is to use LDAP(Iplanet Directory Server 5.0) as a security Realm
for Weblogic Personalization and Commerce 3.5.
Using the WLCS console, I've modified the config.xml file and following
elements are added:
<LDAPRealm AuthProtocol='simple' Credential='admin'
GroupDN='ou=groups,dc=netnumina,dc=com' GroupIsContext='false'
GroupUsernameAttribute='uniquemember'
LDAPURL='ldap://sanand.netnumina.com:389' Name='wlcsLDAPRealm'
Principal='uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot'
UserAuthentication='local' UserDN='ou=people,dc=netnumina,dc=com'
UserNameAttribute='uid'/>
<CachingRealm BasicRealm='wlcsLDAPRealm' CacheCaseSensitive='true'
Name='wlcsCachingRealm'/>
But when we try to restart the WLCS, it throws java exceptions that context
is not initialized and I get the following error
<Jun 15, 2001 3:41:28 PM EDT> <Emergency> <Server> <Unable to initialize the
ser
ver: 'Fatal initialization exception
Throwable: weblogic.security.ldaprealm.LDAPException: could not get
context - wi
th nested exception:
[java.lang.reflect.InvocationTargetException - with target exception:
[javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid
Credential
s]]]
weblogic.security.ldaprealm.LDAPException: could not get context - with
nested e
xception:
I tried using Windows NT as a security realm but that gave me errors too.
Does anyone has any experience using anything other than the default Realm?
Any help would be appreciated. Thanks!
Asim Raja
[email protected]
I'm not sure, but I suspect you can't
since this would create a circular dependency -
your realm would rely on the upper level security
checking calls but those calls would rely on your
realm.
My suggestion is to give it a try and see what
happens.
-Tom
Ozcan ADIYAMAN <[email protected]> wrote:
Hi ,
I am implementing a simple custom security realm using LDAP as the
security store and I can see the users, groups and acls from the admin
console.
My question is (a custom realm newbie question) ;
Is it possible to use weblogic.security.acl.Security with my custom
realm to check permissions, get the current user,etc.,
OR
is this class ONLY used with default realms (when ACL is stored in a
file) ?
Thanks
Ozcan
Similar Messages
-
Unable to use a custom security realm with Netscape Directory Server in WebLogic 7
I have all users and groups stored in a Netscape LDAP server (version 4.1.6 on
Solaris 8), so I want to create a custom security realm in WebLogic 7 (also run
on Solaris 8) which uses my LDAP server as the Authenticator. I tried this by
using the Admin Console and followed exactly the steps in Chapter 3 of the "Managing
WebLogic Security" doc. However, when I rebooted WebLogic and logged into the
Admin Console again and clicked the Users node under my custom realm, I saw this
message in the right-hand pane: "There are no Authentication providers available
that support the creation of Users". Also, I don't see my custom realm in the
dropdown list under mydomain -> Security tab -> General tab -> Default Realm.
What did I do wrong? Also, where does WebLogic store the custom security realm
info? It is definitely not in config.xml.
Thanks,
Eric MaThanks for the info.
I wonder when they will fix it.
Jakub
U¿ytkownik "Eric Ma" <[email protected]> napisa³ w wiadomo¶ci
news:[email protected]..
>
According to BEA Tech Support, a known bug prevents the WLS 7 AdminConsole from
displying users and groups defined in Netscape Directory Server.
Eric Ma
"Jakub Wroniszewski" <[email protected]> wrote:
I have the same problem.
Any new ideas?
Rgds,
Jakub
U¿ytkownik "Eric Ma" <[email protected]> napisa³ w wiadomo¶ci
news:[email protected]..
Now I doubt my custom security realm is actually using the NetscapeDirectory Server
as the authenticator. Unlike in WebLogic 6.1 Admin Console, whereclicking on
the Users node displays all users in the LDAP server, in WebLogic 7I keep
getting
the message "There are no Authentication providers available that
support
the
creation of Users." Any suggestions?
"Eric Ma" <[email protected]> wrote:
Never mind. I tried again by following the steps outlined at
http://newsgroups.bea.com/cgi-bin/dnewsweb?cmd=article&group=weblogic.deve
l
oper.interest.security&item=8463&utag=
and it seemed to have worked for me.
"Eric Ma" <[email protected]> wrote:
I have all users and groups stored in a Netscape LDAP server (version
4.1.6 on
Solaris 8), so I want to create a custom security realm in WebLogic7
(also run
on Solaris 8) which uses my LDAP server as the Authenticator. I
tried
this by
using the Admin Console and followed exactly the steps in Chapter3
of
the "Managing
WebLogic Security" doc. However, when I rebooted WebLogic and logged
into the
Admin Console again and clicked the Users node under my custom realm,
I saw this
message in the right-hand pane: "There are no Authentication
providers
available
that support the creation of Users". Also, I don't see my customrealm
in the
dropdown list under mydomain -> Security tab -> General tab ->
Default
Realm.
What did I do wrong? Also, where does WebLogic store the customsecurity
realm
info? It is definitely not in config.xml.
Thanks,
Eric Ma -
Using an alternate security realm
Hi,
I'm trying to configure the Weblogic Personalization & Personalization
Server v3.5 to use NT or LDAP as a security realm.
With LDAP, the server reboots properly but when I try to goto
http://localhost:7501/tools, it prompts me for password/userid and none of
the user accounts(including for weblogic and those in the LDAP) work.
When I try to configure for NT security realm and then I try to reboot the
server, I get the error message below.
Any help would be greatly appreciate. Thanks!
Asim
[email protected]
NT error message:
U n a b l e t o a d j u s t t o k e n p r i v i l e g e s
U n a b l e t o a d j u s t t o k e n p r i v i l e
g e
s
java.lang.SecurityException: Unable to assert all required
priviledges
at weblogic.security.ntrealm.NTDelegate.initFields(Native Method)
at weblogic.security.ntrealm.NTDelegate.loadlib(NTDelegate.java:218)
at weblogic.security.ntrealm.NTDelegate.<init>(NTDelegate.java:84)
at weblogic.security.ntrealm.NTRealm.<init>(NTRealm.java:42)
at java.lang.Class.newInstance0(Native Method)
at java.lang.Class.newInstance(Class.java:237)
at weblogic.security.acl.Realm.getRealm(Realm.java:84)
at weblogic.security.acl.Realm.getRealm(Realm.java:62)
at
weblogic.security.SecurityService.initializeRealm(SecurityService.jav
a:265)
at
weblogic.security.SecurityService.initialize(SecurityService.java:123
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:343)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
<Jun 19, 2001 1:58:10 PM EDT> <Emergency> <Server> <Unable to initialize the
ser
ver: 'Fatal initialization exception
Throwable: java.lang.IllegalAccessError: java.lang.SecurityException: Unable
to
assert all required priviledges -- bad domain name
java.lang.IllegalAccessError: java.lang.SecurityException: Unable to assert
all
required priviledges -- bad domain nameHi,
I'm trying to configure the Weblogic Personalization & Personalization
Server v3.5 to use NT or LDAP as a security realm.
With LDAP, the server reboots properly but when I try to goto
http://localhost:7501/tools, it prompts me for password/userid and none of
the user accounts(including for weblogic and those in the LDAP) work.
When I try to configure for NT security realm and then I try to reboot the
server, I get the error message below.
Any help would be greatly appreciate. Thanks!
Asim
[email protected]
NT error message:
U n a b l e t o a d j u s t t o k e n p r i v i l e g e s
U n a b l e t o a d j u s t t o k e n p r i v i l e
g e
s
java.lang.SecurityException: Unable to assert all required
priviledges
at weblogic.security.ntrealm.NTDelegate.initFields(Native Method)
at weblogic.security.ntrealm.NTDelegate.loadlib(NTDelegate.java:218)
at weblogic.security.ntrealm.NTDelegate.<init>(NTDelegate.java:84)
at weblogic.security.ntrealm.NTRealm.<init>(NTRealm.java:42)
at java.lang.Class.newInstance0(Native Method)
at java.lang.Class.newInstance(Class.java:237)
at weblogic.security.acl.Realm.getRealm(Realm.java:84)
at weblogic.security.acl.Realm.getRealm(Realm.java:62)
at
weblogic.security.SecurityService.initializeRealm(SecurityService.jav
a:265)
at
weblogic.security.SecurityService.initialize(SecurityService.java:123
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:343)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
<Jun 19, 2001 1:58:10 PM EDT> <Emergency> <Server> <Unable to initialize the
ser
ver: 'Fatal initialization exception
Throwable: java.lang.IllegalAccessError: java.lang.SecurityException: Unable
to
assert all required priviledges -- bad domain name
java.lang.IllegalAccessError: java.lang.SecurityException: Unable to assert
all
required priviledges -- bad domain name -
Errors encountered while using a Custom Security Realm on a Platform Domain
Hi,
We have created a WebLogic Platform Domain. A WebLogic Portal application(Portal
7.0) and some Web Service apps are running on this domain.
We have created a Custom Security Realm b'cos of our application requirements
and now when I startup the Platform Domain, I see lot of errors.
Some of the errors typically are
"<Jan 16, 2003 4:07:02 PM EST> <Error> <HTTP> <101256> <The run-as user: wlisystem,
for the servlet: ApplicationView for the webapp: /WLI_AI_Workshop_Control_Web,
could not be resolved to a valid user in the system. Please check if the user
exists.
javax.security.auth.login.LoginException: Authentication Failed: User wlisystem
denied in Realm Adapter realm weblogic"
or
Unable to deploy EJB: wlai-eventprocessor-ejb.jar from wlai-eventprocessor-ejb.jar:weblogic.ejb20.WLDeploymentException:
weblogic.ejb20.interfaces.PrincipalNotFoundException: Authentication Failed: User
wlisystem denied in Realm Adapter realm weblogic
Do we have to create any predefined user accounts in the Security Store to get
rid of these errors. I would appreciate if anyone can suggest some tips or workarounds
for configuring or creating a Custom Security Realm for Web Logic Platform Domain.
Thanks
VikramHello Vikram,
Are you using the new WLS 7.0 security framework? It is not supported for
Portal 7.0. For Portal 7.0 apps you have to use compatibility mode (6.x
style) security.
Ture Hoefner
BEA Systems, Inc.
www.bea.com
"Vikram Datla" <[email protected]> wrote in message
news:3e273015$[email protected]..
>
Hi,
We have created a WebLogic Platform Domain. A WebLogic Portalapplication(Portal
7.0) and some Web Service apps are running on this domain.
We have created a Custom Security Realm b'cos of our applicationrequirements
and now when I startup the Platform Domain, I see lot of errors.
Some of the errors typically are
"<Jan 16, 2003 4:07:02 PM EST> <Error> <HTTP> <101256> <The run-as user:wlisystem,
for the servlet: ApplicationView for the webapp:/WLI_AI_Workshop_Control_Web,
could not be resolved to a valid user in the system. Please check if theuser
exists.
javax.security.auth.login.LoginException: Authentication Failed: Userwlisystem
denied in Realm Adapter realm weblogic"
or
Unable to deploy EJB: wlai-eventprocessor-ejb.jar fromwlai-eventprocessor-ejb.jar:weblogic.ejb20.WLDeploymentException:
weblogic.ejb20.interfaces.PrincipalNotFoundException: AuthenticationFailed: User
wlisystem denied in Realm Adapter realm weblogic
Do we have to create any predefined user accounts in the Security Store toget
rid of these errors. I would appreciate if anyone can suggest some tips orworkarounds
for configuring or creating a Custom Security Realm for Web Logic PlatformDomain.
>
Thanks
Vikram -
Is this possible to use no default security realm?
Hi,
I created new security ReadOnlySQLAuthentication provider in the default realm and it works. Now I have all the users from all applications in one realm. If they use the same enterprise roles, user can log to one application with login and password from another application. To prevent it I created another security realm. I've added ReadOnlySQLAuthentication provider, set in my application new realm name - in jazn-data.xml and web.xml. But it doesn't work. My questions are:
It is possible to use few realms? So one application will use default realm, another no default realm.
If so, how to bind an application to no default realm?
BartHi,
A WLS instance only supports a single realm. So the answer unfortunately is no (was different with OC4J)
Frank -
Hi,
I have different sets of users coming from different databases and using different
roles mapping for each of my web applications. I would like to configure a specific
security realm per application in my weblogic server 7.0 . Is it possible ?
I try to specify the realm-name of the login-config tag from the web-xml deployement
descriptor but it doesn't make any difference. The default realm is always used.
I also would like to tell the Weblogic server to use the default realm in case
the realm isn't specified or isn't found. For example, the default would contains
my admin users.
Thanks a lot for your answer.
IzI thik this is a common mistake the ralm-name tag in the deployment descriptor is used
just by the browser for display purposes (when it opens the basic auth dialog box) so as
of now there is only 1 active realm which can have multiple providers as Kevin pointed
out
Kevin Lewis wrote:
WebLogic 7 now ignores the realm-name tag (I found that out yesterday).
My understanding is that there is only one realm active at a time for a domain
(I would be interested in being contradicted in this).
However, you can have multiple providers in each category of a realm: authentication,
authorization, etc. Therefore, what you can do is key authentication, et al,
off of some other information. We have our users enter their company, for example,
and use the TextInputCallback to get it. You could also encode something in the
initial page, based on the URL they hit, or whatever, and get that back in your
callback.
You can store that information in your own Principal implementation, and key off
of that in your authorization provider, going to a different database as appropriate,
or abstaining when a specific provider doesn’t have anything to say about a subject.
Anyway, there should be a way to do it, even if it's more complex than you would
have hoped.
--Kevin -
RDBMS Security realm 6.1-8.1 migration
I am trying to migrate a RDBMS security realm from WLS6.1 to WLS8.1.
Having followed the instructions in http://e-docs.bea.com/wls/docs81/upgrade/upgrade6xto81.html#1066711
I am now able to boot WLS8.1 and see encouraging signs such as the 'Compatibility
Security' node appearing in the left-hand console pane. The contents of the Users
and Groups nodes visible under this node look correct (ie as defined in the underlying
database).
However, to get to this point I had to initially hardwire the values for the database
driver, url, user and password as these were null when obtained from the associated
RDBMSRealmMBean object, causing the server to fail to start. This enabled me
to bootstrap the process so that I could use the console to enter these values
on the Database tab for the Realm I had defined for Compatibility Security. I
see no mention of this step in the instructions referred to above and therefore
missed out this vital step.
When WLS8.1 starts it displays:
<date&time> <Notice> <Security> <BEA-090082> <Security initializing using security
realm myrealm.>
myrealm is a Realm listed under Security but I would have expected the realm to
be the specially-defined realm associated with Compatibility Security. So, question
number 1 - does this output from WLS indicate that it is using the Compatibility
Security realm or the default realm?
Although the console displays the expected set of users and groups , my application
is failing to associate a user with a 'role' - the Groups node shows that user
U is in group G but when the application invokes the SessionContext method isCallerInRole(String
role) where the caller is U and the role is G the result of the invocation is
false. Question number 2 - why does this not return true in this case?
Note, this code (that I have inherited) worked fine in WLS6.1 and the only significant
change I needed to make for WLS8.1 is in the wrapper classes, in particular the
code to get the required RDBMSRealmMBean. Having now successfully got hold of
this object I would have expected the rest of the code to work fine (ok, 'expected'
is a bit optimisitic - but I'm not aware that there are any functional differences
beyond obtaining the RDBMSRealmMBean object).
Many thanks in advance for any assistance with this.
DavidMehrshad
I wasn't involved in the original WL6.1 code development but this is based on
the example code that BEA provide with the WLS6.1 installation - it should therefore
be visible at ~bea/wlserver6.1/samples/examples/security/rdbmsrealm
HTH
David
"Mehrshad Setayesh" <[email protected]> wrote:
>
David:
I am trying to do the same thing and can not find which RealmClassName
to use
in 8.1. In our previous version, 6.1, I was using com.bea.wlpi.rdbmsrealm.RDBMSRealm.
What is the mapping
Java class in 8.1? Thanks.
Regards
Mehrshad
"David Franklin" <[email protected]> wrote:
I am trying to migrate a RDBMS security realm from WLS6.1 to WLS8.1.
Having followed the instructions in http://e-docs.bea.com/wls/docs81/upgrade/upgrade6xto81.html#1066711
I am now able to boot WLS8.1 and see encouraging signs such as the 'Compatibility
Security' node appearing in the left-hand console pane. The contents
of the Users
and Groups nodes visible under this node look correct (ie as defined
in the underlying
database).
However, to get to this point I had to initially hardwire the values
for the database
driver, url, user and password as these were null when obtained from
the associated
RDBMSRealmMBean object, causing the server to fail to start. This enabled
me
to bootstrap the process so that I could use the console to enter these
values
on the Database tab for the Realm I had defined for Compatibility Security.
I
see no mention of this step in the instructions referred to above and
therefore
missed out this vital step.
When WLS8.1 starts it displays:
<date&time> <Notice> <Security> <BEA-090082> <Security initializingusing
security
realm myrealm.>
myrealm is a Realm listed under Security but I would have expected the
realm to
be the specially-defined realm associated with Compatibility Security.
So, question
number 1 - does this output from WLS indicate that it is using the Compatibility
Security realm or the default realm?
Although the console displays the expected set of users and groups ,
my application
is failing to associate a user with a 'role' - the Groups node shows
that user
U is in group G but when the application invokes the SessionContextmethod
isCallerInRole(String
role) where the caller is U and the role is G the result of the invocation
is
false. Question number 2 - why does this not return true in this case?
Note, this code (that I have inherited) worked fine in WLS6.1 and the
only significant
change I needed to make for WLS8.1 is in the wrapper classes, in particular
the
code to get the required RDBMSRealmMBean. Having now successfully got
hold of
this object I would have expected the rest of the code to work fine(ok,
'expected'
is a bit optimisitic - but I'm not aware that there are any functional
differences
beyond obtaining the RDBMSRealmMBean object).
Many thanks in advance for any assistance with this.
David -
Weblogic security realm mapping to DB
I have one question about Weblogic 7.01 security.
I have created USER, GROUP and ROLES table in my RDBMS.
Can I use the RDBMS realm if my users are in a database
table already? Can I tune Weblogic security realm to my database tables?
Any advice or links will be very appreciate.
Thanks a lot for any help, Volodymyr Shram.Thanks, criokeeper for your fast answer.
Woould you so kind to explain me one moment.
At http://e-docs.bea.com/wls/docs70/ConsoleHelp/domain_rdbmsrealm_config_general.html I found that "To use the RDBMS security realm, you need to use Compatibility security. The use of the RDBMS security realm is deprecated in WebLogic Server 7.0."
What does that means? Have I use the Compatibility security or it's jaust for ver. 6.x to ver.7.0 migration?
Thanks a lot for your answer.
Regards, Volodymyr. -
Conf. a Win2K Security Realm on WebLogic
Hi! I'm having some problems configuring a security realm in WebLogic
server 6.0sp1.
I'd like that WebLogic use the Windows2000 security realm as the
default security (it can be used as the secondary security realm
if it's the only way).
We've been trying to make it work for the last two (business) days
with no hope of being successfull at all.
We are using the BEA documentation 'Managing Security' as reference,
and we have some doubts about what's in there.
First doubt: The documentation says that we need to create new
security realm of the type Windows NT. OK, we did it. But we are
not sure about how to fill the filed Primary Domain. The documentation
says to put the host and port of the computer where User and Groups
are defined for the NT domain. I'm using the same computer for
both (NT domain and Web Logic), so I put the host name (babalu).
Wich port should I put?
Second doubt: The documentation says to create a systerm user on
the NT domain using NT administrative tools, names it 'system'
and set some stuff for it. But windows 2000 already has a user
with that name (SYSTE, but capitalized) and the property that I
should set on it doesn't exist! By the way, on the system user
user that windows2000 has I wasn't able to set any property.
Last doubt (maybe should be the first one) : Does WebLogic 6.0sp1
support Security Realms from Windows 2000? Or I need to download
another plugin or somethign like that?
Thanks for Reading and (hope) Answering my qusetions!
Roberto Giordano BarraHi! Thanks for the answer. I'll try to run WebLogic as a service.
In fact, I tried it before but I wasn't able to. I started the
service by hand, but I wasn't able to access the server. So, I
click on the 'remove web logic as service'(something like that)
in the WebLogic program group. Ok, it was removed. But when I tried
to put it back I didn't find no funny button to help me! Could
you help me with that?
Another thing. If I use NT Realm as a Caching Realm I'll be
able to see the NT user and users groups with the Web Logic management
GUI ?
Thanks once again,
Roberto Giordano Barra
"arthur" <[email protected]> wrote:
>
Hi,
By saying win2k I am assuming you mean creating an NT
realm.
Do not bother specifying a port, just put the server name.
You have to ensure that you are running the weblogic server
as
a NT service if you want to use the NTrealm.
Make sure under Caching Realm you specify the NTrealm.
That should be it.
Hope this helps.
Regards,
-Arthur
"Roberto Giordano Barra" <[email protected]> wrote:
Hi! I'm having some problems configuring a security
realm in WebLogic
server 6.0sp1.
I'd like that WebLogic use the Windows2000 securityrealm
as the
default security (it can be used as the secondary security
realm
if it's the only way).
We've been trying to make it work for the last two (business)
days
with no hope of being successfull at all.
We are using the BEA documentation 'Managing Security'
as reference,
and we have some doubts about what's in there.
First doubt: The documentation says that we need to create
new
security realm of the type Windows NT. OK, we did it.
But we are
not sure about how to fill the filed Primary Domain.The
documentation
says to put the host and port of the computer where User
and Groups
are defined for the NT domain. I'm using the same computer
for
both (NT domain and Web Logic), so I put the host name
(babalu).
Wich port should I put?
Second doubt: The documentation says to create a systerm
user on
the NT domain using NT administrative tools, names it
'system'
and set some stuff for it. But windows 2000 already has
a user
with that name (SYSTE, but capitalized) and the property
that I
should set on it doesn't exist! By the way, on the system
user
user that windows2000 has I wasn't able to set any property.
Last doubt (maybe should be the first one) : Does WebLogic
6.0sp1
support Security Realms from Windows 2000? Or I needto
download
another plugin or somethign like that?
Thanks for Reading and (hope) Answering my qusetions!
Roberto Giordano Barra -
One custom security realm for many wl servers?
Is it possible to use one custom security realm for many weblogic servers...ie
one login for all application on different weblogic server.Is it possible to use one custom security realm for many weblogic servers...ie
one login for all application on different weblogic server. -
I am trying to configure Weblogic 5.1.0, SP8, to use the Unix security Realm. I have
followed the installation and configuration directions, but when I try to test by
bringing up the AdminRealm servlet, it asks me for a userid & password 3 times (which
isn't mentioned in the directions), then gives me this error: "Supplied credentials
don't grant adequate privileges". I've tried signing on with several different accounts,
all the way up to 'root', all with the same results. What is it after and why isn't
even 'root' good enough? I've looked at the debug tracings from setting weblogic.security.realm.debug=true,
but everything seems to hit 'POS' except that it doesn't find the weblogic.url file
(whatever that is).
TIA for any assistance.
DonMore information...
If I give access to 'everyone' for the admin servlets, all of them works perfectly except AdminRealm that will
throw an exception:
"weblogic.security.unixrealm.SubprocessException: request failed:
at weblogic.security.unixrealm.UnixDelegate$Chat.require(UnixDelegate.java:167)
at weblogic.security.unixrealm.UnixRealm.getUsers(UnixRealm.java:229)......."
And if I do as Don (follow the installation guide) I have the same problem.
But still, I can set permissions on the helloWorld example and it works fine!
BR,
Sven
Sven-Åke Larsson wrote:
I have the same problem.
There's no problem running for example the helloworld servlet, but if I set a specific user to have permissions
on the admin servlets WLS says during startup that "Principal 'blablabla' does not exist in properties file".
Of course not, I'm using the Unix realm...
--Sven
Don Adams wrote:
I am trying to configure Weblogic 5.1.0, SP8, to use the Unix security Realm. I have
followed the installation and configuration directions, but when I try to test by
bringing up the AdminRealm servlet, it asks me for a userid & password 3 times (which
isn't mentioned in the directions), then gives me this error: "Supplied credentials
don't grant adequate privileges". I've tried signing on with several different accounts,
all the way up to 'root', all with the same results. What is it after and why isn't
even 'root' good enough? I've looked at the debug tracings from setting weblogic.security.realm.debug=true,
but everything seems to hit 'POS' except that it doesn't find the weblogic.url file
(whatever that is).
TIA for any assistance.
Don -
Hi,
has anyone implemented a custom realm using LDAP? I was suprised to learn that
ACLs are not supported in the LDAPRealm. Our corporate direction is to have a
central LDAP security store - including ACLs. Unfortunately the LDAP server is
MS SiteServer! Anyway, I assume this means I need to implement a custom realm
- unless there is an alternative.
-chrisYou are correct - you'll need to write a custom
realm to do this.
-Tom
"Chris Jones" <[email protected]> wrote:
>
Hi,
has anyone implemented a custom realm using LDAP? I was suprised to
learn that
ACLs are not supported in the LDAPRealm. Our corporate direction is
to have a
central LDAP security store - including ACLs. Unfortunately the LDAP
server is
MS SiteServer! Anyway, I assume this means I need to implement a custom
realm
- unless there is an alternative.
-chris -
Using Weblogic 7.0 I have an LDAP security realm setup with the LDAP URL admins
user name and password. I want to be able to interface this connection to access
the LDAP and make changes to user information within in the ldap. Right now in
my code I make a connection to the LDAP and supply the same user name and password
set up in the LDAP security realm. I want to be able to rather then re-supply
the URL and user name and password in my code I want to be able to just get that
(or create a connection simil;ar to a jdbc connection pool) connection to the
LDAP that configured in the Security Realm. Is this possible? And how would I
go about it if so?
Thanks
Sjbthe LDAPConnection pool which is used WLS Realm is not accessible to public
for programming.
thanks
kiran
"Sjb" <[email protected]> wrote in message
news:3f5744c1$[email protected]..
>
Using Weblogic 7.0 I have an LDAP security realm setup with the LDAP URLadmins
user name and password. I want to be able to interface this connection toaccess
the LDAP and make changes to user information within in the ldap. Rightnow in
my code I make a connection to the LDAP and supply the same user name andpassword
set up in the LDAP security realm. I want to be able to rather thenre-supply
the URL and user name and password in my code I want to be able to justget that
(or create a connection simil;ar to a jdbc connection pool) connection tothe
LDAP that configured in the Security Realm. Is this possible? And howwould I
go about it if so?
Thanks
Sjb -
Weblogic ldap security realm source code..
Hi,
The LDAPv2 security realm that is provided with weblogic 6.1 is great but I
need to make several extensions to allow for the way our ldap tree is
structured. Is there any chance that I can get the source code from weblogic
so that I can extend it ?
thx,
BWhat's the use of following if BEA start sending the code to the end users
* @author Copyright (c) 1998 by WebLogic, Inc. All Rights Reserved.
* @author Copyright (c) 1998-2001 by BEA Systems, Inc. All Rights Reserved.
-utpal
"Bidisha Das" <[email protected]> wrote in message
news:[email protected]..
Hi,
The LDAPv2 security realm that is provided with weblogic 6.1 is great butI
need to make several extensions to allow for the way our ldap tree is
structured. Is there any chance that I can get the source code fromweblogic
so that I can extend it ?
thx,
B -
Using RDBMS Security Realm in production?
Hi,
In the BEA documentation it is stated that 'The RDBMS Security Realm is an
example and is not ment to be used in a production environment.'
However, of the Realms that are available this one seems to be best suited
for our needs, so I'm wondering if there is any specific reason why this
Realm should not be used in production. Has anyone had any experience using
it in a live environment?
I would be thankful for any information on this.
/Mattias ArthurssonHi.
Try posting this on the security newsgroup.
Regards,
Michael
Mattias Arthursson wrote:
Hi,
In the BEA documentation it is stated that 'The RDBMS Security Realm is an
example and is not ment to be used in a production environment.'
However, of the Realms that are available this one seems to be best suited
for our needs, so I'm wondering if there is any specific reason why this
Realm should not be used in production. Has anyone had any experience using
it in a live environment?
I would be thankful for any information on this.
/Mattias Arthursson--
Michael Young
Developer Relations Engineer
BEA Support
Maybe you are looking for
-
Total in REUSE_ALV_BLOCK_LIST_HS_APPEND
hi, i am using "REUSE_ALV_BLOCK_LIST_HS_APPEND" to display alv in hierarchy. i have some 5 columns to display, i need to have total for all these 5 columns at the end and text for it as "TOTAL". i have used DO_SUM in fieldcat and declared layout to d
-
The motherboard went out on my Laptop 10/20/10. A CD was made of from the Hard Drive of the Firefox Bookmarks on the old laptop. (Windows XP). New Windows 7 laptop purchased. I imported the bookmarks from the CD to Firefox on January 13, 2011. Howeve
-
BIOS L755-Beware of Toshiba Fix
I received an automatic update (below) from Toshiba, and when I accepted it, it killed my computer. Now, when turned on, it whirs and whirs, but nothing comes up on the screen. Spoke to Tech Support, and was told the laptop will have to be sent in
-
How do i edit aol e-mails while in firefox?
nothing comes up when i'm in aol e-mail that will allow me to edit e-mails received before forwarding same. Suggestions? Thanks ljmsj
-
how do i after editing my photos can i then add them to a disk or save them on my computer in c drive. i am using the trial version and have edited my photos but it keeps telling me when i try to export them that the original file cannot be found? p