WebLogic LDAP Integration(Oracle Unified Directory)

011817_0226_WebLogicLDA1 WebLogic LDAP Integration ( Oracle Unified Directory )

WebLogic supports Default Authenticator by default for authentication. The default authenticator is an embedded LDAP server and simple to use. The username/password and Groups can be added directly inside the WebLogic console. But what if the number of WebLogic users are increasing or user accessing an application that running on WebLogic are increasing.

Also if an organization maintains the user details in an LDAP directory and duplicating the same users in WebLogic is a time-consuming and maintanance task. When the user relieves from the Organization then it gets deleted from the LDAP server but the user must be deleted from the WebLogic server manually. It is a double task to WebLogic admin.WebLogic LDAP Integration is a good solution if you are facing any of the above issues. The main purpose is we don’t need to maintain an additional LDAP server for WebLogic authentication.

As shown in the below image, WebLogic supports many authentication providers. In this section, I explained how to integrate  WebLogic with Oracle Unified Directory, a directory server.

011817_0226_WebLogicLDA2 WebLogic LDAP Integration ( Oracle Unified Directory )

Note: WebLogic required a username and password to login. The user belongs to a group ‘Administrator’ to do admin works.

Software’s Used

WebLogic 12.2.1

Oracle Unified Directory 11.1.2.3

Integrate WebLogic with Oracle Unified Directory:

1. Make sure you have Users & Groups present in the LDAP server. The below image is taken from an LDAP browser (ODSM). These shows a list of users under an Organization Unit called MyOrg and a group under an Organization Unit called MyGroup. The users ‘govindan’ & ‘pgn’ are members of Group ‘Administrator.’

I made these group as the STATIC LDAP group. Please look at following link about how these hierarchical structures were made in  LDAP. Also note the CN, OU, UID and Object Class of each entry in this link

How to add USER, Group, and Organization Unit in an LDAP server using ODSM

011817_0226_WebLogicLDA3 WebLogic LDAP Integration ( Oracle Unified Directory )

Lets gets started WebLogic LDAP Integration., 🙂 

 

2. Login into WebLogic Console. For example, http://localhost:7001/console

011817_0226_WebLogicLDA4 WebLogic LDAP Integration ( Oracle Unified Directory )

 

3. Click on the Security Reals and select MyRealm

011817_0226_WebLogicLDA5 WebLogic LDAP Integration ( Oracle Unified Directory )

 

4. Click on the Providers tab. Click the button New

 

011817_0226_WebLogicLDA6 WebLogic LDAP Integration ( Oracle Unified Directory )

 

5. Input a Name and select the Type as OracleUnifiedDirectoryAuthenticator. Choose the LDAP type corresponding to your LDAP Server

011817_0226_WebLogicLDA7 WebLogic LDAP Integration ( Oracle Unified Directory )

 

6. Click on the LDAP we just created

011817_0226_WebLogicLDA8 WebLogic LDAP Integration ( Oracle Unified Directory )

 

7. Change the Control Flag to Sufficient. Click on the link More Info next to the drop down to know about each Control Flag value

011817_0226_WebLogicLDA9 WebLogic LDAP Integration ( Oracle Unified Directory )

 

8. Click on the Provider Specific tab and input the LDAP Details. Click the Save button once done. You will see the successful green color text appears on the top of the page.

I have created a static Group, so I used Static groups here. Change the setting according to your setup. How I created these users and static Group in LDAP

 

Host: localhost (LDAP Server Host Name)

Port: Port (LDAP Server Port Number)

Principal: cn=Directory Manager

Credential: Password

USERS

User Base DN: ou=MyOrg,dc=catgovind,dc=com

All Users Filter: (objectclass=*)

Users from Name Filter: (objectclass=*)

User Name Attribute: uid

User Object Class: MyOrg

Groups

Group Base DN: ou=MyGroup,dc=catgovind,dc=com

Group From Name Filter: (objectclass=*)

Group From Name Filter: (objectclass=groupOfNames)

Static Groups

Static Group Name Attribute: cn

Static Group Object Class: groupOfNames

Static Member DN Attribute: uniquemember

Static Group DNs from Member DN Filter: (objectclass=groupOfNames)

 

011817_0226_WebLogicLDA10 WebLogic LDAP Integration ( Oracle Unified Directory )

 

9. Reorder the Provider: Click on the Security Realms >> MYRealm >> Providers >> Authentication >> Click on the button ReOrder

 

011817_0226_WebLogicLDA11 WebLogic LDAP Integration ( Oracle Unified Directory )

 

10. Select the LDAP we just created >> Move it to first >> Click Ok

 

011817_0226_WebLogicLDA12 WebLogic LDAP Integration ( Oracle Unified Directory )

 

9. Restart the WebLogic Server and Login into WebLogic >>Security Realms >> MyRealm >> User and Groups >> Users. The users ‘govindan’ and ‘pgn’ came from LDAP. Also, notice the Description, provider, and Group. All of them come from LDAP.

011817_0226_WebLogicLDA13 WebLogic LDAP Integration ( Oracle Unified Directory )

 That’s it. The WebLogic LDAP integration is done now.

Test the WebLogic with an LDAP user 

10. Logout the WebLogic and Login as an LDAP user

011817_0226_WebLogicLDA14 WebLogic LDAP Integration ( Oracle Unified Directory )

 

11. The user ‘govindan’ belongs to Administrator group so he could do admin work in WebLogic

011817_0226_WebLogicLDA15 WebLogic LDAP Integration ( Oracle Unified Directory )

govindan WebLogic LDAP Integration ( Oracle Unified Directory )
Connect me

Govind

Thank you for visiting my personal blog. Myself Govindan, Software Developer by profession since 2006 and hence I started this blog early in 2016 and ever since I've been writing about technologies experienced and learnings of everyday life.

The views expressed on this blog are my personal views and do not necessarily reflect the views of my employer.

Please feeling free to reach me on any comments and feedbacks you have. Would be more than glad to listen and reply 🙂
govindan WebLogic LDAP Integration ( Oracle Unified Directory )
Connect me
Like us on Facebook.
Connect!