aspose file tools*
The moose likes BEA/Weblogic and the fly likes weblogic8.1 with open LDAP authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » BEA/Weblogic
Bookmark "weblogic8.1 with open LDAP authentication" Watch "weblogic8.1 with open LDAP authentication" New topic
Author

weblogic8.1 with open LDAP authentication

Soumik Basu
Ranch Hand

Joined: Oct 01, 2007
Posts: 40
Hi,
I am using weblogic 8.1 portal server.I have configured it with open LDAP server for authenticating users.
I can do authentication for my portal application of the users through embeded (internal) LDAP but we need to authenticate users from open LDAP also.I need help regarding that only.
There are some users in embeded LDAP and some in open LDAP.all of the users should get authenticated with the weblogic .
I can see the users in open LDAP thru the security realm in my weblogic server but cann't use them for authentication.

any help will be regarded with high spirits.
Joe Ess
Bartender

Joined: Oct 29, 2001
Posts: 8964
    
    9

I haven't done this, but it is on my to-do list. I believe one has to set the Control Flag of the Authenticator Provider to "SUFFICIENT" for both realms.
Configuring Security Providers


[How To Ask Questions On JavaRanch]
Soumik Basu
Ranch Hand

Joined: Oct 01, 2007
Posts: 40
It will be great if you can just try the settings at your place once as I have tried with many permutations and combination at my place and I know I must be missing somewhere and hene I couldnot get the desired result.
Looking forward for your reply.
Soumik Basu
Ranch Hand

Joined: Oct 01, 2007
Posts: 40
I even tried with setting both the flags as 'sufficient',yet i cannot authenticate the users in my open LDAP.
Joe Ess
Bartender

Joined: Oct 29, 2001
Posts: 8964
    
    9

I got it to work. I have a single realm with two Authenticators: a DefaultAuthenticator for the embedded LDAP and a SunOneAuthenticator for my external LDAP (We use SunOne which is Sun's branded version of OpenLDAP). Each Authenticator is set to "SUFFICIENT". The provider-specific set-up of the Authenticator is non-trivial and probably differs between our directories. Do you have an LDAP admin who can help you out with the configuration?
Soumik Basu
Ranch Hand

Joined: Oct 01, 2007
Posts: 40
Please find my LDIF file below and let me know if I there is anything wrong in it.



otherwise I have done as per your guidance with JAAS control flag as "sufficient" an all.
waiting for your valuable guidance.
Joe Ess
Bartender

Joined: Oct 29, 2001
Posts: 8964
    
    9

Originally posted by Soumik Basu:
Please find my LDIF file below and let me know if I there is anything wrong in it.


If your LDAP server is fine with it, I am.
Can you see the users from OpenLDAP in the weblogic console realm user browser? If not, the OpenLDAP Authenticator isn't configured correctly and that's the source of your problem.
Soumik Basu
Ranch Hand

Joined: Oct 01, 2007
Posts: 40
I can see my Open LDAP users through my weblogic security realm.But I am unable to authenticate users to log in to my application.
Joe Ess
Bartender

Joined: Oct 29, 2001
Posts: 8964
    
    9

The only thing I can think of is the users in your OpenLDAP don't have the groups that you declared in your security constraints.
Soumik Basu
Ranch Hand

Joined: Oct 01, 2007
Posts: 40
I am very new to Open LDAP so can you please tell me how to put groups in security constraints as mentioned by you.
Is it possible for you to share your contact number,with your convinient time, such that I can call you up and resolve this issue at the earliest.
[ October 29, 2008: Message edited by: Soumik Basu ]
Joe Ess
Bartender

Joined: Oct 29, 2001
Posts: 8964
    
    9

I'm not going to call you directly for the reasons stated here, and I suggest you remove your phone number immediately unless you want calls from unscrupulous individuals. You can edit your post by clicking on the icon above your post.
Security constraints are declared in your web applications web.xml file. You should have a <security-constraint> block. Within that block will be a <auth-constraint> block. Within that block are <role-name>. The name in that tag should correspond to the group name assigned to a user in LDAP. If the user isn't a member of that group, they can't log in.
You can have multiple <security-constraint> blocks to restrict different parts of your application to different users/groups.
Soumik Basu
Ranch Hand

Joined: Oct 01, 2007
Posts: 40
Joe,
Thanks for your help and guidance.I had finally configured and authenticated my weblogic portal with open LDAP.
ther was problem in my open LDAP server only.There was some issues with rights .....i had to modify my slapd.conf file to get the output.
Thanks again buddy!!!
Joe Ess
Bartender

Joined: Oct 29, 2001
Posts: 8964
    
    9

 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: weblogic8.1 with open LDAP authentication