• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

weblogic8.1 with open LDAP authentication

 
Ranch Hand
Posts: 40
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,
I am using weblogic 8.1 portal server.I have configured it with open LDAP server for authenticating users.
I can do authentication for my portal application of the users through embeded (internal) LDAP but we need to authenticate users from open LDAP also.I need help regarding that only.
There are some users in embeded LDAP and some in open LDAP.all of the users should get authenticated with the weblogic .
I can see the users in open LDAP thru the security realm in my weblogic server but cann't use them for authentication.

any help will be regarded with high spirits.
 
Bartender
Posts: 9626
16
Mac OS X Linux Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I haven't done this, but it is on my to-do list. I believe one has to set the Control Flag of the Authenticator Provider to "SUFFICIENT" for both realms.
Configuring Security Providers
 
Soumik Basu
Ranch Hand
Posts: 40
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
It will be great if you can just try the settings at your place once as I have tried with many permutations and combination at my place and I know I must be missing somewhere and hene I couldnot get the desired result.
Looking forward for your reply.
 
Soumik Basu
Ranch Hand
Posts: 40
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I even tried with setting both the flags as 'sufficient',yet i cannot authenticate the users in my open LDAP.
 
Joe Ess
Bartender
Posts: 9626
16
Mac OS X Linux Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I got it to work. I have a single realm with two Authenticators: a DefaultAuthenticator for the embedded LDAP and a SunOneAuthenticator for my external LDAP (We use SunOne which is Sun's branded version of OpenLDAP). Each Authenticator is set to "SUFFICIENT". The provider-specific set-up of the Authenticator is non-trivial and probably differs between our directories. Do you have an LDAP admin who can help you out with the configuration?
 
Soumik Basu
Ranch Hand
Posts: 40
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Please find my LDIF file below and let me know if I there is anything wrong in it.



otherwise I have done as per your guidance with JAAS control flag as "sufficient" an all.
waiting for your valuable guidance.
 
Joe Ess
Bartender
Posts: 9626
16
Mac OS X Linux Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Soumik Basu:
Please find my LDIF file below and let me know if I there is anything wrong in it.



If your LDAP server is fine with it, I am.
Can you see the users from OpenLDAP in the weblogic console realm user browser? If not, the OpenLDAP Authenticator isn't configured correctly and that's the source of your problem.
 
Soumik Basu
Ranch Hand
Posts: 40
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I can see my Open LDAP users through my weblogic security realm.But I am unable to authenticate users to log in to my application.
 
Joe Ess
Bartender
Posts: 9626
16
Mac OS X Linux Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The only thing I can think of is the users in your OpenLDAP don't have the groups that you declared in your security constraints.
 
Soumik Basu
Ranch Hand
Posts: 40
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I am very new to Open LDAP so can you please tell me how to put groups in security constraints as mentioned by you.
Is it possible for you to share your contact number,with your convinient time, such that I can call you up and resolve this issue at the earliest.
[ October 29, 2008: Message edited by: Soumik Basu ]
 
Joe Ess
Bartender
Posts: 9626
16
Mac OS X Linux Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'm not going to call you directly for the reasons stated here, and I suggest you remove your phone number immediately unless you want calls from unscrupulous individuals. You can edit your post by clicking on the icon above your post.
Security constraints are declared in your web applications web.xml file. You should have a <security-constraint> block. Within that block will be a <auth-constraint> block. Within that block are <role-name>. The name in that tag should correspond to the group name assigned to a user in LDAP. If the user isn't a member of that group, they can't log in.
You can have multiple <security-constraint> blocks to restrict different parts of your application to different users/groups.
 
Soumik Basu
Ranch Hand
Posts: 40
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Joe,
Thanks for your help and guidance.I had finally configured and authenticated my weblogic portal with open LDAP.
ther was problem in my open LDAP server only.There was some issues with rights .....i had to modify my slapd.conf file to get the output.
Thanks again buddy!!!
 
Joe Ess
Bartender
Posts: 9626
16
Mac OS X Linux Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
 
I RELEASE YOU! (for now .... ) Feel free to peruse this tiny ad:
a bit of art, as a gift, that will fit in a stocking
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic