aspose file tools*
The moose likes BEA/Weblogic and the fly likes what's LDAP server Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » BEA/Weblogic
Bookmark "what Watch "what New topic
Author

what's LDAP server

ben oliver
Ranch Hand

Joined: Mar 28, 2006
Posts: 375
I installed a Weblogic, when I configure it, I saw something called "LDAP server" part. what is exactly LDAP server ?
Deepak Bala
Bartender

Joined: Feb 24, 2006
Posts: 6661
    
    5

Try googling it. There is a lot of information out there

http://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol


SCJP 6 articles - SCJP 5/6 mock exams - More SCJP Mocks
ben oliver
Ranch Hand

Joined: Mar 28, 2006
Posts: 375
I read some LDAP and BEA weblogic configuration. I have a fundamental question ---- suppose I use embedded LDAP as repository to store user/pwd for authentication purpose. What is this authentication for ?

1. Is it for web applications deployed on the weblogic server ? If so, then I think we need to configure the web.xml file to set roles, security-constraints, etc, why use LDAP ?

2. is it for login to weblogic console ?

no idea what this authentication is exactly for ?
Deepak Bala
Bartender

Joined: Feb 24, 2006
Posts: 6661
    
    5

ben oliver wrote:I read some LDAP and BEA weblogic configuration. I have a fundamental question ---- suppose I use embedded LDAP as repository to store user/pwd for authentication purpose. What is this authentication for ?

1. Is it for web applications deployed on the weblogic server ? If so, then I think we need to configure the web.xml file to set roles, security-constraints, etc, why use LDAP ?

2. is it for login to weblogic console ?

no idea what this authentication is exactly for ?


Ah ! so we are talking about the embedded LDAP here. The embedded LDAP can be used for various purposes. Weblogic uses it to authenticate its users. You can also mention external providers through the authenticators screen in WL admin console. You can also use the embedded LDAP to add custom weblogic users. These users will belong to some group. For example, the group 'everyone' is assigned to everyone that has a user name in weblogic (including those that have been added from an external source such as a database). You can configure your apps / EJBs to allow only those users that have the 'everyone' role to access the application.

LDAP is useful when your security needs to be broken down to some sort of hierarchy. Example Organization(O)=XYZ Organization Unit(OU)=Departments OU=Marketing.
ben oliver
Ranch Hand

Joined: Mar 28, 2006
Posts: 375
Thanks Deepak, so you mentioned the LDAP is used to authenticate weblogic users. Can you first be specific about what these users are. Are they the users who will access the WL admin console, or users who access some j2ee applications deployed on WL ? I am really confused about this fundamental question. I know it is because of my weak j2ee knowledge...

second thing I am always confused is --- where does the authentication happen ? I only feel I am "authenticated" when I see some login screen asking me to enter my user id and password. is this "user id" the user you set up in LDAP ?? Then what if a j2ee app does not have any login screen but it has ejb stuff, then in this case (no login screen) what "user" are you talking about to be authenticated ? I am lost.


Finally , could you explain bit about what common mechanism an application use for those login screen ? does it use LDAP ??

Thanks.
Deepak Bala
Bartender

Joined: Feb 24, 2006
Posts: 6661
    
    5

Can you first be specific about what these users are. Are they the users who will access the WL admin console, or users who access some j2ee applications deployed on WL ?


mmm... well lets say you add a user through weblogic and provide him/her some roles. Based on these roles, the user can login to your weblogic console and also login to your app. For example, if the user has an admin role and CustomApplicationRole in weblogic, the user can login into the weblogic console and also login to your CustomApplication. Assuming that the custom application authenticates those users that are assigned the CustomApplicationRole role.

where does the authentication happen ?


Well weblogic has an admin console that you log into. The credentials are verified against LDAP when you enter the credentials. Similarly, you application can be configured to use form authentication that uses the j_security_check servlet to authenticate against the container. Weblogic will authenticate the application users against its internal Authenticators to check if they are valid users.

Finally , could you explain bit about what common mechanism an application use for those login screen ? does it use LDAP ??


An application may or may not use LDAP. An application that uses FORM based login will simply delegate the authentication task to the container. The container in turn uses LDAP to do the authentication. The application may choose to take weblogic out of the picture and contact an LDAP server directly. That is also a valid use case.
ben oliver
Ranch Hand

Joined: Mar 28, 2006
Posts: 375
so you mean the users can be both admin console and application users. Then

1) how do you tell WL server if a user is for admin console or for a application ? How do you tell WL which specific application the user is set for ??

2) suppose I set a user and role in WL (associate this user to the role). In an application's login screen I would like to create 10 users and corresponding password. According to what you said, I need to configure these 10 users via WL server console ? This doesn't make sense to me because if the server contains 10 applications, the number of users you set in console will be crazy... So how do you save the user_id and passwords for those 10 users ?

Deepak Bala
Bartender

Joined: Feb 24, 2006
Posts: 6661
    
    5

1) how do you tell WL server if a user is for admin console or for a application ? How do you tell WL which specific application the user is set for ??


By assigning roles / groups to the users. Create an application specific group for access by applications.

In an application's login screen I would like to create 10 users and corresponding password. According to what you said, I need to configure these 10 users via WL server console ?


You dont have to do anything special to set the USER id and password. If you already have an external store like an external LDAP or database that contains the user name and passwords, configure the same as a weblogic authenticator. Weblogic will read the values from this external store and maintain it in its internal LDAP.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: what's LDAP server