My new Active Directory Provider is not Working!

When you create LDAP providers, an easy way to verify they are working fine is by verifying in WebLogic console, you can see the users listed.

After added Active Directory Provider, Users and Groups are listed in Admin Console:

Security Realms -> My Realm -> Users and Groups.


When attempting to login to an application that is using the users, the login is being denied, and you might not see any clues in weblogic server logs.

If you enable Atn debug, the following is observed in server log:

<Debug> <SecurityAtn> <MyDomain> <AdminServer> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)' for workmanager: consoleapp@null@consoleWorkManager> <<WLS Kernel>> <> <593625378f0917fe:-23dcaa48:143ea3e7180:-8000-0000000000000400> <1391205135889> <BEA-000000> <weblogic.security.service.internal.WLSJAASLoginServiceImpl$ServiceImpl.authenticate authenticate failed for user MyUser>


This can occur when  default authenticator is selected as REQUIRED  by default. So the login process is denied by the default authenticator due to it is not aware of users in Active Directory.

So, to fix the issue

1. Go to Admin Console > Security Realms > <Your Realm> >Providers.
2. Make Active Directory provider is in the top of the list and set Control Flag SUFFICIENT.
3. Make default authenticator Control Flag is set to OPTIONAL.

You can read more in this My Oracle Support document:

How to Configure Active Directory as the LDAP Provider for WebLogic Server (Doc ID 1299072.1)

Enjoy!

Comments:

Post a Comment:
  • HTML Syntax: NOT allowed
About


My name is Luz Mestre. I work as Principal Technical Support Engineer at Oracle Support. I'll post here the most interesting challenges I have in my daily work. The views expressed on this blog are my own and do not necessarily reflect the views of Oracle.

Search

Categories
Archives
« July 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
  
       
Today