Requirements (on AD side)
Step 1: Login Weblogic Administration Console
Step 2: Create New Provider
Authentication Provider
- Name: ADAuthenticationProvider
- Type: ActiveDirectoryAuthenticator
- Control Flag: SUFFICIENT
User scope configuration
- User Base DN: Container where your users are found
- Rest of the parameters stay default
Group scope configuration
- Group Base DN: Container where your groups are found
- Your "oimusers" group must be found in this container or in the subtree
- Rest of the parameters stay default
Step 3: Restart Admin Server
Step 4: Check oimusers group
Step 5: Re order providers
Step 6: Restart Admin Server
hi,
thank you for this tutorial. works fine!
when adding more than 1000 users to that oimusers group, we get this error message in the admin server log:
------------ logfile start ------------
<BEA-240003> <Console encountered the following error java.lang.RuntimeException: netscape.ldap.LDAPException: error result (4); Sizelimit exceeded at weblogic.security.providers.authentication.LDAPAtnNameList.handleUnexpectedLDAPException(LDAPAtnNameList.java:179)
------------ logfile end ------------
I think our AD-configuration: MaxPageSize=1000 is the problem. but it is not possible to increase that pagesize. do you know a workaround for this problem?
br,
max
Hi Max,
You can use AD groups recursively, it means that any AD group can contain another AD group.
So you can add groups as a member of "oimusers".
thnx,
Arda
ok
HI,
Using ldap authentication only (disabling local), can OIM stop working password sync in target systems?
Hi Arda,
For performing this do we need to enable LDAP synchronization feature in OIM?
Thanks!