X

Developer Partner Community

  • February 26, 2015

Weblogic LDAPAuthenticator configuration; the GUID Attribute by Maarten Smeets

Juergen Kress
PaaS & Middleware Partner Adoption

clip_image001LDAP servers can be configured to use as authenticator in Weblogic Server. In order to efficiently use an LDAP server, it must be possible to uniquely identify LDAP objects. GUID (global universal identifier) attributes can be used as unique identifier for an LDAP object. There are several specific and some more generic LDAP authentication providers available for Weblogic Server. The specific authentication providers have default GUID (global universal identifier) attributes (see here at ‘Use of GUID and LDAP DN Data in WebLogic Principals’). When using the generic Weblogic Server LDAPAuthenticator, there is no default GUID attribute. In order for LDAP caching to work and to allow browsing of group memberships for users, the GUID attribute needs to be defined. The entryUUID is a good candidate for this since every LDAP server should support it. See RFC 4530. Also see here.

In my example, I’ve used the user ‘maarten’ to authenticate myself with when logging into Weblogic Server. The user ‘maarten’ is member of the groups Administrators and DummyGroup. The debug information was acquired by setting the DebugSecurityAtn flag as described here. Weblogic Server 12.1.3.0.0 was used and ApacheDS 2.0.0 as LDAP server. For the configuration of ApacheDS/Weblogic Server, I’ve used the following: http://technology.amis.nl/2014/08/03/ldap-weblogic-using-apacheds-authentication-provider/.

GUID Attribute set to entryUUID

In the below example, the GUID attribute is set to ‘entryUUID’. As you can see, the GUID is correctly determined and there where no errors during authentication. Read the complete article here.

WebLogic Partner Community

For regular information become a member in the WebLogic Partner Community please visit: http://www.oracle.com/partners/goto/wls-emea ( OPN account required). If you need support with your account please contact the Oracle Partner Business Center.

Blog Twitter LinkedIn Forum Wiki

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.