In an older blog post I explained the steps you'll have to execute to implement the SQL Authenticator.
In this article, I will explain you how to implement an OpenLDAP authenticator.
You can download the sources here.
Architecture of my setup:
* First Oracle Linux 5 server machine with the Open LDAP setup:
suffix "dc=mycompany,dc=com"
rootdn "cn=manager,dc=mycompany,dc=com"
rootpw <<Your_Encrypted_Password>>
* Second Oracle Linux 5 server machine with WebLogic Server 11g with a basic domain.
(1)
To populate the LDAP tree, you can use the attached ldif file (fill_openldap_full.ldif):
ldapadd -f fill_openldap_full.ldif -xv -D "cn=manager,dc=mycompany,dc=com" -w <<Your_Password>>
Result of this operation:
* 4 users (organizational unit = people): bill, harry, kelly and stuart.
* 2 groups (organizational unit = groups): java_dev (with members kelly and stuart) and wls_admin (with members bill, harry and stuart)
(2)
Create the OpenLDAP Authenticator.
(3)
Fill in the "Provider Specific" tab page with the following data:
Host myOpenLDAPServer
Port 389
Principal cn=manager,dc=mycompany,dc=com
User Base DN ou=people,dc=mycompany,dc=com
User From Name Filter (&(cn=%u)(objectclass=person))
User Name Attribute cn
User Object Class person
Group Base DN ou=groups,dc=mycompany,dc=com
Group From Name Filter (&(cn=%g)(objectclass=groupofnames))
Static Group Name Attribute cn
Static Group Object Class groupofnames
Static Member DN Attribute member
Static Group DNs from Member DN Filter (&(member=%M)(objectclass=groupofnames))
(4)
Set the Control Flag for the default authenticator to OPTIONAL.
(5)
Restart the servers within your domain and verify afterwards if you see the OpenLDAP users and groups in the console.
(6)
Deploy the file openldap_scrty.war into your WLS domain and verify that only the users who belong to the group wls_admin can successfully access the application.
