dinsdag 29 mei 2012

Implementing the OpenLDAP Authenticator


In an older blog post I explained the steps you'll have to execute to implement the SQL Authenticator.
In this article, I will explain you how to implement an OpenLDAP authenticator.
You can download the sources here.
Architecture of my setup:
* First Oracle Linux 5 server machine with the Open LDAP setup:
suffix          "dc=mycompany,dc=com"
rootdn        "cn=manager,dc=mycompany,dc=com"
rootpw       <<Your_Encrypted_Password>>
* Second Oracle Linux 5 server machine with WebLogic Server 11g with a basic domain.

(1)
To populate the LDAP tree, you can use the attached ldif file (fill_openldap_full.ldif):
ldapadd -f fill_openldap_full.ldif -xv -D "cn=manager,dc=mycompany,dc=com" -w <<Your_Password>>
Result of this operation:
* 4 users (organizational unit = people): bill, harry, kelly and stuart.
* 2 groups (organizational unit = groups): java_dev (with members kelly and stuart) and wls_admin (with members bill, harry and stuart)





(2)
Create the OpenLDAP Authenticator.




(3)
Fill in the "Provider Specific" tab page with the following data:
Host                                                             myOpenLDAPServer
Port                                                              389
Principal                                                       cn=manager,dc=mycompany,dc=com
User Base DN                                              ou=people,dc=mycompany,dc=com
User From Name Filter                                 (&(cn=%u)(objectclass=person))
User Name Attribute                                     cn
User Object Class                                         person
Group Base DN                                            ou=groups,dc=mycompany,dc=com
Group From Name Filter                               (&(cn=%g)(objectclass=groupofnames))
Static Group Name Attribute                         cn
Static Group Object Class                             groupofnames
Static Member DN Attribute                         member
Static Group DNs from Member DN Filter    (&(member=%M)(objectclass=groupofnames))


(4)
Set the Control Flag for the default authenticator to OPTIONAL.




(5)
Restart the servers within your domain and verify afterwards if you see the OpenLDAP users and groups in the console.





(6)
Deploy the file openldap_scrty.war into your WLS domain and verify that only the users who belong to the group wls_admin can successfully access the application.

33 opmerkingen:

  1. Hi this is abinaya I find it interesting that for environments

    running multiple service domains you do not include some

    recommendations for guest console service.

    Let me explain; only the control domain can (as for other LDom

    configuration actions) change the console definition for a guest

    domain. It is possible to configure the (second) service domain

    to run a VCC service and therefore serve the console sessions

    for all the guests from that service domain.Oracle Training in Chennai

    website where someone please help me to identity the syllabus

    covers everything or not??

    Thanks, abinaya

    BeantwoordenVerwijderen
  2. Hi this is abinaya I find it interesting that for environments

    running multiple service domains you do not include some

    recommendations for guest console service.

    Let me explain; only the control domain can (as for other LDom

    configuration actions) change the console definition for a guest

    domain. It is possible to configure the (second) service domain

    to run a VCC service and therefore serve the console sessions

    for all the guests from that service domain. oracle training

    chennai
    website where someone please help me to identity

    the syllabus covers everything or not??

    Thanks, abinaya

    BeantwoordenVerwijderen
  3. Oracle Training

    The information you posted here is useful to make my career better keep updates..If anyone want to become an oracle certified professional reach FITA Oracle Training Center in Chennai, which offers Best Oracle Course in Chennai with years of experienced professionals.

    BeantwoordenVerwijderen
  4. Hi, I am Emi lives in Chennai. I am technology freak. I did Android mobile application development course in Chennai at reputed training institutes, this is very usful for me to make a bright carrer in IT industry. So If you looking for best Android Training Institute in Chennai please visit fita academy which offers real time Android Training in Chennai at reasonable cost.

    BeantwoordenVerwijderen
  5. Your posts is really helpful for me.Thanks for your wonderful post. I am very happy to read your post.
    PHP Training in chennai | PHP Training chennai | PHP course in chennai | PHP course chennai

    BeantwoordenVerwijderen
  6. Hi Admin,
    This information is impressive; I am inspired with your post writing style & how continuously you describe this topic. After reading your post, thanks for taking the time to discuss this, I feel happy about it and I love learning more about this topic.s
    Regards,
    sas training chennai|sas institutes in Chennai|sas training institutes in Chennai

    BeantwoordenVerwijderen
  7. Hello,
    I really enjoyed while reading your article, the information you have mentioned in this post was damn good. Keep sharing your blog with updated and useful information.
    Regards,
    Informatica training in chennai|Best Informatica Training In Chennai|Informatica training center in Chennai

    BeantwoordenVerwijderen
  8. I really enjoyed while reading your article, the information you have mentioned in this post was damn good. Keep sharing your blog with updated and useful information.
    Regards,
    Oracle Course in Chennai|Oracle DBA Training in Chennai

    BeantwoordenVerwijderen
  9. I am happy to find this post Very useful for me, as it contains lot of information

    ahmedabadclassifieds
    Article submission sites

    BeantwoordenVerwijderen
  10. Very Interesting content which helps me to get the indepth knowledge about Oracle Server technology. To know more details about the Machine Learning Training visit SLA.

    BeantwoordenVerwijderen
  11. Hey, would you mind if I share your blog with my twitter group? There’s a lot of folks that I think would enjoy your content. Please let me know. Thank you.
    seo training institute in chennai | seo course in chennai

    BeantwoordenVerwijderen
  12. Thanks for sharing your innovative ideas with our vision. I have read your blog and I gathered some new information through your blog. Your blog is really very informative and unique. Keep posting like this. Awaiting your further update. If you are looking for any Data Science related information, please visit our website Data science training institute in bangalore

    BeantwoordenVerwijderen
  13. Very impressive and informative data,
    Thanks for sharing with us,
    We are again come on your website,
    Thanks and good day,
    Please visit our site,
    buylogo

    BeantwoordenVerwijderen
  14. Usually I never comment on blogs but your article is so convincing that I never stop myself to say something about it. You’re doing a great job,Keep it up.

    Try Our Husband And Wife Disputes Services In Toronto Services and Get All the benefits of it in your life, we make All your Personal problems solved in just minutes.

    BeantwoordenVerwijderen
  15. Vitamins and Natural Supplements could be one aspect of the arrangement to help your heart wellbeing. There's not an alternative for getting the vitamins and minerals your body needs from healthy food, similar to vegetables, Fruits, and entire grains. However, in case you're eating well and still short on specific supplements, a few enhancements may help. Natural Treatment for Atrial Fibrillation is beneficial for begin taking anything new, to ensure you don't cause issues with your medicine. Natural Treatment helps to provide a lot of supplements for Atrial Fibrillation.

    BeantwoordenVerwijderen
  16. I find this post very accurate and informative. One topic that always interests me is Web Hosting in Lahore. So when I came across this post, I was excited to find out more about it and I am glad I did.

    BeantwoordenVerwijderen
  17. Buy Herbal Product for Benign Essential Tremor to treat the voice, head, jaw, lips, and face. Herbal Supplement really takes hold and treats the condition naturally.

    BeantwoordenVerwijderen
  18. Are you looking for Big Data training in Chennai with placement opportunities? Then we, Infycle Technologies are with you to make your dream into reality. Infycle Technologies is one of the best Big Data Training Institute in Chennai, which offers various programs along with Big Data such as Oracle, Java, AWS, Hadoop, etc., in complete hands-on practical training with trainers, those are specialists in the field. In addition to the training, the mock interviews will be arranged for the candidates, so that they can face the interviews with the best knowledge. Of all that, 100% placement assurance will be given here. To have the words above in the real world, call 7502633633 to Infycle Technologies and grab a free demo to know more.

    BEST TRAINING IN CHENNAI

    BeantwoordenVerwijderen
  19. Finish the Selenium Training in Chennai from Infycle Technologies, No.1 software training institute in Chennai which is providing professional courses for students, freshers, experienced, and tech professionals. We provide courses like DevOps, Artificial Intelligence, Cyber Security, Python, Oracle, Java, Power BI, Digital Marketing, Data Science, etc. with the best trainers receiving amazing training for the best career. For more details and demo classes call 7504633633.

    BeantwoordenVerwijderen