![]() ![]() ![]() ![]() |
You use Oracle Internet Directory Authentication provider to access user and group information stored in the Oracle Internet Directory LDAP V3 service.
Note that each security realm must have one at least one Authentication provider configured. The Control Flag attribute determines how the LoginModule for each Authentication provider is used in the authentication process. For more information, see Set the JAAS control flag.
If the Oracle Internet Directory Authentication provider is the only Authentication provider configured in the security realm, make sure that the LDAP user who boots WebLogic Server is added to a group that is assigned to the Admin role. Otherwise, WebLogic Server cannot be booted. If the Oracle Internet Directory Authentication provider fails to connect to the LDAP server, or throws an exception, make sure the configuration settings for this provider are set correctly as described in the steps that follow. For more information about these configuration settings, see Configuring Users and Groups in the Oracle Internet Directory and Oracle Virtual Directory Authentication Providers.
To configure the Oracle Internet Directory Authentication provider:
myrealm
).
The Create a New Authentication Provider page appears.
cn=users,dc=us,dc=oracle,dc=com
.
cn
,
change that type in the settings for each of the following
attributes: All Users Filter,
User From Name Filter, and User
Name Attribute. For example, if the user name
attribute type is uid
, change All
Users Filter to
(&(uid=*)(objectclass=person))
)
.
in bold
.)
cn
, change that type in the settings for the
All Groups Filter and Group From
Name Filter attributes.
For example, if the static group name attribute is type
uid
, change All Groups
Filter to
(&(uid=*)(|(objectclass=groupofUniqueNames)(objectclass=orcldynamicgroup)))
,
and change Group From Name Filter to
(|(&(uid=%g)(objectclass=groupofUniqueNames))(&(cn=%g)(objectclass=orcldynamicgroup)))
cn
, change that type in the settings for the
All Groups Filter and Group From
Name Filter attributes.
For example, if the dynamic group name attribute is type
uid
, change All Groups
Filter to
(&(uid=*)(|(objectclass=groupofUniqueNames)(objectclass=orcldynamicgroup)))
,
and change Group From Name Filter to
(|(&(cn=%g)(objectclass=groupofUniqueNames))(&(uid=%g)(objectclass=orcldynamicgroup)))
.
groupofnames
(instead of
groupofuniquenames
), and the static member DN
attribute is of type member
(instead of
uniquemember
), change the
objectclass
element in the All Groups
Filter and Group From Name
Filter attributes.
For example, set All Groups Filter as
(&(cn=*)(|(objectclass=groupofnames)(objectclass=orcldynamicgroup)))
,
and set Group From Name Filter as
(|(&(cn=%g)(objectclass=groupofnames))(&(cn=%g)(objectclass=orcldynamicgroup)))
.
cn
, specify that type
in Static Group Name Attribute. Note that
the type you specify must be consistent with the name attribute
type specified in the All Groups Filter and
Group From Name Filter attributes.
groupofnames
, if necessary, and make sure it
matches the class name specified in the All Groups
Filter and Group From Name
Filter attributes.
groupofnames
, change Static Member DN
Attribute to member
.
![]() |