This discussion is archived
3 Replies Latest reply: Sep 6, 2012 7:13 AM by RaviJegga RSS

issue while integrating external LDAP with weblogic

869504 Newbie
Currently Being Moderated
Hi,
i am trying integrating external LDAP (OpenLdap) with weblogic 10.3. I created a provider and provided required credentials and able to see users and group of the LDAP into the weblogic console. I am also able to login in the weblogic console with the users available in the LDAP after assigning the admin role to the ldap group. But i when i see the user's property (by clicking on the user in the admin console) it only shows the tabs for General, Password and Group only. on the other hand if i see the users from DefaultAuthenticator, it shows the Attribute tab apart from the General, Password and Group.

Can anyone let me knwo how can we get the Attribute tab for the Ldap users.

thx,
Ajay
  • 1. Re: issue while integrating external LDAP with weblogic
    RaviJegga Expert
    Currently Being Moderated
    Hi Ajay
    By default Weblogic has READ ONLY adapters for any External Security Providers that are configured like any AD Providers. READ ONLY means, you can only read the data from the ldap but not modify it, hence may be its not showing the Attributes tag. For Default Authenticator, see the first paragraph note in Attributes tab, that says the same thing. NOW, may be WLS can atleast show Attributes in READ only format, but it needs some sort of mappings to be defined. Say on Weblogic side, we have like firstName, lastName which on any typical AD will be like sn (surname = lastname), givenname (firstname) etc etc. This mapping is tough to generalize.

    One thing for sure is, from Weblogic you cannot modify or edit any attributes for any user in external AD. If you really want to get those attributes, you may need to use some javax.ldap apis or some 3rd party ready to use tools/apis. I remember Weblogic Portal has a facility to configure a xml file that defines attributes mapping and get all attributes for any user. But again thats in Weblogic Portal product and not part of weblogic server.

    If you have any SOA Software, they have some utilities for the same.

    Thanks
    Ravi Jegga
  • 2. Re: issue while integrating external LDAP with weblogic
    869504 Newbie
    Currently Being Moderated
    thx Ravi. This is really great help and am surprise why i couldn't see those comments in the attribute tab :)

    As far as readonly Adapters is concern, i am able to change password of the ldap users through weblogic admin console which actually confuses me on this but the comment within Attribute tab can not be ignored :)

    thx once again for your help.

    Ajay
  • 3. Re: issue while integrating external LDAP with weblogic
    RaviJegga Expert
    Currently Being Moderated
    Hi Ajay
    Are you sure you were able to update the password for the Users in AD from Weblogic Admin Console ?. I kind of doubt it :). Just verify again if you don't mind. May be same user is existing in both external AD and also in your local default authenticator. I tried on my side, but never could update. Not sure if you connected to AD with full admin privileges when you give AD connection details. But still I doubt if it allows updates.

    Thanks
    Ravi Jegga

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points