Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

How can I configure iPlanet LDAP5.1 wiht WLS7.0

0 views
Skip to first unread message

ting

unread,
Jul 27, 2002, 1:05:10 PM7/27/02
to

I got a problems about access denied...
I think it may be occur from user/password(weblogic/weblogic) that I try to connect
to LDAP .. I doesn't work..
I would to know how can I add new user(weblogic) in LDAP and act as Administrator....

Eric Ma

unread,
Aug 12, 2002, 5:15:19 PM8/12/02
to

Jerry:

After you have set up the iPlanet LDAP authenticator, are you able to see all
users defined in LDAP? For some reason I am not able to do so, leading me to
doubt whether I have set up the thing properly. Thanks for any insight.

Eric Ma


Jerry <nos...@youwish.com> wrote:
>Hi Ting
>
>Steps to set up WLS 7.0 with external LDAP provider: (example is for
>iplanet but this
>will work for any other Ldap server too)
>
>I. create a new domain /mydomain
>II. start server
>III. open WebLogic console in a browser
>IV. in left frame, go to security->realms->myrealm->providers->AuthenticationProviders
>and click
>V. in right frame, click on “Configure a new iPlanet Authenticator”
>VI. In the new screen, under General, make sure the Control Flag is set
>to Required,
>select a name for this authenticator, and click Create.
>VII. Select iPlanet LDAP tab and fill in values for Host, Port, Principal
>where these
>values reflect the settings for your LDAP server. (Note: the default
>principal for an
>iPlanet LDAP server is uid=admin, ou=Administrators, ou=TopologyManagement,
>o=NetscapeRoot). Click Apply.
>VIII. Click on Credential: Change. At the new screen, enter the credential
>associated
>with the Principal that you entered in step VII in both boxes. This
>will be the password
>that is used to do a bind to your LDAP server with the principal. Click
>Apply.
>IX. Select Users tab and make sure these properties accurately reflect
>the structure of
>your LDAP server. Most of the time the only property that needs to be
>changed is the
>User Base DN property, from ou=people,o=example.com to ou=people,o=myCompany.com.
> Click
>Apply.
>X. Select Groups tab and make sure these properties accurately reflect
>the structure of
>your LDAP server. Most of the time the only property that needs to be
>changed is the
>Groups Base DN property, from ou=people,o=example.com to ou=groups,o=myCompany.com.
>Click Apply.
>XI. Now, the boot identity of your server absolutely must be a user that
>exists on your
>LDAP server. You must also have an “Administrators” group on your LDAP
>server, and the
>boot identity must be a user that exists in this “Administrators” group,
>or the server
>will not start. So open your LDAP console (this will be a console that
>is specific to
>the LDAP server you are using) and use the management tools to create
>the
>“Administrators” group and a user that you place in the “Administrators”
>group that is
>the boot identity that you use to start WebLogic.
>XII. Make these changes and restart the server.
>XIII. You can verify that the LDAP setup is correct by doing a thread
>dump. You should
>see a thread like:
>
>
>
>“LDAPConnThread localhost:389" daemon prio=5 tid=0x8d9b308 nid=0x8f8
>runnable
>[0x9e2f000..0x9e2fdbc]
> at java.net.SocketInputStream.socketRead(Native Method)
> at java.net.SocketInputStream.read(SocketInputStream.java:86)
> at java.io.BufferedInputStream.fill(BufferedInputStream.java:186)
> at java.io.BufferedInputStream.read(BufferedInputStream.java:204)
> - locked <3281d98> (a java.io.BufferedInputStream)
> at netscape.ldap.ber.stream.BERElement.getElement(BERElement.java:101)
> at netscape.ldap.LDAPConnThread.run(LDAPConnThread.java:420)
>
> where “localhost:389” is the server name and port of
>your LDAP server.
>This means that your Authenticator has been set up correctly.
>
>XIV. Now you can delete your default authenticator. Open the WebLogic
>console and go to
>security->realms->myrealm->providers->AuthenticationProviders in the
>left frame, and
>click
>XV. In the right frame, look for DefaultAuthenticator and click on the
>trash can to the
>far right. Say “Yes” when it asks if you are sure, then click Continue.
>XVI. Restart the WebLogic server. If the server boots correctly, you’re
>done.
>Everything is working correctly.
>
>
>Hope this helps
>Joe Jerry

j

unread,
Jan 16, 2003, 4:59:19 PM1/16/03
to
Hi Eric,

Even after you have your iPlanet LDAP authenticator set up, you will not see users/groups
listed in the console. Console does not currently list users/groups for your external ldap
provider.

You could test by writing a simple web app that has security on some resource, so that only
a user that exists in your ldap realm has permission

Joe Jerry

0 new messages