Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Weblogic 7.01 with Netscape LDAP

0 views
Skip to first unread message

Soojin Kim

unread,
Jan 2, 2003, 2:49:12 AM1/2/03
to
Can someone help me to configure netscape LDAP server for my weblogic
server?
I would like to integrate them so that I can setup LDAP users and
groups for the weblogic server.

1. The is the output from the startWeblogic.sh command.

[root@linux-orac jandomain]# ./startWebLogic.sh
LD_LIBRARY_PATH=/usr/local/bea/weblogic700/server/lib/linux/i686:/usr/local/bea/weblogic700/server/lib/linux/i686/oci817_8:/usr/local/bea71/weblogic700/server/lib/linux/i686:/usr/local/bea71/weblogic700/server/lib/linux/i686/oci817_8:/usr/local/bea71/weblogic700/server/lib/linux/i686:/usr/local/bea71/weblogic700/server/lib/linux/i686/oci817_8
CLASSPATH=/usr/local/bea71/jdk131_03/lib/tools.jar:/usr/local/bea71/weblogic700/server:/usr/local/bea71/weblogic700/server/lib/weblogic_sp.jar:/usr/local/bea71/weblogic700/server/lib/weblogic.jar:/usr/local/bea71/jdk131_03/lib/tools.jar:/usr/local/bea71/weblogic700/server:/usr/local/bea71/weblogic700/server/lib/weblogic_sp.jar:/usr/local/bea71/weblogic700/server/lib/weblogic.jar:/usr/local/bea/jdk
31_03/lib/tools.jar:/usr/local/bea/weblogic700/server:/usr/local/bea/weblogic700/server/lib/weblogic_sp.jar:/usr/local/bea/weblogic700/server/lib/weblogic.jar:

PATH=.:/usr/local/bea71/weblogic700/server/bin:/usr/local/bea71/jdk131_03/jre/bin:/usr/local/bea71/jdk131_03/bin:/usr/local/bea71/weblogic700/server/lib/linux:/usr/local/bea71/weblogic700/server/bin:/usr/local/bea71/jdk131_03/jre/bin:/usr/local/bea71/jdk131_03/bin:/usr/local/bea71/weblogic700/server/lib/linux:/usr/local/bea/weblogic700/server/bin:/usr/local/bea/jdk131_03/jre/bin:/usr/local/bea/jdk
31_03/bin:/usr/local/bea/weblogic700/server/lib/linux:/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin:/home/soojink/bin

***************************************************
* To start WebLogic Server, use a username and *
* password assigned to an admin-level user. For *
* server administration, use the WebLogic Server *
* console at http://<hostname>:<port>/console *
***************************************************
++ /usr/local/bea71/jdk131_03/bin/java -Xms32m -Xmx200m
-Dweblogic.security.SSL.trustedCAKeyStore=/usr/local/bea71/weblogic700/server/lib/cacerts
-classpath /usr/local/bea71/jdk131_03/lib/tools.jar:/usr/local/bea71/weblogic700/server:/usr/local/bea71/weblogic700/server/lib/weblogic_sp.jar:/usr/local/bea71/weblogic700/server/lib/weblogic.jar:/usr/local/bea71/jdk131_03/lib/tools.jar:/usr/local/bea71/weblogic700/server:/usr/local/bea71/weblogic700/server/lib/weblogic_sp.jar:/usr/local/bea71/weblogic700/server/lib/weblogic.jar:/usr/local/bea/jd
131_03/lib/tools.jar:/usr/local/bea/weblogic700/server:/usr/local/bea/weblogic700/server/lib/weblogic_sp.jar:/usr/local/bea/weblogic700/server/lib/weblogic.jar:
-Dweblogic.Name=adminserver -Dbea.home=/usr/local/bea71
-Dweblogic.management.username= -Dweblogic.management.password=
-Dweblogic.ProductionModeEnabled=
-Djava.security.policy=/usr/local/bea71/weblogic700/server/lib/weblogic.policy
weblogic.Server
<2/01/2003 15:50:20> <Info> <Security> <090065> <Getting boot identity
from user.>
Enter username to boot WebLogic server:admin
Enter password to boot WebLogic server:testabc
Starting WebLogic Server...
<2/01/2003 15:50:36> <Notice> <Management> <140005> <Loading
configuration /usr/local/bea71/user_projects/jandomain/./config.xml>
<2/01/2003 15:50:58> <Notice> <Security> <090082> <Security
initializing using realm myrealm.>
<2/01/2003 15:50:59> <Critical> <WebLogicServer> <000364> <Server
failed during initialization. Exception:java.lang.SecurityException:
Authentication for user admin denied
java.lang.SecurityException: Authentication for user admin denied
at weblogic.security.service.SecurityServiceManager.doBootAuthorization(SecurityServiceManager.java:1028)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:1166)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:697)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:589)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:277)
at weblogic.Server.main(Server.java:32)
>
<2/01/2003 15:50:59> <Emergency> <WebLogicServer> <000342> <Unable to
initialize the server: Fatal initialization exception
Throwable: java.lang.SecurityException: Authentication for user admin
denied
java.lang.SecurityException: Authentication for user admin denied
at weblogic.security.service.SecurityServiceManager.doBootAuthorization(SecurityServiceManager.java:1028)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:1166)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:697)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:589)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:277)
at weblogic.Server.main(Server.java:32)
>
***************************************************************************
The WebLogic Server did not start up properly.
Exception raised:
java.lang.SecurityException: Authentication for user admin denied
at weblogic.security.service.SecurityServiceManager.doBootAuthorization(SecurityServiceManager.java:1028)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:1166)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:697)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:589)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:277)
at weblogic.Server.main(Server.java:32)
Reason: Fatal initialization exception
Throwable: java.lang.SecurityException: Authentication for user admin
denied
java.lang.SecurityException: Authentication for user admin denied
at weblogic.security.service.SecurityServiceManager.doBootAuthorization(SecurityServiceManager.java:1028)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:1166)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:697)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:589)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:277)
at weblogic.Server.main(Server.java:32)

***************************************************************************
++ set +x

2. This the output-xml file.

<?xml version="1.0" encoding="UTF-8"?>
<MBeans>
<SetMBean DisplayName="DefaultRoleMapper"
ObjectName="Security:Name=myrealmDefaultRoleMapper"
Type="weblogic.security.providers.authorization.DefaultRoleMapper">
<Attributes Realm="Security:Name=myrealm">
<Defaulted AttributeNames="RoleDeploymentEnabled"/>
</Attributes>
</SetMBean>
<SetMBean DisplayName="DefaultCredentialMapper"
ObjectName="Security:Name=myrealmDefaultCredentialMapper"
Type="weblogic.security.providers.credentials.DefaultCredentialMapper">
<Attributes Realm="Security:Name=myrealm">
<Defaulted
AttributeNames="CredentialMappingDeploymentEnabled"/>
</Attributes>
</SetMBean>
<SetMBean DisplayName="weblogic.management.commo.CommoModelMBean"
ObjectName="Security:Name=myrealmUserLockoutManager"
Type="weblogic.management.security.authentication.UserLockoutManager">
<Attributes Realm="Security:Name=myrealm">
<Defaulted
AttributeNames="LockoutEnabled,LockoutThreshold,LockoutDuration,LockoutResetDuration,LockoutCacheSize,LockoutGCThreshold"/>
</Attributes>
</SetMBean>
<SetMBean DisplayName="DefaultAuthenticator"
ObjectName="Security:Name=myrealmDefaultAuthenticator"
Type="weblogic.security.providers.authentication.IPlanetAuthenticator">
<Attributes Credential="testabc" GroupBaseDN="o=internet"
GroupFromNameFilter="" Host="heritage"
Principal="uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot"
Realm="Security:Name=myrealm" UserBaseDN="o=internet"
UserFromNameFilter="">
<Defaulted
AttributeNames="StaticMemberDNAttribute,DynamicGroupObjectClass,DynamicGroupNameAttribute,DynamicMemberURLAttribute,UserObjectClass,UserNameAttribute,UserDynamicGroupDNAttribute,UserSearchScope,AllUsersFilter,GroupSearchScope,AllGroupsFilter,StaticGroupObjectClass,StaticGroupNameAttribute,StaticGroupDNsfromMemberDNFilter,ControlFlag,Port,SSLEnabled,CacheEnabled,CacheSize,CacheTTL,FollowReferrals,B
ndAnonymouslyOnReferrals"/>
</Attributes>
</SetMBean>
<SetMBean DisplayName="DefaultAuthorizer"
ObjectName="Security:Name=myrealmDefaultAuthorizer"
Type="weblogic.security.providers.authorization.DefaultAuthorizer">
<Attributes Realm="Security:Name=myrealm">
<Defaulted AttributeNames="PolicyDeploymentEnabled"/>
</Attributes>
</SetMBean>
<SetMBean DisplayName="myrealm" ObjectName="Security:Name=myrealm"
Type="weblogic.management.security.Realm">
<Attributes
Adjudicator="Security:Name=myrealmDefaultAdjudicator"
AuthenticationProviders="Security:Name=myrealmDefaultAuthenticator|Security:Name=myrealmDefaultIdentityAsserter"
Authorizers="Security:Name=myrealmDefaultAuthorizer"
ObjectName="Security:Name=myrealmDefaultAuthorizer"
Type="weblogic.security.providers.authorization.DefaultAuthorizer">
<Attributes Realm="Security:Name=myrealm">
<Defaulted AttributeNames="PolicyDeploymentEnabled"/>
</Attributes>
</SetMBean>
<SetMBean DisplayName="myrealm" ObjectName="Security:Name=myrealm"
Type="weblogic.management.security.Realm">
<Attributes
Adjudicator="Security:Name=myrealmDefaultAdjudicator"
AuthenticationProviders="Security:Name=myrealmDefaultAuthenticator|Security:Name=myrealmDefaultIdentityAsserter"
Authorizers="Security:Name=myrealmDefaultAuthorizer"
CredentialMappers="Security:Name=myrealmDefaultCredentialMapper"
DefaultRealm="true"
KeyStores="Security:Name=myrealmDefaultKeyStore"
RoleMappers="Security:Name=myrealmDefaultRoleMapper"
UserLockoutManager="Security:Name=myrealmUserLockoutManager">
<Defaulted
AttributeNames="Auditors,DeployRoleIgnored,UseDeprecatedWebResource,DeployPolicyIgnored,DeployCredentialMappingIgnored"/>
</Attributes>
</SetMBean>
<SetMBean DisplayName="DefaultIdentityAsserter"
ObjectName="Security:Name=myrealmDefaultIdentityAsserter"
Type="weblogic.security.providers.authentication.DefaultIdentityAsserter">
<Attributes ActiveTypes="AuthenticatedUser"
Realm="Security:Name=myrealm">
<Defaulted
AttributeNames="UserNameMapperClassName,TrustedClientPrincipals"/>
</Attributes>
</SetMBean>
<SetMBean DisplayName="DefaultKeyStore"
ObjectName="Security:Name=myrealmDefaultKeyStore"
Type="weblogic.security.providers.pk.DefaultKeyStore">
<Attributes Realm="Security:Name=myrealm">
<Defaulted
AttributeNames="PrivateKeyStoreLocation,RootCAKeyStoreLocation,PrivateKeyStorePassPhrase,RootCAKeyStorePassPhrase"/>
</Attributes>
</SetMBean>
<SetMBean DisplayName="DefaultAdjudicator"
ObjectName="Security:Name=myrealmDefaultAdjudicator"
Type="weblogic.security.providers.authorization.DefaultAdjudicator">
<Attributes Realm="Security:Name=myrealm">
<Defaulted AttributeNames="RequireUnanimousPermit"/>
</Attributes>
</SetMBean>
</MBeans>

3. This is the output of the LDAP server log file.

[02/Jan/2003:15:38:41 +0800] conn=1933 fd=63 slot=63 connection from
192.168.5.68 to 192.168.1.95
[02/Jan/2003:15:38:41 +0800] conn=1933 op=0 BIND
dn="uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot"
method=128 version=2
[02/Jan/2003:15:38:41 +0800] conn=1933 op=0 RESULT err=0 tag=97
nentries=0 etime=0
[02/Jan/2003:15:38:41 +0800] conn=1933 op=-1 fd=63 closed - B1

Thank you very much.

kirann

unread,
Jan 2, 2003, 3:04:40 PM1/2/03
to
when you configure this provider did you've "administrator" of weblogic such
as system in the netscape directory server??

thanks
kiran


"Soojin Kim" <soojin...@hotmail.com> wrote in message
news:988022a0.03010...@posting.google.com...

Soojin Kim

unread,
Jan 2, 2003, 11:04:46 PM1/2/03
to
What do you mean by that?
Thanks.

"kirann" <kir...@bea.com> wrote in message news:<3e14...@newsgroups.bea.com>...

Frank Arendt

unread,
Jan 15, 2003, 11:13:09 AM1/15/03
to

I think the question is, what you have to consider when you want to use IPlanet
as the only Authentication Provider.

1.) If you want to delete the default Authentication Proider (embeded LDAP) you
need to define your WLS Administrator in the groups "People" and "Administrators"
within the IPlanet Directory. But i think option 2 is better.

2.) You just keep the default authentication provider (embedded LDAP) to hold
the WLS administrator and use the external IPlant to hold the normal users. Set
the control flag on both authentication providers to sufficient. This separates
the secirity critical WLS administrator from the "normal" users.

Thanks.

Frank

0 new messages