Skip Headers
Oracle® Fusion Middleware Application Security Guide
11g Release 1 (11.1.1)

Part Number E10043-11
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Index
Index
Go to Master Index
Master Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
PDF · Mobi · ePub

J Using an OpenLDAP Identity Store

This appendix describes the special set up required in case the identity store uses OpenLDAP 2.2.

J.1 Using an OpenLDAP Identity Store

To use OpenLDAP 2.2 as an identity store, proceed as follows:

  1. Use the WebLogic Server administration console to create a new authenticator provider. For this new provider:

    • Select OpenLDAPAuthenticator from the list of authenticators.

    • Set the control flag of the OpenLDAPAuthenticator to SUFFICIENT.

    • Set the control flag of the DefaultAuthenticator to SUFFICIENT.

    • Change the order of authenticators to make the OpenLDAPAuthenticator the first in the list.

    • In the Provider Specific page for the OpenLDAPAuthenticator, enter User Base DN and Group Base DN, and set the value of the objectclass in the Group From Name Filter to something other than groupofnames.

  2. From the Home directory of the OpenLDAP installation:

    • Open the file slapd.conf for edit.

    • In that file, insert the following line in the "include" section at the top:

      include ./schema/inetorgperson.schema
      
    • Save the file, and restart the OpenLDAP.

The above settings make possible adding the object class inetorgperson to every new external role you create in the OpenLDAP; this object class is required to map the external role to an application role.