You use Oracle Virtual Directory Authentication provider to access user and group information stored in the Oracle Virtual Directory LDAP V3 service.
Note that each security realm must have one at least one Authentication provider configured. The Control Flag attribute determines how the LoginModule for each Authentication provider is used in the authentication process. For more information, see Set the JAAS control flag.
If the Oracle Virtual Directory Authentication provider is the only Authentication provider configured in the security realm, make sure that the LDAP user who boots WebLogic Server is added to a group that is assigned to the Admin role. Otherwise, WebLogic Server cannot be booted. If the Oracle Virtual Directory Authentication provider fails to connect to the LDAP server, or throws an exception, make sure the configuration settings for this provider are set correctly as described in the steps that follow. For more information about these configuration settings, see Configuring Users and Groups in the Oracle Internet Directory and Oracle Virtual Directory Authentication Providers.
To configure the Oracle Virtual Directory Authentication provider:
myrealm
).
The Create a New Authentication Provider page appears.
cn=users,dc=us,dc=oracle,dc=com
.
cn
,
change that type in the settings for each of the following
attributes: All Users Filter,
User From Name Filter, and User
Name Attribute. For example, if the user name
attribute type is uid
, change All
Users Filter to
(&(uid=*)(objectclass=person))
)
.
in bold
.)
cn
, change that type in the settings for the
All Groups Filter and Group Name
From Filter attributes.
For example, if the static group name attribute is type
uid
, change All Groups
Filter to
(&(uid=*)(|(objectclass=groupofUniqueNames)(objectclass=orcldynamicgroup)))
,
and change Group From Name Filter to
(|(&(uid=%g)(objectclass=groupofUniqueNames))(&(cn=%g)(objectclass=orcldynamicgroup)))
cn
, change that type in the settings for the
All Groups Filter and Group Name
From Filter attributes.
For example, if the dynamic group name attribute is type
uid
, change All Groups
Filter to
(&(uid=*)(|(objectclass=groupofUniqueNames)(objectclass=orcldynamicgroup)))
,
and change Group From Name Filter to
(|(&(cn=%g)(objectclass=groupofUniqueNames))(&(uid=%g)(objectclass=orcldynamicgroup)))
.
groupofnames
(instead of
groupofuniquenames
), and the static member DN
attribute is of type member
(instead of
uniquemember
), change the
objectclass
element in the All Groups
Filter and Group Name From
Filter attributes.
For example, set All Groups Filter as
(&(cn=*)(|(objectclass=groupofnames)(objectclass=orcldynamicgroup)))
,
and set Group Name From Filter as
(|(&(cn=%g)(objectclass=groupofnames))(&(cn=%g)(objectclass=orcldynamicgroup)))
.
cn
, specify that type
in Static Group Name Attribute. Note that
the type you specify must be consistent with the name attribute
type specified in the All Groups Filter and
Group Name From Filter attributes.
groupofnames
, if necessary, and make sure it
matches the class name specified in the All Groups
Filter and Group Name From
Filter attributes.
groupofnames
, change Static Member DN
Attribute to member
.