LDAP Realm


	Corporate Info \| News \| Solutions \| Products \| Partners \| Services \| Events \| Download \| How To Buy
	e-docs \| Site Map \| Search \| Contact \| Glossary \| WebLogic Server Documentation

Administration Console Online Help: Previous topic \| Next topic \| Contents

LDAP Realm

Create an LDAP Realm

Click the Realms node in the left pane. The Realms table displays in the right pane showing all the LDAP realms defined in the domain.
Click the Create a New LDAP Realm text link. A dialog displays in the right pane showing the tabs associated with configuring a new realm.
Enter a value in the Name attribute field.
Click the Create button in the lower right corner to create a realm instance with the name you specified in the Name field. The new instance is added under the Realms node in the left pane.
Click the LDAP, Users, and Groups tabs individually and change the attribute fields or accept the default values as assigned.
Click Apply to save any changes you made.

Clone an LDAP Realm

Click the Realms node in the left pane. The Realms table displays in the right pane showing all the LDAP realms defined in the domain.
Click the Clone icon in the row of the realm you want to clone. A dialog displays in the right pane showing the tabs associated with cloning a new realm.
Enter a value in the Name attribute field.
Click Create to create a realm instance with the name you specified in the Name field. The new instance is added under the Realms node in the left pane.
Click the LDAP, Users, and Groups tabs individually and change the attribute fields or accept the default values as assigned.
Click Apply to save any changes you made.

Delete an LDAP Realm

Click the Realms node in the left pane. The Realms table displays in the right pane showing all the LDAP realms defined in the domain.
Click the Delete icon in the row of the realm you want to delete. A dialog displays in the right pane asking you to confirm your deletion request.
Click Yes to delete the realm. The realm icon under the Realms node is deleted.

Before you can use the Windows NT Security realm, you need to enable the Caching Realm and enter the class name of the Windows NT Security realm in the Basic Realm field.

Configuration

General

Attribute
Description
Range of Values
Default Value

Name

This attribute specifies the name of the LDAP Security realm. For example, AccountingRealm

The name can be up to 256 alphanumeric characters, but may not contain commas or spaces.

Null

Realm Class Name

This attribute specifies the name of the Java class that contains the LDAP Security realm. The Java class should be included in the CLASSPATH of WebLogic Server

This attribute can not be changed.

Attribute	Description	Range of Values	Default Value
Name	This attribute specifies the name of the LDAP Security realm. For example, AccountingRealm	The name can be up to 256 alphanumeric characters, but may not contain commas or spaces.	Null
Realm Class Name	This attribute specifies the name of the Java class that contains the LDAP Security realm. The Java class should be included in the CLASSPATH of WebLogic Server	This attribute can not be changed.

LDAP

Attribute
Description
Range of Values
Default Value

LDAPURL

The location of the LDAP server. Change the URL to the name of the computer on which the LDAP server is running and the number of the port at which it is listening. If you want WebLogic Server to connect to the LDAP server using the SSL protocol, use the LDAP server's SSL port in the URL.

ldap://ldapserver:389

Principal

The distinguished name (DN) of the LDAP User used by WebLogic Server to connect to the LDAP server. This user must be able to list LDAP Users and Groups.

Credential

The password that authenticates the LDAP User, as defined in the Principal field.

Valid password

null

Enable SSL

Option for enabling the use of the SSL protocol to protect communications between the LDAP server and WebLogic Server. Keep in mind the following guidelines:

Disable this field if the LDAP server is not configured to use the SSL protocol.
If you set the UserAuthentication field to external, this field must be enabled.

Boolean

True = selected

False = not selected

Null

Auth Protocol

The type of authentication used to authenticate the LDAP server. Netscape Directory Server supports CRAM-MD5. Microsoft Site Server and Novell NDS support Simple.

None for no authentication.
Simple for password authentication.
CRAM-MD5 for certificate authentication.

None

Attribute	Description	Range of Values	Default Value
LDAPURL	The location of the LDAP server. Change the URL to the name of the computer on which the LDAP server is running and the number of the port at which it is listening. If you want WebLogic Server to connect to the LDAP server using the SSL protocol, use the LDAP server's SSL port in the URL.		ldap://ldapserver:389
Principal	The distinguished name (DN) of the LDAP User used by WebLogic Server to connect to the LDAP server. This user must be able to list LDAP Users and Groups.
Credential	The password that authenticates the LDAP User, as defined in the Principal field.	Valid password	null
Enable SSL	Option for enabling the use of the SSL protocol to protect communications between the LDAP server and WebLogic Server. Keep in mind the following guidelines: Disable this field if the LDAP server is not configured to use the SSL protocol. If you set the UserAuthentication field to external, this field must be enabled.	Boolean True = selected False = not selected	Null
Auth Protocol	The type of authentication used to authenticate the LDAP server. Netscape Directory Server supports CRAM-MD5. Microsoft Site Server and Novell NDS support Simple.	None for no authentication. Simple for password authentication. CRAM-MD5 for certificate authentication.	None

Users

Attribute
Description
Range of Values
Default Value

User Authentication

This attribute determines the method for authenticating Users.

Set the attribute one of the following:

Local specifies that the LDAP Security realm retrieves user data include the password from the LDAP Directory server and checks the password in WebLogic Server. The Local setting is appropriate for Netscape Directory Server and Microsoft Site Server.
External specifies that the LDAP Security realm authenticates a User by attempting to bind to the LDAP Directory server with the username and password supplied by the WebLogic Server client. If you choose the External setting, you must also use the SSL protocol. The External setting is appropriate for Novell NDS.

Null

User Password Attribute

This attribute sets the password of the LDAP user.

The password of the LDAP User.

Null

User DN

Set this attribute to the list of attributes so that when combined with the attributes in the UserNameAttribute the attribute uniquely identifies a User.

String

Null

User Name Attribute

This attribute sets the login name of the LDAP User.

The value of this field can be the common name of an LDAP User but usually it is an abbreviated string, such as the User ID.

null

Attribute	Description	Range of Values	Default Value
User Authentication	This attribute determines the method for authenticating Users.	Set the attribute one of the following: Local specifies that the LDAP Security realm retrieves user data include the password from the LDAP Directory server and checks the password in WebLogic Server. The Local setting is appropriate for Netscape Directory Server and Microsoft Site Server. External specifies that the LDAP Security realm authenticates a User by attempting to bind to the LDAP Directory server with the username and password supplied by the WebLogic Server client. If you choose the External setting, you must also use the SSL protocol. The External setting is appropriate for Novell NDS.	Null
User Password Attribute	This attribute sets the password of the LDAP user.	The password of the LDAP User.	Null
User DN	Set this attribute to the list of attributes so that when combined with the attributes in the UserNameAttribute the attribute uniquely identifies a User.	String	Null
User Name Attribute	This attribute sets the login name of the LDAP User.	The value of this field can be the common name of an LDAP User but usually it is an abbreviated string, such as the User ID.	null

Groups

Attribute
Description
Range of Values
Default Value

Group DN

Enter the list of attributes that, combined with the GroupNameAttribute attribute uniquely identifies a Group in the LDAP server.

String

Null

Group Name Attribute

Enter the name of a Group in the LDAP Server. It is usually a common name.

String

Null

Group IS Context

This boolean attribute specifies how Group membership is recorded in the LDAP server.

Boolean

Enable = selected

Disabled = not selected

Enable this attribute if each Group entry contains one User. By default, the attribute is enabled.

Disable this attribute if there is one Group entry containing an attribute for each Group member.

Selected

Group Username Attribute

Set this attribute to the name of the LDAP attribute that contains a Group member in a Group entry.

Valid group member name

Null

Attribute	Description	Range of Values	Default Value
Group DN	Enter the list of attributes that, combined with the GroupNameAttribute attribute uniquely identifies a Group in the LDAP server.	String	Null
Group Name Attribute	Enter the name of a Group in the LDAP Server. It is usually a common name.	String	Null
Group IS Context	This boolean attribute specifies how Group membership is recorded in the LDAP server.	Boolean Enable = selected Disabled = not selected Enable this attribute if each Group entry contains one User. By default, the attribute is enabled. Disable this attribute if there is one Group entry containing an attribute for each Group member.	Selected
Group Username Attribute	Set this attribute to the name of the LDAP attribute that contains a Group member in a Group entry.	Valid group member name	Null

Notes

Attribute
Description
Range of Values
Default Value

Notes

This attribute provides a space for user supplied information.

The value must be an alphanumeric string.

Null