LDAP Realm
Create an LDAP Realm
- Click the Realms node in the left pane. The Realms table displays in the right pane
showing all the LDAP realms defined in the domain.
- Click the Create a New LDAP Realm text link. A dialog displays in the right
pane showing the tabs associated with configuring a new realm.
- Enter a value in the Name attribute field.
- Click the Create button in the lower right corner to create a realm instance with
the name you specified in the Name field. The new instance is added under the
Realms node in the left pane.
- Click the LDAP, Users, and Groups tabs individually and change the attribute
fields or accept the default values as assigned.
- Click Apply to save any changes you made.
Clone an LDAP Realm
- Click the Realms node in the left pane. The Realms table displays in the right pane
showing all the LDAP realms defined in the domain.
- Click the Clone icon in the row of the realm you want to clone. A dialog displays
in the right pane showing the tabs associated with cloning a new realm.
- Enter a value in the Name attribute field.
- Click Create to create a realm instance with the name you specified in the Name
field. The new instance is added under the Realms node in the left pane.
- Click the LDAP, Users, and Groups tabs individually and change the attribute
fields or accept the default values as assigned.
- Click Apply to save any changes you made.
Delete an LDAP Realm
- Click the Realms node in the left pane. The Realms table displays in the right pane
showing all the LDAP realms defined in the domain.
- Click the Delete icon in the row of the realm you want to delete. A dialog
displays in the right pane asking you to confirm your deletion request.
- Click Yes to delete the realm. The realm icon under the Realms node is deleted.
Before you can use the Windows NT Security realm, you need to enable the Caching Realm and enter the class name of the Windows NT Security realm in the Basic Realm field.
Configuration
General
Attribute
|
Description
|
Range of Values
|
Default Value
|
Name
|
This attribute specifies the name of the LDAP Security realm. For example, AccountingRealm
|
The name can be up to 256 alphanumeric characters, but may not contain commas or spaces.
|
Null
|
Realm Class Name
|
This attribute specifies the name of the Java class that contains the LDAP Security realm. The Java class should be included in the CLASSPATH of WebLogic Server
|
This attribute can not be changed.
|
|
LDAP
Attribute
|
Description
|
Range of Values
|
Default Value
|
LDAPURL
|
The location of the LDAP server. Change the URL to the name of the computer on which the LDAP server is running and the number of the port at which it is listening. If you want WebLogic Server to connect to the LDAP server using the SSL protocol, use the LDAP server's SSL port in the URL.
|
|
ldap://ldapserver:389
|
Principal
|
The distinguished name (DN) of the LDAP User used by WebLogic Server to connect to the LDAP server. This user must be able to list LDAP Users and Groups.
|
|
|
Credential
|
The password that authenticates the LDAP User, as defined in the Principal field.
|
Valid password
|
null
|
Enable SSL
|
Option for enabling the use of the SSL protocol to protect communications between the LDAP server and WebLogic Server. Keep in mind the following guidelines:
- Disable this field if the LDAP server is not configured to use the SSL protocol.
- If you set the UserAuthentication field to external, this field must be enabled.
|
Boolean
True = selected
False = not selected
|
Null
|
Auth Protocol
|
The type of authentication used to authenticate the LDAP server. Netscape Directory Server supports CRAM-MD5. Microsoft Site Server and Novell NDS support Simple.
|
- None for no authentication.
- Simple for password authentication.
- CRAM-MD5 for certificate authentication.
|
None
|
Users
Attribute
|
Description
|
Range of Values
|
Default Value
|
User Authentication
|
This attribute determines the method for authenticating Users.
|
Set the attribute one of the following:
- Local specifies that the LDAP Security realm retrieves user data include the password from the LDAP Directory server and checks the password in WebLogic Server. The Local setting is appropriate for Netscape Directory Server and Microsoft Site Server.
- External specifies that the LDAP Security realm authenticates a User by attempting to bind to the LDAP Directory server with the username and password supplied by the WebLogic Server client. If you choose the External setting, you must also use the SSL protocol. The External setting is appropriate for Novell NDS.
|
Null
|
User Password Attribute
|
This attribute sets the password of the LDAP user.
|
The password of the LDAP User.
|
Null
|
User DN
|
Set this attribute to the list of attributes so that when combined with the attributes in the UserNameAttribute the attribute uniquely identifies a User.
|
String
|
Null
|
User Name Attribute
|
This attribute sets the login name of the LDAP User.
|
The value of this field can be the common name of an LDAP User but usually it is an abbreviated string, such as the User ID.
|
null
|
Groups
Attribute
|
Description
|
Range of Values
|
Default Value
|
Group DN
|
Enter the list of attributes that, combined with the GroupNameAttribute attribute uniquely identifies a Group in the LDAP server.
|
String
|
Null
|
Group Name Attribute
|
Enter the name of a Group in the LDAP Server. It is usually a common name.
|
String
|
Null
|
Group IS Context
|
This boolean attribute specifies how Group membership is recorded in the LDAP server.
|
Boolean
Enable = selected
Disabled = not selected
Enable this attribute if each Group entry contains one User. By default, the attribute is enabled.
Disable this attribute if there is one Group entry containing an attribute for each Group member.
|
Selected
|
Group Username Attribute
|
Set this attribute to the name of the LDAP attribute that contains a Group member in a Group entry.
|
Valid group member name
|
Null
|
Notes
Attribute
|
Description
|
Range of Values
|
Default Value
|
Notes
|
This attribute provides a space for user supplied information.
|
The value must be an alphanumeric string.
|
Null
|
|
Copyright © 2000 BEA Systems, Inc. All rights reserved.
Required browser: Netscape 4.0 or higher, or Microsoft Internet Explorer 4.0 or higher.
|