BEA Logo BEA WebLogic Server Release 6.1

  BEA Home  |  Events  |  Solutions  |  Partners  |  Products  |  Services  |  Download  |  Developer Center  |  WebSUPPORT

 

  |  

  WebLogic Server Doc Home   |     Console Online Help   |   Previous Topic   |   Next Topic   |   Contents   |   Index   |   View as PDF

LDAP Realm (Deprecated)

 

The following procedures describe how to use the Administration Console to set the attributes for creating and managing LDAP Realms. To read more about LDAP Realms, please see Managing Security in the Administration Guide.

 


Create an LDAP Realm

  1. Click the Realms node in the left pane. The Realms table displays in the right pane showing all the LDAP realms defined in the domain.

  2. Click the Create a New LDAP Realm text link. A dialog displays in the right pane showing the tabs associated with configuring a new realm.

  3. Enter a value in the Name attribute field.

  4. Click the Create button in the lower right corner to create a realm instance with the name you specified in the Name field. The new instance is added under the Realms node in the left pane.

  5. Click the LDAP, Users, and Groups tabs individually and change the attribute fields or accept the default values as assigned.

  6. Click Apply to save any changes you made.

 


Clone an LDAP Realm

  1. Click the Realms node in the left pane. The Realms table displays in the right pane showing all the LDAP realms defined in the domain.

  2. Click the Clone icon in the row of the realm you want to clone. A dialog displays in the right pane showing the tabs associated with cloning a new realm.

  3. Enter a value in the Name attribute field.

  4. Click Create to create a realm instance with the name you specified in the Name field. The new instance is added under the Realms node in the left pane.

  5. Click the LDAP, Users, and Groups tabs individually and change the attribute fields or accept the default values as assigned.

  6. Click Apply to save any changes you made.

 


Delete an LDAP Realm

  1. Click the Realms node in the left pane. The Realms table displays in the right pane showing all the LDAP realms defined in the domain.

  2. Click the Delete icon in the row of the realm you want to delete. A dialog displays in the right pane asking you to confirm your deletion request.

  3. Click Yes to delete the realm. The realm icon under the Realms node is deleted.

Before you can use the Windows NT Security realm, you need to enable the Caching Realm and enter the class name of the Windows NT Security realm in the Basic Realm field.

 


Configuration

General

Attribute

Description

Range of Values

Default Value

Name

This attribute specifies the name of the LDAP Security realm. For example, AccountingRealm

The name can be up to 256 alphanumeric characters, but may not contain commas or spaces.

Null

Realm Class Name

This attribute specifies the name of the Java class that contains the LDAP Security realm. The Java class should be included in the CLASSPATH of WebLogic Server

This attribute can not be changed.



LDAP

Attribute

Description

Range of Values

Default Value

LDAPURL

The location of the LDAP server. Change the URL to the name of the computer on which the LDAP server is running and the number of the port at which it is listening. If you want WebLogic Server to connect to the LDAP server using the SSL protocol, use the LDAP server's SSL port in the URL.


ldap://ldapserver:389

Principal

The distinguished name (DN) of the LDAP User used by WebLogic Server to connect to the LDAP server. This user must be able to list LDAP Users and Groups.



Credential

The password that authenticates the LDAP User, as defined in the Principal field.

Valid password

null

Enable SSL

Option for enabling the use of the SSL protocol to protect communications between the LDAP server and WebLogic Server. Keep in mind the following guidelines:

  • Disable this field if the LDAP server is not configured to use the SSL protocol.

  • If you set the UserAuthentication field to external, this field must be enabled.

Boolean

True = selected

False = not selected

Null

Auth Protocol

The type of authentication used to authenticate the LDAP server. Netscape Directory Server supports CRAM-MD5. Microsoft Site Server and Novell NDS support Simple.

  • None for no authentication.

  • Simple for password authentication.

  • CRAM-MD5 for certificate authentication.

None

Users

Attribute

Description

Range of Values

Default Value

User Authentication

This attribute determines the method for authenticating Users.

Set the attribute one of the following:

  • Local specifies that the LDAP Security realm retrieves user data including the password from the LDAP Directory server and checks the password in WebLogic Server. The Local setting is appropriate for Netscape Directory Server and Microsoft Site Server.

  • External specifies that the LDAP Security realm authenticates a User by attempting to bind to the LDAP Directory server with the username and password supplied by the WebLogic Server client. If you choose the External setting, you must also use the SSL protocol. The External setting is appropriate for Novell NDS.

  • Bind specifies that the LDAP Security realm authenticates a User

Null

User Password Attribute

This attribute sets the password of the LDAP user.

The password of the LDAP User.

Null

User DN

Set this attribute to the list of attributes so that when combined with the attributes in the UserNameAttribute the attribute uniquely identifies a User.


String

Null

User Name Attribute


This attribute sets the login name of the LDAP User.

The value of this field can be the common name of an LDAP User but usually it is an abbreviated string, such as the User ID.


null

Groups

Attribute

Description

Range of Values

Default Value

Group DN

Enter the list of attributes that, combined with the GroupNameAttribute attribute uniquely identifies a Group in the LDAP server.

String

Null

Group Name Attribute

Enter the name of a Group in the LDAP Server. It is usually a common name.

String

Null

Group IS Context

This boolean attribute specifies how Group membership is recorded in the LDAP server.

Boolean

Enable = selected

Disabled = not selected

Enable this attribute if each Group entry contains one User. By default, the attribute is enabled.

Disable this attribute if there is one Group entry containing an attribute for each Group member.

Selected

Group Username Attribute

Set this attribute to the name of the LDAP attribute that contains a Group member in a Group entry.


Valid group member name

Null

Notes

Attribute

Description

Range of Values

Default Value

Notes

This attribute provides a space for user supplied information.

The value must be an alphanumeric string.

Null

 

back to top previous page next page