To Configure LDAP Authentication with OID and OVD

This procedure explains how to configure GlassFish Server to use LDAP authentication with Oracle Virtual Directory (OVD) or Oracle Internet Directory (OID).

1. Install Oracle Enterprise Manager 11g and the latest Enterprise Manager patches, if they are not installed already.

   Instructions for installing Oracle Enterprise Manager are provided in the Oracle Enterprise Manager documentation set.

2. Install the Oracle Identity Management Suite (IDM) 11g and Patch Set 2 or later, if they are not installed already.

   Instructions for installing the Oracle Identity Management suite are provided in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management.

3. Configure SSL for Oracle Internet Directory (OID), if it is not configured already.

   Instructions for configuring SSL for OID are provided in the SSL chapter of the Oracle Internet Directory Administrator's Guide.

4. Using Oracle Wallet Manager, export an SSL self-signed certificate you want to use with GlassFish Server.

   Instructions for using Oracle Wallet Manager to create and export SSL certificates are provided in the Configure Oracle Internet Directory for SSL section of the SSL chapter in the Oracle Internet Directory Administrator's Guide.

5. On the GlassFish Server side, use the keytool command import the certificate you exported with Oracle Wallet Manager.

   The keytool command is available in the $JAVA_HOME/bin directory. Use the following syntax:

   keytool -importcert -alias "alias-name" -keystore domain-dir/config/cacerts.jks -file cert-name

   alias-name

   Name of an alias to use for the certificate

   domain-dir

   Name of the domain for which the certificate is used

   cert-name

   Name of the certificate that you exported with Oracle Wallet Manager.

   For example, to import a certificate named ovd.cer for a GlassFish Server domain in /glassfishv3/glassfish/domains/domain1, using an alias called “OVD self-signed certificate,” you would use the following command:

   keytool -importcert -alias "OVD self signed certificate" -keystore \ /glassfishv3/glassfish/domains/domain1/config/cacerts.jks -file ovd.cer

6. Restart the GlassFish Server domain.

   See To Restart a Domain.

7. Use the Oracle Enterprise Manager ldapmodify command to enable Anonymous Bind for OID/OVD.

   For example:

   ldapmodify -D cn=orcladmin -q -p portNum -h hostname -f ldifFile

   In this example, the LDIF file might contain the following:

   dn: cn=oid1,cn=osdldapd,cn=subconfigsubentry changetype: modify replace: orclAnonymousBindsFlag orclAnonymousBindsFlag: 1

   To disable all anonymous binds, you would use a similar LDIF file with the last line changed to:

   orclAnonymousBindsFlag: 0

   See Managing Anonymous Binds in the Oracle Fusion Middleware Administrator's Guide for Oracle Internet Directory for complete instructions on the ldapmodify command.