Skip Headers
Oracle® Fusion Middleware Oracle Authorization Policy Manager Administrator's Guide (Oracle Fusion Applications Edition)
11g Release 6 (11.1.6)

Part Number E20839-04
Go to Documentation Home
Go to Book List
Book List
Go to Table of Contents
Go to Index
Go to Feedback page
Contact Us

Go to previous page
Go to next page
PDF · Mobi · ePub

A Using an OpenLDAP Identity Store

This appendix describes the special set up required in case the domain APM is running uses an OpenLDAP 2.2 identity store.

A.1 Using an OpenLDAP Identity Store

To use OpenLDAP 2.2 as a domain identity store with Authorization Policy Manager, proceed as follows:

  1. Use the WebLogic Server administration console to create a new authenticator provider. For this new provider:

    • Select OpenLDAPAuthenticator from the list of authenticators.

    • Set the control flag of the OpenLDAPAuthenticator to SUFFICIENT.

    • Set the control flag of the DefaultAuthenticator to SUFFICIENT.

    • Change the order of authenticators to make the OpenLDAPAuthenticator the first in the list.

    • In the Provider Specific page for the OpenLDAPAuthenticator, enter User Base DN and Group Base DN, and set the value of the objectclass in the Group From Name Filter to something other than groupofnames.

  2. From the Home directory of the OpenLDAP installation:

    • Open the file slapd.conf for edit.

    • In that file, insert the following line in the "include" section at the top:

      include ./schema/inetorgperson.schema
    • Save the file, and restart the OpenLDAP.

The above settings make possible adding the object class inetorgperson to every new external role you create in the OpenLDAP; this object class is required to map the external role to an application role.