Open the Weblogic Console at http://<VSMGUI IP>:7001/console/ and log in:
There are two platforms with unique credentials for the Weblogic Console login:
For the Linux x86-64 server platform, log in as user weblogic using the password weblogic1 (the number one, not a lower-case L).
For the LDOM on VSMc (Solaris) server platform, log in as user admin using the password vsm6SQLadm.
Click the Lock & Edit button in the upper left Change Center window.
From the Domain Structure window, select Security Realms.
From the Summary of Security Realms window, select myrealm.
In the Settings for myrealm window, click the Providers tab and ensure that the Authentication tab is selected.
Click the New button, which will open the Create a New Authentication Provider window. For the Name field, enter LDAP Server. In the Type field, select OpenLDAPAuthenticator. Click OK. You will be returned to the Settings for myrealm window, with LDAP Server at the bottom of the list.
Click the Reorder button. The available Authentication Providers will be listed. Click the LDAP Server check box, and use the controls to the right to move it to the top of the list. Click OK to the Settings for myrealm window. The LDAP Server Provider should now be at the top of the list.
Click LDAP Server. You will be taken to the Settings for LDAP Server window. Under the Common tab, change the Control Flag value to SUFFICIENT. Click Save.
Click the Provider Specific tab. You will be presented with a screen that has several fields to edit. For each field, enter the values as described in Table 1.
When the above entries have all been set, click the Save button. This will return to the Settings for LDAP Server page with notifications at the top stating that a process or processes need to be restarted.
Click the Activate Changes button in the upper left Change Center window.
Log out of the Console. Then stop and restart the Weblogic service.
Once the service is up, go back into the Console. Select Security Realms, then myrealm, as was done before. Click the Users and Groups tab. If the configuration worked properly, you should now see a list of all the users you added to the VSM Users group when you configured the OpenLDAP Service. This completes the OpenLDAP and Weblogic configuration.
Table B-1 Configuration Values for OpenLDAP Provider Specific Information
| Value | Description |
|---|---|
|
Host |
Either the DNS name or IP address of the Active Directory Server |
|
Port |
The port number on that server allocated to the AD Service, usually 389 |
|
Principal |
This is the full DN for the user that will connect to the server It is usually easiest to go to the LDAP Configuration Client you are using, find the DN attribute for the administrator user and cut/paste this field into the Weblogic Console. |
|
Credential |
The password you assigned to the VSM Administrator user from above |
|
Confirm Credential |
Same as the Credential field above |
|
SSLEnabled |
Unchecked |
|
User Base DN |
Either the new directory DN, or an existing group if you prefer |
|
All Users Filter |
Blank |
|
User From Name Filter |
(&(cn=%u)(objectclass=user)) |
|
User Search Scope |
subtree |
|
User Name Attribute |
cn |
|
User Object Class |
user |
|
Use Retrieved User Name as Principal |
Unchecked |
|
Group Base DN |
The DN of the object that contains groups; normally it matches the value in the User Base DN field. |
|
All Groups Filter |
Blank |
|
Group from Name Filter |
(&(cn=%g)(objectclass=groupOfNames)) |
|
Group Search Scope |
subtree |
|
Group Membership Searching |
unlimited |
|
Max Group Membership Search Level |
0 |
|
Ignore Duplicate Membership |
Unchecked |
|
Use Token Groups For Group Membership Lookup |
Unchecked |
|
Static Group Name Attribute |
cn |
|
Static Group Object Class |
groupOfNames |
|
Static Member DN Attribute |
member |
|
Static Group DNs from Member DN Filter |
(&(member=%M)(objectclass=groupOfNames)) |
|
Dynamic Groups Subgroup |
All of the fields in this section should be left blank. |
|
Connection Pool Size |
6 |
|
Connect Timeout |
0 |
|
Connection Retry Limit |
1 |
|
Parallel Connect Delay |
0 |
|
Results Time Limit |
0 |
|
Keep Alive Enabled |
Unchecked |
|
Follow Referrals |
Checked |
|
Bind Anonymously on Referrals |
Unchecked |
|
Propagate Cause for Login Exception |
Unchecked |
|
Cache Enabled |
Checked |
|
Cache Size |
32 |
|
Cache TTL |
60 |
|
GUID Attribute |
entryUUID |