This appendix describes the setup required to use OpenLDAP 2.2 as the repository for the identity store.
It includes the following section:
To use OpenLDAP 2.2 for the identity store:
Use Oracle WebLogic Server Administration Console to create a new authentication provider:
Choose OpenLDAPAuthenticator from the list of providers.
Set the control flag of the OpenLDAPAuthenticator to SUFFICIENT.
Set the control flag of the WebLogic Default Authenticator to SUFFICIENT.
Change the order to make the OpenLDAPAuthenticator the first in the list.
In the Provider Specific page for the OpenLDAPAuthenticator, enter User Base DN and Group Base DN, and set the value of the object class in the Group From Name Filter to something other than group of names.
From the directory where OpenLDAP is installed:
Open slapd.conf for edit.
Insert the following line in the include section at the top:
include ./schema/inetorgperson.schema
Save the file and restart the OpenLDAP.
This procedure adds the inetorgperson object to every new external role you create in the OpenLDAP. That class is required to map external roles to an application roles.