Configure Internal WebLogic Server LDAP to Use LDAPs

If you have configured an external Identity Store, you can skip performing this step.

You can configure an external identity store to use a secure connection. To use an external identity store, you must change the URL in the internal LDAP ID store.

1. Login to Fusion Middleware Control using a URL similar to the following:

   https://<Host>/<SecureAdminPort>/em

2. Click WebLogic Domain, click Security, and click Security Provider Configuration.
3. Expand the Identity Store Provider segment.
4. Click Configure, and click the plus symbol (+) to add a new property.
5. Add a ldap.url property using the following format for the administration server address rather than the bi_server1 address:

   ldaps://<host>:<adminServer HTTPS port>, for example, ldaps://myexample_machine.com:9501.

6. In the Property editor, click OK.
7. On the Identity Store Provider page, click OK.
8. Open the jps-config.xml file located in <DomainHome>/config/fmwconfig/jps-config.xml.
9. In the file look for the line, <property name="ldap.url" value="ldaps://<Host>:<AdminServerSecurePort>"/> to confirm that the configuration change.

On IBM-AIX an additional configuration step is required to configure the IBM JDK supported cipher suites.

1. Open <DomainHome>/config/fmwconfig/ovd/default/adapters.os_xml

2. In the <ldap> section of this file, insert the following SSL cipher suites:

   <ldap id="DefaultAuthenticator" version="0">  
   <ssl>  
       <protocols>TLSv1.2,TLSv1.1</protocols>  
       <cipherSuites>  
          <cipher>SSL_RSA_WITH_AES_128_CBC_SHA</cipher>  
          <cipher>SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA</cipher>   
          <cipher>SSL_ECDH_ECDSA_WITH_AES_128_GCM_SHA256</cipher>  
       </cipherSuites>  
   </ssl>    
   </ldap>