Task 4 - Associate OID LDAP Groups with Global Roles in the WebLogic Console
Configure the global roles by mapping to OID LDAP groups.
| Global Roles | Current WebLogic Server Groups | New OID LDAP Groups Required |
|---|---|---|
|
Admin |
Administrators |
OID_Administrators |
|
AdminChannelUsers |
AdminChannelUsers |
OID_AdminChannelUsers |
|
AppTester |
AppTesters |
OID_AppTesters |
|
CrossDomainConnector |
CrossDomainConnectors |
OID_CrossDomainConnectors |
|
Deployer |
Deployers |
OID_Deployers |
|
Monitor |
Monitors |
OID_Monitors |
|
Operator |
Operators |
OID_Operators |
|
OracleSystemRole |
OracleSystemGroup |
OracleSystemGroup (fixed requirement) |
You must associate the global roles from the table, displayed in the Oracle WebLogic Server Administration Console, with your replacement OID LDAP groups, before you can disable the default WebLogic Server authenticator.
The default Security Realm is named myrealm.
Do not do add a new condition for the Anonymous and Oracle System roles, which can both remain unchanged.
- Log in to Oracle WebLogic Server Administration Console.
- In the Change Center, click Lock & Edit.
- Select Security Realms from the left pane and click myrealm.
- Click Realm Roles.
- Click Global Roles and expand Roles.
- Add a new condition for each Role.
- Click View Role Conditions.
- Select group from the Predicate steps.
- Enter your newly-associated OID LDAP group, for example, assign the Admin role to the OID_Administrators role.
- Save your changes.
After disabling the Default WebLogic Server Authentication, you can remove the old WebLogic Server groups, see Task 8 - Remove WebLogic Server Roles