H Using an OpenLDAP Identity Store

This appendix describes the special set up required in case the identity store uses OpenLDAP 2.2.

It includes the following section:

H.1 Using an OpenLDAP Identity Store

To use OpenLDAP 2.2 as an identity store, proceed as follows:

  1. Use the WebLogic Server administration console to create a new authenticator provider. For this new provider:

    • Select OpenLDAPAuthenticator from the list of authenticators.

    • Set the control flag of the OpenLDAPAuthenticator to SUFFICIENT.

    • Set the control flag of the DefaultAuthenticator to SUFFICIENT.

    • Change the order of authenticators to make the OpenLDAPAuthenticator the first in the list.

    • In the Provider Specific page for the OpenLDAPAuthenticator, enter User Base DN and Group Base DN, and set the value of the objectclass in the Group From Name Filter to something other than groupofnames.

  2. From the Home directory of the OpenLDAP installation:

    • Open the file slapd.conf for edit.

    • In that file, insert the following line in the "include" section at the top:

      include ./schema/inetorgperson.schema
    • Save the file, and restart the OpenLDAP.

The above settings make possible adding the object class inetorgperson to every new external role you create in the OpenLDAP; this object class is required to map the external role to an application role.