OTN Home > Oracle WebLogic Server 12.2.1.2.0 Documentation > Administration Console Online Help > Configure the generic LDAP Authentication provider

Administration Console Online Help

Previous Next Open TOC in new window
Content starts here

Configure the generic LDAP Authentication provider

Before you begin


You use the generic LDAP Authentication provider to access user and group information stored in an LDAP server.

Note the following:

.To configure the generic LDAP Authentication provider:

  1. If you have not already done so, in the Change Center of the Administration Console, click Lock & Edit (see Use the Change Center).
  2. In the left pane, select Security Realms and click the name of the realm you are configuring (for example, myrealm).
  3. Select Providers > Authentication and click New.

    The Create a New Authentication Provider page appears.
  4. In the Name field, enter a name for the generic LDAP Authentication provider.
  5. From the Type drop-down list, select LDAPAuthenticator and click OK.
  6. Select Providers > Authentication and click the name of the new generic LDAP Authentication provider to complete its configuration.
  7. On the Configuration Common tab for the generic LDAP Authentication provider, click Set the JAAS control flag.
  8. Select the Provider Specific tab.
  9. In the section labeled Connection, specify the following:
    • The host and port of the machine hosting the LDAP server
    • The principal of the LDAP user that WebLogic Server should use for making a connection. For example, cn=orcladmin.
    • The password for the LDAP user.
    • Whether the connection to the LDAP server uses SSL. For more information, see Enabling an LDAP Authentication Provider for SSL.
  10. In the section labeled Users, make sure User Base DN correctly specifies the DN for users in the LDAP directory. For example, cn=Users,dc=com.
  11. In the section labeled Groups:
    1. Make sure Group Base DN correctly specifies the DN for groups in the LDAP directory. For example, cn=Groups,dc=com.
    2. For Group Membership Searching, note that you can optionally select off to disable group searches. If group information is not needed when authenticating against the LDAP server, this setting can boost provider performance .
  12. In the section labeled General, note the following:
    1. Cache Enabled is selected by default, which is recommended. This causes two caches to be created for the generic LDAP Authentication provider: the group membership cache, and the user cache.
    2. Cache Statistics Enabled is selected by default, which is recommended for performance tuning. This causes cache activity data to be sent to the server log.

    With these two settings enabled, the data captured in the server log includes the following:

    • Current number of entries in each cache
    • Current number of group membership queries and hits
    • Current number of user queries and hits
    • Timestamps indicating when each cache was created

    The LDAPAuthenticatorMBean includes an API for retrieving these statistics. You can use this API to analyze the statistics and determine how to maximize response time and throughput. For details, see Analyzing the Generic LDAP Authenticator Cache Statistics.

  13. Click Save to save your changes.

    After you click Save, WebLogic Server tests the connection between this provider and the corresponding LDAP server.

    • If the test succeeds, the configuration settings are saved and you may activate them.
    • If the test fails, an error message is displayed indicating a problem. No configuration settings are saved.
  14. If the configuration settings are successfully saved, click Activate Changes in the Change Center. If you Enable automatic realm restart, you do not need to restart WebLogic Server for updates to take effect.

Back to Top