Configure Apache Webserver to authenticate from LDAP Server

1. Connect to the LDAP Server from an LDAP Browser 2. Uncomment these two modules in httpd.conf LoadModule ldap_module modules/mod_ldap.so LoadModule authnz_ldap_module modules/mod_authnz_ldap.so 3. Add the following Location directive <Location /> AuthType Basic Require valid-user AuthName   “Enter Your ldap Username/Password” AuthBasicProvider   ldap AuthzLDAPAuthoritative   off AuthLDAPURL    ldap://localhost:444

Continue reading

LDAP search by group filter

To be able to minimize search only to one group in AD. User from name Filter need to be modified as follow : (&(memberof=CN=TestGroup, DC=domainb,DC=com)(UserPrincipalName=%u)(objectclass=user)) All the rest of attributes can be left unchanged.  Group attributes do not need to be changed.  

Continue reading

Common LDAP Server Issues

The causes of the exceptions are discussed in brief. If you have anything to add, feel free to comment! com.bea.security.providers.xacml.store.ldap.LDAPException: netscape.ldap.LDAPException: error result (49) This exception is encountered when the password of the principal trying to connect to the LDAP Server is wrong. The AD-specific error code is the one

Continue reading

LDAP Authentication on JBoss

The below post demonstrates a sample configuration of LDAP Server with JBoss Server Steps: 1. Install OpenDS Directory Server. 2. Import the following LDIF file *********************************** base.ldif dn: ou=People,dc=bea,dc=com objectclass: top objectclass: organizationalUnit ou: People dn: uid=faisal,ou=People,dc=bea,dc=com objectclass: top objectclass: uidObject objectclass: person uid: faisal cn: Java Duke sn: Duke

Continue reading

Configuring OpenDS with Weblogic Server

Download Install and Configure OpenDS. I used the following LDIF as BASE while installing OpenDS. dn: dc=oracle,dc=com dc: oracle objectClass: domain objectClass: top dn: ou=TEST, dc=oracle,dc=com ou: TEST objectClass: organizationalUnit objectClass: top dn: cn=faisal,ou=TEST, dc=oracle,dc=com uid: faisal userPassword:: e1NTSEF9dnhBYUZKRzBONmwzWTdRMHBQRmdiczZrRHd5VUNwWCtCQTdlaHc9PQ == objectClass: person objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: top givenName: Faisal

Continue reading

Create Active Directory Authentication Provider from WLST

connect(‘weblogic’,’weblogic’,’t3://localhost:7001′) edit() startEdit(-1,-1,’false’) cmo.getSecurityConfiguration().getDefaultRealm().createAuthenticationProvider(‘ADAuthenticator’, ‘weblogic.security.providers.authentication.ActiveDirectoryAuthenticator’) cmo.getSecurityConfiguration().getDefaultRealm().lookupAuthenticationProvider(‘ADAuthenticator’).setControlFlag(‘OPTIONAL’) cd(‘/SecurityConfiguration’) cd(‘base_domain’) cd(‘Realms/myrealm/AuthenticationProviders’) cd(‘ADAuthenticator’) cmo.setGroupBaseDN(‘CN=Users,DC=faisal,DC=bea,DC=com’) cmo.setUserBaseDN(‘CN=Users,DC=faisal,DC=bea,DC=com’) cmo.setAllGroupsFilter(‘(objectclass=group)’) cmo.setPrincipal(‘CN=Administrator,CN=Users,DC=faisal,DC=bea,DC=com’) cmo.setCredential(‘Passw0rd’) cmo.setPort(389) cmo.setHost(‘localhost’) save() activate()

Continue reading