Configuring OpenDS with Weblogic Server

Download Install and Configure OpenDS.

I used the following LDIF as BASE while installing OpenDS.

dn: dc=oracle,dc=com
dc: oracle
objectClass: domain
objectClass: top

dn: ou=TEST, dc=oracle,dc=com
ou: TEST
objectClass: organizationalUnit
objectClass: top

dn: cn=faisal,ou=TEST, dc=oracle,dc=com
uid: faisal
userPassword:: e1NTSEF9dnhBYUZKRzBONmwzWTdRMHBQRmdiczZrRHd5VUNwWCtCQTdlaHc9PQ
==
objectClass: person
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: top
givenName: Faisal
sn: Khan
cn: faisal

dn: cn=testuser,ou=TEST, dc=oracle,dc=com
uid: testuser
userPassword:: e1NTSEF9YXpZckZodWpla1FjWUNqcFJDQlRUeFRjOGNPa0NtaTF1a1hqWUE9PQ
==
objectClass: person
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: top
givenName: testuser
sn: testuser
cn: testuser

dn: cn=TestGroup,ou=TEST, dc=oracle,dc=com
description: TestGroup
objectClass: groupOfUniqueNames
objectClass: top
uniqueMember: cn=faisal,ou=TEST,dc=oracle,dc=com
cn: TestGroup

Create an LDAP Authenticator.

Home >Summary of Security Realms >myrealm >Providers > Create New LDAPAuthenticator.

Make the CONTROL FLAG as SUFFICIENT.

In the Provider Specific Tab provide the following details:

PORT : 1389
Principal : cn=faisal,ou=TEST, dc=oracle,dc=com
User Base DN : ou=TEST, dc=oracle,dc=com
Credentials : XXXXXXXXXXX
Group Base DN : ou=TEST, dc=oracle,dc=com

Leave the rest as default.

Now go to

Home >Summary of Security Realms >myrealm >Providers >Realm Roles
Expand Global Roles -> Expand Roles -> Click on View Role Conditions of the Admin Role -> Click on Add Conditions -> Select User in Predicate List -> Click Next -> In User Argument Name ADD faisal and FINISH -> Click Save

Change the control flag of the Default Authenticator as SUFFICIENT.

Log out and log in as faisal !

config.xml

<sec:authentication-provider xsi:type=”wls:ldap-authenticatorType”>
<sec:name>LDAPAuthenticator</sec:name>
<sec:control-flag>OPTIONAL</sec:control-flag>
<wls:propagate-cause-for-login-exception>false</wls:propagate-cause-for-login-exception>
<wls:port>1389</wls:port>
<wls:principal>cn=faisal,ou=TEST, dc=oracle,dc=com</wls:principal>
<wls:user-base-dn>ou=TEST, dc=oracle,dc=com</wls:user-base-dn>
<wls:credential-encrypted>{3DES}kbrkWhYOB2I3Y3Ss4Mt5Kw==</wls:credential-encrypted>
<wls:group-base-dn>ou=TEST, dc=oracle,dc=com</wls:group-base-dn>
</sec:authentication-provider>

References:
https://opends.dev.java.net/public/downloads_index.html

4 comments

  1. I’m curious if you ever got this to work with SunDS and MS-AD both configured at the same time?

    1. Hi Vince,

      You can have MS-AD authenticator and SunDS configured at the same time.
      We just need to create two authentication providers.

      Thanks,
      Faisal

Comments are closed.