Re: Integrating Active Directory with Weblogic 7.0 - Weblogic

This is a discussion on Re: Integrating Active Directory with Weblogic 7.0 - Weblogic ; From: "Peter" Newsgroups: weblogic.developer.interest.security References: Subject: Re: Integrating Active Directory with Weblogic 7.0 Date: Thu, 7 Aug 2003 07:29:49 -0400 Lines: 40 X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 NNTP-Posting-Host: 216.148.48.18 X-Original-NNTP-Posting-Host: ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: Re: Integrating Active Directory with Weblogic 7.0

  1. Re: Integrating Active Directory with Weblogic 7.0

    From: "Peter"
    Newsgroups: weblogic.developer.interest.security
    References: <3f26f62a@newsgroups.bea.com>
    Subject: Re: Integrating Active Directory with Weblogic 7.0
    Date: Thu, 7 Aug 2003 07:29:49 -0400
    Lines: 40
    X-Priority: 3
    X-MSMail-Priority: Normal
    X-Newsreader: Microsoft Outlook Express 6.00.2600.0000
    X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
    NNTP-Posting-Host: 216.148.48.18
    X-Original-NNTP-Posting-Host: 216.148.48.18
    Message-ID: <3f32383f@newsgroups.bea.com>
    X-Trace: newsgroups.bea.com 1060255807 216.148.48.18 (7 Aug 2003 04:30:07 -0700)
    X-Original-Trace: 7 Aug 2003 04:30:07 -0700, 216.148.48.18
    Organization: BEA NEWS SITE
    XPident: Unknown
    Path: newsgroups.bea.com!not-for-mail
    Xref: newsgroups.bea.com weblogic.developer.interest.security:10448


    wrote in message news:3f26f62a@newsgroups.bea.com...
    >
    > Hello y'all, did some searching and unfortunately this appears to be a

    topic with
    > a lot of questions and very few resources to pool from.
    >
    > I have an AD server which I can connect to programmatically with a test

    driver.
    > No biggy, can search through the tree, etc.
    >
    > However, I can't seem to make the leap between this and declaring security

    in
    > the Weblogic console so that AD users are successfully allowed to log into

    the
    > server and application.
    >
    > I set up an Active Directory Authenticator for my domain. The

    configuration appears
    > to be correct, with the proper server name, principal, filters, etc. I

    can verify
    > this through the driver, I use the same values and things work. However,

    Weblogic
    > throws the following exception at start up if I try to use my AD

    username/password
    >
    > The WebLogic Server did not start up properly.
    > Exception raised:
    > java.lang.SecurityException: Authentication for user denied


    This indicates that the boot username and password could not be
    authenticated in your AD server.
    Turn on debug (DebugSecurityAtn="true" in the ServerDebugMBean) and look at
    the ldap_trace.log
    file for the ldap bind request. Is it using the correct dn and credential
    for your ad server.





  2. Re: Integrating Active Directory with Weblogic 7.0

    From: "Jason"
    Sender: "Jason"
    Reply-To: "Jason"
    Subject: Re: Integrating Active Directory with Weblogic 7.0
    Newsgroups: weblogic.developer.interest.security
    X-User-Info: 199.46.200.230
    References: <3f26f62a@newsgroups.bea.com> <3f32383f@newsgroups.bea.com>
    NNTP-Posting-Host: 199.46.200.230
    X-Original-NNTP-Posting-Host: 199.46.200.230
    Message-ID: <3f32a51c@newsgroups.bea.com>
    Date: 7 Aug 2003 12:14:36 -0700
    X-Trace: newsgroups.bea.com 1060283676 199.46.200.230 (7 Aug 2003 12:14:36 -0700)
    X-Original-Trace: 7 Aug 2003 12:14:36 -0700, 199.46.200.230
    Organization: BEA NEWS SITE
    Lines: 65
    XPident: Unknown
    Path: newsgroups.bea.com!not-for-mail
    Xref: newsgroups.bea.com weblogic.developer.interest.security:10471


    "Peter" wrote:
    >
    > wrote in message news:3f26f62a@newsgroups.bea.com...
    >>
    >> Hello y'all, did some searching and unfortunately this appears to be

    >a
    >topic with
    >> a lot of questions and very few resources to pool from.
    >>
    >> I have an AD server which I can connect to programmatically with a

    >test
    >driver.
    >> No biggy, can search through the tree, etc.
    >>
    >> However, I can't seem to make the leap between this and declaring security

    >in
    >> the Weblogic console so that AD users are successfully allowed to log

    >into
    >the
    >> server and application.
    >>
    >> I set up an Active Directory Authenticator for my domain. The

    >configuration appears
    >> to be correct, with the proper server name, principal, filters, etc.

    > I
    >can verify
    >> this through the driver, I use the same values and things work. However,

    >Weblogic
    >> throws the following exception at start up if I try to use my AD

    >username/password
    >>
    >> The WebLogic Server did not start up properly.
    >> Exception raised:
    >> java.lang.SecurityException: Authentication for user denied

    >
    >This indicates that the boot username and password could not be
    >authenticated in your AD server.
    >Turn on debug (DebugSecurityAtn="true" in the ServerDebugMBean) and look
    >at
    >the ldap_trace.log
    >file for the ldap bind request. Is it using the correct dn and credential
    >for your ad server.
    >
    >
    >
    >


    Thanks Peter, once I switched it to use the full @,
    this worked. I was just using the username. So I am now validating users fine
    through my application.

    I posted another question about getting the console to recognize AD users and
    groups, and according to some other posts I've read, this should be fixed in the
    latest SP. I'll have to give that a try, if I can get CM around here to agree
    with it.

    Do I need an AD account to log into the console and start up the server? Right
    now I start it up by using a user created in Weblogic, not AD. I'd like to have
    everything regarding Weblogic handled with AD users, and not have to worry about
    creating them in the console.

    Thanks!
    Jason


  3. Re: Integrating Active Directory with Weblogic 7.0


    "Jason" wrote:
    >
    >"Peter" wrote:
    >>
    >> wrote in message news:3f26f62a@newsgroups.bea.com...
    >>>
    >>> Hello y'all, did some searching and unfortunately this appears to

    >be
    >>a
    >>topic with
    >>> a lot of questions and very few resources to pool from.
    >>>
    >>> I have an AD server which I can connect to programmatically with a

    >>test
    >>driver.
    >>> No biggy, can search through the tree, etc.
    >>>
    >>> However, I can't seem to make the leap between this and declaring

    >security
    >>in
    >>> the Weblogic console so that AD users are successfully allowed to

    >log
    >>into
    >>the
    >>> server and application.
    >>>
    >>> I set up an Active Directory Authenticator for my domain. The

    >>configuration appears
    >>> to be correct, with the proper server name, principal, filters, etc.

    >> I
    >>can verify
    >>> this through the driver, I use the same values and things work. However,

    >>Weblogic
    >>> throws the following exception at start up if I try to use my AD

    >>username/password
    >>>
    >>> The WebLogic Server did not start up properly.
    >>> Exception raised:
    >>> java.lang.SecurityException: Authentication for user denied

    >>
    >>This indicates that the boot username and password could not be
    >>authenticated in your AD server.
    >>Turn on debug (DebugSecurityAtn="true" in the ServerDebugMBean) and

    >look
    >>at
    >>the ldap_trace.log
    >>file for the ldap bind request. Is it using the correct dn and credential
    >>for your ad server.
    >>
    >>
    >>
    >>

    >
    >Thanks Peter, once I switched it to use the full @ >string>,
    >this worked. I was just using the username. So I am now validating
    >users fine
    >through my application.
    >
    >I posted another question about getting the console to recognize AD users
    >and
    >groups, and according to some other posts I've read, this should be fixed
    >in the
    >latest SP. I'll have to give that a try, if I can get CM around here
    >to agree
    >with it.
    >
    >Do I need an AD account to log into the console and start up the server?
    > Right
    >now I start it up by using a user created in Weblogic, not AD. I'd like
    >to have
    >everything regarding Weblogic handled with AD users, and not have to
    >worry about
    >creating them in the console.
    >
    >Thanks!
    >Jason
    >


    Yikes, we are using SP 2, which it appears is the latest, yet I'm still not getting
    AD information... that's not good.


  4. Re: Integrating Active Directory with Weblogic 7.0


    "Peter" wrote in message news:3f39966c@newsgroups.bea.com...

    > I had thought that SP3 was out but I don't see it on the web site. I will
    > ask a console expert in what
    > sp the fix is in.
    >
    >


    The fix is in 7.0 SP3.


    >




+ Reply to Thread