WLS 8.1, Active Directory and user authentication problem - Weblogic

This is a discussion on WLS 8.1, Active Directory and user authentication problem - Weblogic ; Hi All, I've quite a few letters on this newsgroup, but i couldn't fully combine WLS with Active directory. I configured AD authenticator in WLS using similar settings to the following: principal: user@domain dc user base dn: dc=my,dc=company,dc=domain,dc=inAD, group base ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: WLS 8.1, Active Directory and user authentication problem

  1. WLS 8.1, Active Directory and user authentication problem


    Hi All,
    I've quite a few letters on this newsgroup, but i couldn't fully combine WLS with
    Active directory.
    I configured AD authenticator in WLS using similar settings to the following:
    principal: user@domain dc
    user base dn: dc=my,dc=company,dc=domain,dc=inAD,
    group base dn: the same as user base dn
    control flag: sufficient (the same as in defaultAuthenticator)
    I've left the rest of setting (eg. user/group/membership filter) as default.

    I have also set debuging in config.xml and monitor ldap_trace.log.

    I've create security role assigment in DD file of my web application and place
    there username of test user that exist in ADS.

    From the trace log I know that WLS is able to connect, bind to AD and to find
    required user and group he belongs to.
    However it seems that it cannot match the user to the role specify in DD, because
    the user cannot enter it.

    Can anybody help. All hints are welcome.

    P.S. Everything works fine with iPlanet Directory Server.

    thanks in advance
    michal

  2. Re: WLS 8.1, Active Directory and user authentication problem

    Hi,
    adding
    Name="myserver"/> in the figure out why it's failing..

    thanks
    kiran




    "michal" wrote in message
    news:3f4a2330@newsgroups.bea.com...
    >
    > Hi All,
    > I've quite a few letters on this newsgroup, but i couldn't fully combine

    WLS with
    > Active directory.
    > I configured AD authenticator in WLS using similar settings to the

    following:
    > principal: user@domain dc
    > user base dn: dc=my,dc=company,dc=domain,dc=inAD,
    > group base dn: the same as user base dn
    > control flag: sufficient (the same as in defaultAuthenticator)
    > I've left the rest of setting (eg. user/group/membership filter) as

    default.
    >
    > I have also set debuging in config.xml and monitor ldap_trace.log.
    >
    > I've create security role assigment in DD file of my web application and

    place
    > there username of test user that exist in ADS.
    >
    > From the trace log I know that WLS is able to connect, bind to AD and to

    find
    > required user and group he belongs to.
    > However it seems that it cannot match the user to the role specify in DD,

    because
    > the user cannot enter it.
    >
    > Can anybody help. All hints are welcome.
    >
    > P.S. Everything works fine with iPlanet Directory Server.
    >
    > thanks in advance
    > michal




  3. Re: WLS 8.1, Active Directory and user authentication problem

    to get this work, you've to have that user in the ADS's Administrators
    Group, otherwise setting up ADS should be two step process.
    I think contacting support will be better thing for you.



    "michal" wrote in message
    news:3f4b62c1$1@newsgroups.bea.com...
    >
    > As I wrote earlier I set those directives in config.xml.
    > From ldap_trace.log I know that WLS is binding to AD, searchs for required

    user
    > and finds it, the password is also OK. The next request finds all groups

    that
    > user belongs to.
    >
    > I can also see searchResultReference to the configuration branch of AD to

    which
    > my user doesn't have access.
    >
    > Is it nessesary to use AD user with admin rights in principal field in

    ADAuthenticator
    > in WLS.
    > As far as i know when using iplanet a principal in WLS should only have

    right
    > to search, read and compare.
    >
    > Or maybe i miss something?
    >
    > michal
    >
    > "kirann" wrote:
    > >Hi,
    > >adding
    > > > >Name="myserver"/> in the > >figure out why it's failing..
    > >
    > >thanks
    > >kiran
    > >
    > >
    > >
    > >
    > >"michal" wrote in message
    > >news:3f4a2330@newsgroups.bea.com...
    > >>
    > >> Hi All,
    > >> I've quite a few letters on this newsgroup, but i couldn't fully

    combine
    > >WLS with
    > >> Active directory.
    > >> I configured AD authenticator in WLS using similar settings to the

    > >following:
    > >> principal: user@domain dc
    > >> user base dn: dc=my,dc=company,dc=domain,dc=inAD,
    > >> group base dn: the same as user base dn
    > >> control flag: sufficient (the same as in defaultAuthenticator)
    > >> I've left the rest of setting (eg. user/group/membership filter) as

    > >default.
    > >>
    > >> I have also set debuging in config.xml and monitor ldap_trace.log.
    > >>
    > >> I've create security role assigment in DD file of my web application

    > >and
    > >place
    > >> there username of test user that exist in ADS.
    > >>
    > >> From the trace log I know that WLS is able to connect, bind to AD

    > >and to
    > >find
    > >> required user and group he belongs to.
    > >> However it seems that it cannot match the user to the role specify

    > >in DD,
    > >because
    > >> the user cannot enter it.
    > >>
    > >> Can anybody help. All hints are welcome.
    > >>
    > >> P.S. Everything works fine with iPlanet Directory Server.
    > >>
    > >> thanks in advance
    > >> michal

    > >
    > >

    >




+ Reply to Thread