Manualshelf

Technical data

ManualsBrandsBEA ManualsComputer equipmentWebLogic Server 7
251252253254255256257258259260
Specifying a Security Realm
Administration Guide 14-15
Locating Users and Groups in the LDAP Directory
The LDAP security realm needs to know where the Users and Groups are stored in the
LDAP directory used with the security realm. This is done by specifying the
distinguished names (DNs) of the LDAP directories that contain the Users and Groups.
In LDAP, a DN starts with a leaf node and goes to the root node. For example:
root
|
|
|
o=acme.com
|
|
|
ou=Groups
The DN for this branch would be specified as ou=Groups, o=acme.com.
In LDAP realm V1, you specify DNs via the GroupDN and UserDN attributes when
configuring the security realm. However, you must reverse the DNs. For example, the
sample DN would be specified as
groupDN="o=acme.com, ou=Groups".
In LDAP realm V2, you specify DNs by adding
user.dn and group.dn properties to
the Configuration attribute of the CustomRealm MBean. Unlike LDAP realm V1, you
do not have to reverse the DN. For example, the
user.dn and group.dn properties for
a LDAP realm V2 are specified as follows:
ConfigurationData="..., group.dn=ou=Groups, o=acme.com, ..."
A common error when switching between the LDAP realm V1 and LDAP realm V2 is
copying over the reverse DNs thus causing the LDAP security realm to stop working.
Check your DN specifications when migrating from LDAP realm V1 to LDAP realm
V2.
Configuring an LDAP Realm V1
To use the LDAP Security realm V1 instead of the File realm:
1. Go to the Security
Realms node in the left pane of the Administration Console.
2. In the right pane of the Administration Console, click the Configure a New
LDAP Realm V1 link.