Technical data
14 Managing Security
14-26 Administration Guide
ignore accounts that have been disable. Modify the user.filter value to only
return accounts that do not have the
UF_ACCOUNTDISABLE bit set. For example:
user.filter=(&(sAMAccountName=%u)(objectclassname=user)
(!userAccountControl:1.2.840.113556.1.4.803:=2))
When specifying the group.filter value, CN must be specified as CN=%G
otherwise the filter fails to find the members of a group.
4. To save your changes, click the Apply button.
5. Go to the Security node.
6. Choose the Filerealm tab.
7. Configure the Caching realm. For more information, see “Configuring the
Caching Realm.”
Note: When you use an LDAP Security realm, you must configure and enable the
Caching realm; otherwise, the LDAP Security realm will not work.
When configuring the Caching realm, select the
defaultLDAPRealmforLDAPserver (for example,
defaultLDAPRealmforOpenLDAPDirectoryServices) from the pull-down menu
for the Basic attribute on the General tab. The Basic attribute defines the
association between the Caching realm and the alternate security realm (in this
case, the LDAP Realm).
8. Reboot WebLogic Server.
Configuring the Windows NT Security Realm
The Windows NT Security realm uses account information defined for a Windows NT
domain to authenticate Users and Groups. You can view Users and Groups in the
Windows NT Security realm through the Administration Console, but you must
manage Users and Groups through the facilities provided by Windows NT.
The Windows NT Security realm provides authentication (Users and Groups) but not
authorization (ACLs). To update the ACL information in the
filerealm.properties file that WebLogic Server uses, click the Refresh button on
the General tab in the Security node after you change an ACL. If you use Groups with