Weblogic中配置Active Directory Authentication Provider
其要點或者容易出錯的關鍵點是:(<>及其中說明表明須要替換的內容)web
Host: ads.yourdomain.com Host填AD服務器的域名或IP服務器
Port: 389 Port默認389端口,能夠用telnet <ad server ip> 389 來測試你的域控端口是否能夠訪問app
Principal: cn=Administrator,cn=Users,dc=yourdomain,dc=com cn填管理員用戶名,dc dc 把域名拆開寫就能夠了dom
Credential: ******* 你的管理員密碼ide
Confirm Credential: ******* 再一遍測試
Users ui
User Base DN: cn=Users,dc=yourdomain,dc=com 3d
User From Name Filter: (&(samAccountName=%u)(objectclass=user))server
User Name Attribute: samAccountNamexml
Groups
Group Base DN: cn=Users,dc=yourdomain,dc=com
Group From Name Filter: (&(cn=%g)(objectclass=group))
Configuring Active Directory Authenticator with Weblogic Server
Weblogic Server comes with an Embedded LDAP Server which acts as the Default Provider for authentication, authorization and rolemapping.Since authentication is based on JAAS ( Java Authentication and Authorization Service), we can have external providers as well.These providers can be Out Of the Box Providers provided by WLS or Custom Providers which can be plugged in. I’ll discuss that in some other article.
These are some of the providers
WLS does provide an out of the box provider for Active Directory.
These are the steps to configure it.
Step 1). Open Active Directory Console
Step 2). Create a User 
Step 3). Assign it to Administrator Group. This is required as Active Directory gives connection only to Admin User. 
Step 4). Go to Weblogic Server and Create an Active Directory Authentication Provider 
Step 5) Under Provider Specific, provide the following values, leave the others as default.
Propagate Cause For Login Exception ( checked)
Principal :CN=aduser,CN=Users,DC=faisal,DC=bea,DC=com
User Base Dn : CN=Users,DC=faisal,DC=bea,DC=com
Credential : XXXXXX
Group Base Dn: CN=Users,DC=faisal,DC=bea,DC=com
You should see the following in the config.xml
<sec:authentication-provider xsi:type=」wls:active-directory-authenticatorType」>
<sec:name>ActiveDirectory</sec:name>
<sec:control-flag>SUFFICIENT</sec:control-flag>
<wls:propagate-cause-for-login-exception>false</wls:propagate-cause-for-login-exception>
<wls:principal>CN=aduser,CN=Users,DC=faisal,DC=bea,DC=com</wls:principal>
<wls:user-base-dn>CN=Users,DC=faisal,DC=bea,DC=com</wls:user-base-dn>
<wls:credential-encrypted>{3DES}YoOwqSH1jxsOlvUmAYOENw==</wls:credential-encrypted>
<wls:group-base-dn>CN=Users,DC=faisal,DC=bea,DC=com</wls:group-base-dn>
</sec:authentication-provider>
Step 6) Change the control flag of the Active Directory Authenticator and the Default Authenticator to SUFFICIENT 
Step 7) Restart your server. Go to myrealm. You should be able to see the users and groups from the Active Directory. 
- 1. Windows Azure 配置Active Directory 主機(3)
- 2. Office365 Active Directory同步配置篩選
- 3. Windows Azure 配置Active Directory 主機(4)
- 4. Windows Server 2003 Active Directory 配置指南
- 5. 配置Operations Manager與Active Directory集成
- 6. Windows Azure 配置Active Directory 主機(2)
- 7. Active Directory 賬號遷移配置介紹
- 8. Spring Security 的Authentication Provider
- 9. MyEclipse中weblogic配置
- 10. weblogic中配置domain
- 更多相關文章...
- • Eclipse Debug 配置 - Eclipse 教程
- • Maven 環境配置 - Maven教程
- • IntelliJ IDEA 代碼格式化配置和快捷鍵
- • IDEA下SpringBoot工程配置文件沒有提示
-
每一个你不满意的现在,都有一个你没有努力的曾经。
- 1. Windows Azure 配置Active Directory 主機(3)
- 2. Office365 Active Directory同步配置篩選
- 3. Windows Azure 配置Active Directory 主機(4)
- 4. Windows Server 2003 Active Directory 配置指南
- 5. 配置Operations Manager與Active Directory集成
- 6. Windows Azure 配置Active Directory 主機(2)
- 7. Active Directory 賬號遷移配置介紹
- 8. Spring Security 的Authentication Provider
- 9. MyEclipse中weblogic配置
- 10. weblogic中配置domain