WebLogic Server 11g and 12c : Configure Active Directory Authentication
The article describes the configuration of Active Directory authentication for an Oracle WebLogic 11g or 12c domain.
The following steps were used to configure Active Directory authentication for a domain.
If your WebLogic Server is running in production mode, click the "Lock & Edit" button.
Click on the "Security Realms" node of the "Domain Structure" tree.
Click on the "myrealm" realm.
Set the "Security Model Default:" option to "Advanced" and click the "Save" button.
Click on the "Providers" tab. Then the "New" button.
Enter the "Name" (ad), the "Type" (ActiveDirectoryAuthenticator) and click the "OK" button.
Click the "Reorder" button, to move "adf" to the top of the list.
Click on the new provider (ad), set "Control Flag" to "SUFFICIENT" and click the "Save" button.
Click on the "Provider Specific" tab.
Enter the relevant LDAP details. Many can be left default. In my case, we amended the following, but you will need to refer to your Active Directory administrator for guidance here.
Host: ldap.example.com Port: 389 Principle: my-ad-username Credential: my-ad-password Confirm Credential: my-ad-password User Base DN: dc=adf,dc=example,dc=com User From Name Filter: (&(cn=%u)(objectclass=user)) User Search Scope: subtree User Name Attribute: sAMAccountName User Object Class: organizationalPerson Group Base DN: ou=my-department,dc=adf,dc=example,dc=com Group From Name Filter: (&(cn=%g)(objectclass=group)) Group Search Scope: subtree Group Membership Searching: unlimited Max Group Membership Search Level: 0 Static Group Name Attribute: cn Static Group Object Class: group Static Member DN Attribute: member Static Group DNs from Member DN Filter: (&(member=%M)(objectclass=group))
Click the "Save" button.
If your WebLogic Server is running in production mode, click the "Activate Changes" button.
Restart the domain (AdminServer and all managed servers) for the Active Directory setting to take effect.
The following points should be considered if you are having trouble with setting up Active Directory authentication.
We found it necessary to restart the AdminServer and all managed server for any Security Realm changes to take effect.
Due to a bug in WebLogic, the managed servers could not use AD authentication unless the application deployment was also targetted to the AdminServer. The application does not need to be run from the AdminServer, it must just be a target of the specific deployment.
For more information see:
Hope this helps. Regards Tim...