8i | 9i | 10g | 11g | 12c | 13c | 18c | 19c | 21c | 23c | Misc | PL/SQL | SQL | RAC | WebLogic | Linux
Configure Active Directory (AD) Authentication Using WebLogic Scripting Tool (WLST)
WebLogic Scripting Tool (WLST) provides a command line scripting interface to manage WebLogic Server instances and domains. This article gives an example of configuring Active Directory (AD) authentication in an existing domain using WLST. You will need to adjust the values in the properties file and may wish to alter the script to suit your needs.
The easiest way to generate WLST scripts is to use the "Record" functionality in the Administration Console. The WLST in this article was generated in that way, then amended to replace hard-coded values with parameters.
Script
Create a file called "configure_active_directory.py" with the following contents.
#!/usr/bin/python # Author : Tim Hall # Save Script as : configure_active_directory.py import time import getopt import sys import re # Get location of the properties file. properties = '' try: opts, args = getopt.getopt(sys.argv[1:],"p:h::",["properies="]) except getopt.GetoptError: print 'create_cluster.py -p <path-to-properties-file>' sys.exit(2) for opt, arg in opts: if opt == '-h': print 'create_cluster.py -p <path-to-properties-file>' sys.exit() elif opt in ("-p", "--properties"): properties = arg print 'properties=', properties # Load the properties from the properties file. from java.io import FileInputStream propInputStream = FileInputStream(properties) configProps = Properties() configProps.load(propInputStream) # Set all variables from values in properties file. adminUsername=configProps.get("admin.username") adminPassword=configProps.get("admin.password") adminURL=configProps.get("admin.url") domainName=configProps.get("domain.name") providerName=configProps.get("provider.name") adUsername=configProps.get("ad.username") adPassword=configProps.get("ad.password") adPrincipal=configProps.get("ad.principal") adHost=configProps.get("ad.host") adUserObjectClass=configProps.get("ad.user.object.class") adGroupBaseDN=configProps.get("ad.group.base.dn") adUserBaseDN=configProps.get("ad.user.base.dn") # Display the variable values. print 'adminUsername=', adminUsername print 'adminPassword=', adminPassword print 'adminURL=', adminURL print 'domainName=', domainName print 'providerName=', providerName print 'adUsername=', adUsername print 'adPassword=', adPassword print 'adPrincipal=', adPrincipal print 'adHost=', adHost print 'adUserObjectClass=', adUserObjectClass print 'adGroupBaseDN=', adGroupBaseDN print 'adUserBaseDN=', adUserBaseDN # Connect to the AdminServer. connect(adminUsername, adminPassword, adminURL) edit() startEdit() # Configure Active Directory. cd('/SecurityConfiguration/' + domainName + '/Realms/myrealm') cmo.setSecurityDDModel('Advanced') cmo.setDeployRoleIgnored(false) cmo.setDeployPolicyIgnored(false) cmo.createAuthenticationProvider(providerName, 'weblogic.security.providers.authentication.ActiveDirectoryAuthenticator') cd('/SecurityConfiguration/' + domainName + '/Realms/myrealm/AuthenticationProviders/' + providerName) cmo.setControlFlag('OPTIONAL') cd('/SecurityConfiguration/' + domainName + '/Realms/myrealm') set('AuthenticationProviders',jarray.array([ObjectName('Security:Name=myrealm' + providerName), ObjectName('Security:Name=myrealmDefaultAuthenticator'), ObjectName('Security:Name=myrealmDefaultIdentityAsserter')], ObjectName)) cd('/SecurityConfiguration/' + domainName + '/Realms/myrealm/AuthenticationProviders/' + providerName) cmo.setControlFlag('SUFFICIENT') cmo.setUserNameAttribute(adUsername) cmo.setPrincipal(adPrincipal) cmo.setHost(adHost) cmo.setUserObjectClass(adUserObjectClass) set('Credential', adPassword) cmo.setGroupBaseDN(adGroupBaseDN) cmo.setUserBaseDN(adUserBaseDN) save() activate() disconnect() exit()
Properties
Create a file called "myDomain-ad.properties" with the following contents.
# AdminServer connection details. admin.username=weblogic admin.password=Password1 admin.url=t3://ol6.localdomain:7001 domain.name=myDomain provider.name=adf ad.username=sAMAccountName ad.password=Password1 ad.principal=my-ad-username ad.host=ldap.example.com ad.user.object.class=organizationalPerson ad.group.base.dn=ou=my-department,dc=adf,dc=example,dc=com ad.user.base.dn=dc=adf,dc=example,dc=com
Run It
Create the managed servers in an existing domain using the following commands.
# Set environment. export MW_HOME=/u01/app/oracle/middleware export WLS_HOME=$MW_HOME/wlserver_10.3 export WL_HOME=$WLS_HOME export JAVA_HOME=/u01/app/oracle/jdk1.7.0_79 export PATH=$JAVA_HOME/bin:$PATH export DOMAIN_HOME=/u01/app/oracle/config/domains/myDomain . $DOMAIN_HOME/bin/setDomainEnv.sh # Create the managed servers. java weblogic.WLST configure_active_directory -p myDomain-ad.properties
For more information see:
Hope this helps. Regards Tim...