Home » Articles » Web » Here

Configure Active Directory (AD) Authentication Using WebLogic Scripting Tool (WLST)

WebLogic Scripting Tool (WLST) provides a command line scripting interface to manage WebLogic Server instances and domains. This article gives an example of configuring Active Directory (AD) authentication in an existing domain using WLST. You will need to adjust the values in the properties file and may wish to alter the script to suit your needs.

The easiest way to generate WLST scripts is to use the "Record" functionality in the Administration Console. The WLST in this article was generated in that way, then amended to replace hard-coded values with parameters.

• Script
• Properties
• Run It

Script

Create a file called "configure_active_directory.py" with the following contents.

#!/usr/bin/python
# Author : Tim Hall
# Save Script as : configure_active_directory.py

import time
import getopt
import sys
import re

# Get location of the properties file.
properties = ''
try:
   opts, args = getopt.getopt(sys.argv[1:],"p:h::",["properies="])
except getopt.GetoptError:
   print 'create_cluster.py -p <path-to-properties-file>'
   sys.exit(2)
for opt, arg in opts:
   if opt == '-h':
      print 'create_cluster.py -p <path-to-properties-file>'
      sys.exit()
   elif opt in ("-p", "--properties"):
      properties = arg
print 'properties=', properties

# Load the properties from the properties file.
from java.io import FileInputStream
 
propInputStream = FileInputStream(properties)
configProps = Properties()
configProps.load(propInputStream)

# Set all variables from values in properties file.
adminUsername=configProps.get("admin.username")
adminPassword=configProps.get("admin.password")
adminURL=configProps.get("admin.url")
domainName=configProps.get("domain.name")
providerName=configProps.get("provider.name")
adUsername=configProps.get("ad.username")
adPassword=configProps.get("ad.password")
adPrincipal=configProps.get("ad.principal")
adHost=configProps.get("ad.host")
adUserObjectClass=configProps.get("ad.user.object.class")
adGroupBaseDN=configProps.get("ad.group.base.dn")
adUserBaseDN=configProps.get("ad.user.base.dn")

# Display the variable values.
print 'adminUsername=', adminUsername
print 'adminPassword=', adminPassword
print 'adminURL=', adminURL
print 'domainName=', domainName
print 'providerName=', providerName
print 'adUsername=', adUsername
print 'adPassword=', adPassword
print 'adPrincipal=', adPrincipal
print 'adHost=', adHost
print 'adUserObjectClass=', adUserObjectClass
print 'adGroupBaseDN=', adGroupBaseDN
print 'adUserBaseDN=', adUserBaseDN

# Connect to the AdminServer.
connect(adminUsername, adminPassword, adminURL)

edit()
startEdit()

# Configure Active Directory.
cd('/SecurityConfiguration/' + domainName + '/Realms/myrealm')
cmo.setSecurityDDModel('Advanced')
cmo.setDeployRoleIgnored(false)
cmo.setDeployPolicyIgnored(false)
cmo.createAuthenticationProvider(providerName, 'weblogic.security.providers.authentication.ActiveDirectoryAuthenticator')

cd('/SecurityConfiguration/' + domainName + '/Realms/myrealm/AuthenticationProviders/' + providerName)
cmo.setControlFlag('OPTIONAL')

cd('/SecurityConfiguration/' + domainName + '/Realms/myrealm')
set('AuthenticationProviders',jarray.array([ObjectName('Security:Name=myrealm' + providerName), ObjectName('Security:Name=myrealmDefaultAuthenticator'), ObjectName('Security:Name=myrealmDefaultIdentityAsserter')], ObjectName))

cd('/SecurityConfiguration/' + domainName + '/Realms/myrealm/AuthenticationProviders/' + providerName)
cmo.setControlFlag('SUFFICIENT')
cmo.setUserNameAttribute(adUsername)
cmo.setPrincipal(adPrincipal)
cmo.setHost(adHost)
cmo.setUserObjectClass(adUserObjectClass)
set('Credential', adPassword)
cmo.setGroupBaseDN(adGroupBaseDN)
cmo.setUserBaseDN(adUserBaseDN)

save()
activate()

disconnect()
exit()

Properties

Create a file called "myDomain-ad.properties" with the following contents.

# AdminServer connection details.
admin.username=weblogic
admin.password=Password1
admin.url=t3://ol6.localdomain:7001

domain.name=myDomain
provider.name=adf
ad.username=sAMAccountName
ad.password=Password1
ad.principal=my-ad-username
ad.host=ldap.example.com
ad.user.object.class=organizationalPerson
ad.group.base.dn=ou=my-department,dc=adf,dc=example,dc=com
ad.user.base.dn=dc=adf,dc=example,dc=com

Run It

Create the managed servers in an existing domain using the following commands.

# Set environment.
export MW_HOME=/u01/app/oracle/middleware
export WLS_HOME=$MW_HOME/wlserver_10.3
export WL_HOME=$WLS_HOME
export JAVA_HOME=/u01/app/oracle/jdk1.7.0_79
export PATH=$JAVA_HOME/bin:$PATH
export DOMAIN_HOME=/u01/app/oracle/config/domains/myDomain

. $DOMAIN_HOME/bin/setDomainEnv.sh

# Create the managed servers.
java weblogic.WLST configure_active_directory -p myDomain-ad.properties

For more information see:

• Fusion Middleware Oracle WebLogic Scripting Tool

Hope this helps. Regards Tim...

Back to the Top.

Created: 2016-03-13  Updated: 2018-02-07

Contact Us

Home | Articles | Scripts | Blog | Certification | Videos | Misc | About

About Tim Hall
Copyright & Disclaimer