Add Users to WebLogic Embedded LDAP Server

Question

I've found out that you can access the WebLogic users through LDAP.

I'm using the embedded LDAP server from weblogic, and connecting to it using JXplorer, like diplayed in this post.

Is it possible to create another user that has the same privileges of the CN=Admin user?

Here is an example:

Using JXplorer, I connect to the LDAP embedded server using port 7001, usernerme CN=Admin and providing the credentials.

In -> -> I'm able to list and edit all weblogic users. I then create the user 'Mary' (either using weblogic console or JXplorer), and assign her with the 'Administrator role'.

When I try to connect in JXplorer using CN=Mary, I get Error 49 - Invalid Credentials.

What am I doing wrong here, or simply it's not possible to create users that have this permission level?

Jaap · Accepted Answer

There is a actually a Note on Oracle Support that describes this situation (for 10.3.2 and later, so presumably it still applies to 12c)

How To Browse Weblogic Embedded Ldap With User Id APART FROM CN=ADMIN From an External Ldap Browser (Doc ID 1347745.1)

Apparently you need to edit the access control file (acls.prop) used by WebLogic Server: http://docs.oracle.com/cd/E24329_01/web.1211/e24422/ldap.htm#i1102243 It is located in your $WLHOME/server/lib/acls.prop (so not in the domain itself)

There you can supply LDAP users with additional grants, in the form of: ou=groups,ou=myrealm,dc=mydomain|subtree#grant:r,s,p,c#[all]#:authzID-dn:uid=ldapuser,ou=people,ou=myrealm,dc=mydomain:

Also see: http://supermaninthemiddle.wordpress.com/2011/05/16/configuring-read-only-access-to-arbitrary-user-to-weblogic-server-embedded-ldap/

Add Users to WebLogic Embedded LDAP Server

Answers (2)

Related Questions