Configuring the LDAP Connection

The first step in configuring WebLogic for secure client authentication is to configure the LDAP connection, which defines the security infrastructure against which WebLogic will validate user IDs and passwords.

By default, WebLogic uses an Embedded LDAP Server for authenticating users. Optionally, you can configure most commercial LDAP servers for client authentication with the WebLogic server.

Note: If you do not want to use LDAP Server security for the SIMULIA Execution Engine, you still need to define users and roles in the Embedded LDAP Server supplied by the WebLogic Server to apply security policies to the SIMULIA Execution Engine. See Using the WebLogic Embedded LDAP for Client Authentication for instructions.

The following instructions assume the use of an LDAP server for authentication (specifically, Microsoft Active Directory Server). Other LDAP servers can be configured in a similar manner. For more information, please check your WebLogic Server documentation.

WebLogic Server's Embedded LDAP authentication may be adequate for small test environments, but it is not suitable for production deployments. Some familiarity with LDAP is helpful to properly configure the WebLogic Server to use LDAP.

Note: Using an LDAP Browser may be helpful while configuring an LDAP Connection with the WebLogic Server.

  1. Click Lock & Edit in the upper left corner of the WebLogic Administration Console.

  2. Click Security Realms on the left side of the console.

    The Summary of Security Realms screen appears.

  3. Click myrealm in the Name column on the right side of the console.

  4. Click the Providers tab.

    The Authentication Providers table appears.

  5. Click New.

    The Create a New Authentication Provider screen appears.

  6. Type ActiveDirectoryAuthenticator in the Name text box.

  7. Select ActiveDirectoryAuthenticator from the Type list.

  8. Click OK.

  9. Click the ActiveDirectoryAuthenticator link in the Name column.

  10. Select SUFFICIENT from the Control Flag list.

  11. Click Save.

  12. Click the Provider Specific subtab.

  13. Type the host name of your Active Directory Server in the Host text box.

  14. Type the port number in the Port text box. The default port for an LDAP Server is 389.

  15. Type the principal name of the user in the Principal text box. For example, the principal name of the user that started the WebLogic Server may be SEE Admin. The actual user ID may be different from the principal name defined in the LDAP server.

  16. Type the password in the Credential text box, and retype the password in the Confirm Credential text box.

  17. Type the base distinguished name of the user in the User Base DN text box. This setting is the value that classifies users for searching and location, including the user that starts the WebLogic Server.

    Contact your local system administrator for the proper settings.

  18. In the User From Name Filter text box, replace cn with sAMAccountName. For example, the entry should look similar to the following: 

    (&(sAMAccountName=%u)(objectclass=user))

  19. Type sAMAccountName in the User Object Class text box replacing the existing text.

  20. Type the base distinguished name of the group in the Group Base DN text box. This is the value under which all the groups are searched and located, including the group of the user that starts the WebLogic Server.

    Contact your local system administrator for the proper settings.

  21. Clear (uncheck) the Cache Enabled check box.

  22. Click Save.

  23. Click the Providers link at the top of the console.

  24. Click the DefaultAuthenticator link in the Name column.

    The DefaultAuthenticator screen appears.

  25. Select SUFFICIENT from the Control Flag list.

  26. Click Save.

  27. Click Activate Changes in the upper left corner of the console.

    A message appears stating that all of your changes have been activated. Now you need to stop and restart the WebLogic Server.

  28. Click SEE, the domain name of the WebLogic server that you are using, at the top of the left side of the console.

    Note: This link will have a different name if you did not use the provided domain name setting during the domain creation as described in Creating the WebLogic Domain Using the SIMULIA Execution Engine Administration Server Template.

  29. Click the Control tab on the right side of the console.

    A list of servers appears.

  30. Click AdminServer(admin).

  31. Click Shutdown, and select When work completes from the list that appears.

  32. Click Yes to verify the shutdown.

    The server is stopped.

  33. Perform one of the following actions, based on your operating system:

    • Windows: Open a Command Prompt window, and execute the startWebLogic.cmd file in the <weblogic_install_dir>/user_projects/domains/<SEE_domain_name> directory.

    • Linux: Open a terminal window, and execute the ./startWebLogic.sh command in the <weblogic_install_dir>/user_projects/domains/<SEE_domain_name> directory.

  34. Type the username and password for starting the WebLogic server.

  35. Refresh your Web browser.

  36. Log back into the WebLogic Administration Console.