Configuring Active Directory with Weblogic 8.1 SP4

Hello

I have added an Active Directory Authenticator in Weblogic 8.1 SP4. I am ab=
le to see the groups in "Users and Groups" section of Portal Administration=
but it is not fetching users under these groups. Can anyone please help me=
out

Thanks

Hi,

Can you please post the exact exception(If there is any).I have configured =
Active Directory Authenticator successfully with Bea weblogic 814.

Workaround:
You need to configure the Users Tab in the weblogic admin console.Need to e=
nter the user base dn and User Name Attribute Field Example:

OU=3Dbeateam,DC=3Dcompanybea,DC=3Dcom and=20
user name attribute field =3D sAMAccountName

Thanks
Bishnu

Hi Bishnu=20

Thanks for your help. In my case, the value of user base dn is 'ou=3Dusers,=
dc=3DTESTING,dc=3DCOM' but Which value should i provide to User Name Attrib=
ute Field. Should it be name of any particular user or any expression.

Please help

Thanks
Amir

Amir,

In active directory by default there is "sAMAccountName" username attribute=
..You can give this name it shoud work.


Thanks

Hi bishnu

Previously I was using 'cn' for username attribute. I have replaced it with=
"sAMAccountName" but it had no effect.

In my admin portal "Users and Groups" section the tree is showing Groups (S=
ecurity Groups, Security Groups - Local Domain etc) but it is not showing a=
ny user.

Hi Bishnu

Below are my setting. Please review if you can find any error

User Tab
---------
User Object Class:=09user
User Base DN:=09=09ou=3Dusers,dc=3DTESTING,dc=3DCOM
User Name Attribute:=09cn
User From Name Filter:=09(&(cn=3D%u)(objectclass=3Duser))

Group Tab
----------
Group Base DN:=09=09dc=3DTESTING,dc=3DCOM
Group Object Class:=09group

Group From Name Filter:=09(&(cn=3D%g)(objectclass=3Dgroup))

Please help

Thanks
Amir

Amir,

Please modify your entry according to the below sample

Active Directory :
Host:the ip of the machine where Active Directory is installed
Port:389
Principal :CN=3DAdministrator,CN=3DUsers,DC=3Dsamplebea,DC=3 Dcom
Users:
User Name Attribute :sAMAccountName
User Base DN:OU=3Dbeateam,DC=3Dsamplebea,DC=3Dcom
Groups:
Group Base DN:OU=3Dbeateam,DC=3Dsamplebea,DC=3Dcom
Also make the control flag of the ActiveDirectoryAuthenticator and Default=
Authenticator equals to SUFFICIENT and restart the server.

That should work. If there is any error or exception please post that.

Regards
Bishnu

Hi Bishnu

I have tried these settings but when I restart the sever and checked "Users=
and Group" section, there is no tree of groups (in both 'DefaultAuthentica=
tor & ActiveDirectoryAuthenticator'). Whereas with previous settings it was=
showing groups in tree. On selecting 'ActiveDirectoryAuthenticator' it pro=
mpts an error saying "-An unrecoverable error has been encounter while buil=
ding the Group Hierarchy cache. Defaulting to text entry mode."

In left it shows a textfield asking for 'Enter Group Name'. If I enter "use=
rs" (my intended group name) and press "select" button following exception =
trace is shown=20

Error 500--Internal Server Error=20
netscape.ldap.LDAPException: error result (32); 0000208D: NameErr: DSID-031=
001CD, problem 2001 (NO_OBJECT), data 0, best match of:
=09'DC=3DTESTING,DC=3DCOM'
; matchedDN =3D DC=3DTESTING,DC=3DCOM
=09at netscape.ldap.LDAPConnection.checkMsg(LDAPConnecti on.java:4855)
=09at netscape.ldap.LDAPConnection.checkSearchMsg(LDAPCo nnection.java:2619)
=09at netscape.ldap.LDAPConnection.search(LDAPConnection .java:2591)
=09at weblogic.security.providers.authentication.LDAPAtn Delegate.listGroups=
(LDAPAtnDelegate.java:1393)
=09at weblogic.security.providers.authentication.LDAPAut henticatorImpl.list=
Groups(LDAPAuthenticatorImpl.java:127)
=09at sun.reflect.NativeMethodAccessorImpl.invoke0(Nativ e Method)
=09at sun.reflect.NativeMethodAccessorImpl.invoke(Native MethodAccessorImpl.=
java:39)
=09at sun.reflect.DelegatingMethodAccessorImpl.invoke(De legatingMethodAcces=
sorImpl.java:25)
=09at java.lang.reflect.Method.invoke(Method.java:324)
.....

With reference to me previous post, below are the complete configurations t=
hat generated the error explained in previous post

General
-------
Control Flag: SUFFICIENT

Active Directory
----------------
Host: IP of server where AD is installed
Port: 389
Principal:CN=3DAdministrator,CN=3DUsers,DC=3DTESTI NG,DC=3DCOM
Credential: password

Users
------
User Object Class: user
User Name Attribute: sAMAccountName
User Base DN: OU=3Dusers,DC=3DTESTING,DC=3DCOM
User From Name Filter: (&(objectclass=3Duser))

Groups
-------
Group Base DN: OU=3Dusers,DC=3DGHQTESTING,DC=3DCOM
Group From Name Filter: (&(cn=3D%g)(objectclass=3Dgroup))
Static Group Object Class: group
Static Group Name Attribute: cn

Membership
----------
Static Member DN Attribute: member
Static Group DNs from Member DN Filter: (&(member=3D%M)(objectclass=3Dgroup=
))


Looking forward for your help=20
Thanks
Amir

actually=20

User Name Attribute: and User From Name Filter shoudl be same to filter w=
ork

e.g., User Name Attribute: mail
User From Name Filter&(mail=3D%u)(objectclass=3Duser))