Active Directory

How to configuring Active Directory with Weblogic ,WebCenter ,UCM ?

this post contain procedure for configuring Active Directory with Weblogic , WebCenter Content

you will find some External Links with screenshot

firstly Active Directory Modification

you need to make some modification on active directory

Remove all admin privileges on ECM admins account but after you do these steps and confirm with me first

Use normal user to integrate Active directory with Oracle UCM so please follow the following steps to create the user

a.       Open up Active Directory Sites and Services

b.       Highlight servers , then right-click and choose Delegation.

c.       This will start the Delegate Control Wizard. Add the audit user’s account.

d.      Choose Custom and select all the objects you want the auditor to manage (User, OU, etc.).

e.       Choose the all read permissions you want them to have .

creating active directory provider

follow steps for creating active directory provider from one of the following links

How to Configure Active Directory with Weblogic Server?  (the part of Roles not important)

for exploring Active Directory try the following explorer

download the following light Active Directory Explorer from here

for active directory provider details here’s example
the following not get all users

Principal:CN=Service Oracle SSO,OU=Service,DC=elec,DC=gov,DC=eg
Credential:password
User Base DN:CN=Users,DC=elec,DC=gov,DC=eg
All Users Filter:(objectclass=user)
User From Name Filter:(&(cn=%u)(objectclass=user))
User Name Attribute:sAMAccountName
User Object Class:user
Use Retrieved User Name as Principal:true
Group Base DN:OU=Groups,DC=elec,DC=gov,DC=eg
All Groups Filter:(&(sAMAccountName=*)(objectclass=group))
Group From Name Filter:(&(sAMAccountName=%g)(objectclass=group))

keep static groups with default configuration

the following setting only  all 1000 user and all groups

Principal:CN=Service Oracle SSO,OU=Service,DC=elec,DC=gov,DC=eg
Credential:password
User Base DN:DC=elec,DC=gov,DC=eg
All Users Filter:(objectclass=user)
User From Name Filter:(&(sAMAccountName=*)(objectclass=user))
User Name Attribute:sAMAccountName
User Object Class:user
Use Retrieved User Name as Principal:true
Group Base DN:DC=elec,DC=gov,DC=eg
All Groups Filter:(&(sAMAccountName=*)(objectclass=group))
Group From Name Filter:(&(sAMAccountName=%g)(objectclass=group))
keep static groups with default configuration

2 second method will give exception size limit excceeds
Caused by: netscape.ldap.LDAPException: error result (4); Sizelimit exceeded

another Example for provider configuration

Principal: CN=weblogic,CN=Users,DC=

mydomain,DC=it where “mydomain” is set to my domain name
SSLEnabled: NO
User Base DN: CN=Users,DC=mydomain,DC=it
All Users Filter: (objectclass=user)
User From Name Filter: blank
User Search Scope: subtree
User Name Attribute: sAMAccountName
User Object Class: user
Use Retrieved User Name as Principal YES

Group Base DN: DC=mydomain,DC=it
All Groups Filter: (objectclass=group)
Group From Name Filter: (&(cn=%g)(objectclass=group))
Group Search Scope: subtree
Group Membership Searching: unlimited
Max Group Membership Search Level: 0
Ignore Duplicate Membership NO
Use Token Groups For Group Membership Lookup NO

Static Group Name Attribute: cn
Static Group Object Class: group
Static Member DN Attribute: member
Static Group DNs from Member DN Filter: (&(member=%M)(objectclass=group))

another Example for provider configuration

host: 172.16.50.5
port :389
principal:CN=user,CN=Users,DC=foli,DC=codo,DC=com,DC=sa
Credential:user
Confirm Credential:user
SSLEnabled:false
User Base DN:DC=foli,DC=codo,DC=com,DC=sa
All Users Filter:(objectclass=user)
User From Name Filter:
User Search Scope:subtree
User Name Attribute:sAMAccountName
User Object Class::user
Use Retrieved User Name as Principal:true
Group Base DN:DC=foli,DC=codo,DC=com,DC=sa
All Groups Filter:(objectclass=group)
Group From Name Filter:(&(cn=%g)(objectclass=group))
Group Search Scope:subtree
Group Membership Searching:unlimited
Max Group Membership Search Level:0
Ignore Duplicate Membership:false
Use Token Groups For Group Membership Lookup:true
Static Group Name Attribute:cn
Static Group Object Class:group
Static Member DN Attribute:member
Static Group DNs from Member DN Filter:(&(member=%M)(objectclass=group))
Connection Pool Size:6
Connect Timeout:0
Connection Retry Limit:1
Parallel Connect Delay:0
Results Time Limit:0
Keep Alive Enabled:false
Follow Referrals:true
Bind Anonymously On Referrals:false
Propagate Cause For Login Exception:false
Cache Enabled:true
Cache Size:32
Cache TTL:60
GUID Attribute:objectguid

Provider Not Display All users

some times the user provider can’t retrieve all users  ,here’s a troubleshoot  for solving this issue

Troubleshooting Active Directory ( not all users from AD are displayed in the “Users and Groups ” tab )

Mapping Active Directory Users With UCM Roles

for mapping between Active Directory groups and UCM Role  (the last of that post and you will found credential maps on UCM  )

Cradintial Map on UCM for Active Directory UCM maping

Advertisements