Weakly Reachable

... until the collector arrives ...

This "blog" is really just a scratchpad of mine. There is not much of general interest here. Most of the content is scribbled down "live" as I discover things I want to remember. I rarely go back to correct mistakes in older entries. You have been warned :)

2006-01-12

BEA WebLogic ActiveDirectory Configuration

In the console:

  1. select the default realm in the Security/Realms node.
  2. select the Providers/Authentication node
  3. configure a new Active Directory Authenticator
  4. set Host to the AD server (e.g. dc.mm.local)
  5. set Principal to the DN of a user account that can query the LDAP server (e.g. CN=Service Account,OU=Service Accounts,OU=mm,DC=mm,DC=local)
  6. set Credential to the password for the user account
  7. switch to the Users tab
  8. set User Object Class to user
  9. set User Name Attribute to sAMAccountName
  10. leave User Dynamic Group DN Attribute blank
  11. set User Base DN to the root of the user tree (e.g. DC=mm,DC=local)
  12. set User From Name Filter to (&(sAMAccountName=%u)(objectclass=user))
  13. switch to the Groups tab
  14. set Group Base DN to the base of the group tree (e.g. DC=mm,DC=local)
  15. set Static Group Object Class to group
  16. set Static Group Name Attribute to cn
  17. switch to the Details tab
  18. check Use Token Groups for Group Membership Lookup
  19. Restart the server.
  20. Verify that these changes work by browsing the Users and Groups nodes under the realm.

Many of these settings can be figured out by browsing the AD LDAP tree using an LDAP browser.

Posted by at

Blog Archive