Monday, August 25, 2008

Finally Embedded LDAP dependency is gone!

WebLogic Security Realm is a collection of configuration that protects a WebLogic Domain, its application and resources. Until WebLogic Server 10.3 the default store (Security Provider Database) used for security configuration such as users, groups, roles, policies etc. is the Embedded LDAP Server. But many customers want to externalize these information from WebLogic's Embedded LDAP Server. Different options are available only to externalize the authentication information to an external LDAP server, RDBMS etc. But still other information like authorization information, role mapping etc. stayed within the Embedded LDAP server.

With WebLogic Server 10.3 now you can choose to use an external RDBMS as a security provider database to store all security provider information. This removes the dependency of Embedded LDAP server. The other options is to build custom security providers which can use properties file as security provider database. Now you can build a WebLogic domain with no dependency to bundled Embedded LDAP server.

See http://edocs.bea.com/wls/docs103/secintro/realm_chap.html#wp1033627 for more info on how to configure a RDBMS based security provider database. One of the key thing to note is that the tables should be manually created using the appropriate *.sql file available from BEA_HOME/wlserver_10.3/server/lib directory. The domain's security provider database can be based on RDBMS when you create the domain using Configuration Wizard or later using Administration Console. Also the default Authentication Provider that comes with the default security realm - myrealm is Embedded LDAP based. So if you want to completely avoid the dependency with Embedded LDAP server then after the domain is created you have to create an Authentication provider that will use an external user repository (RDBMS, external LDAP etc.)

You can configure a domain to use RDBMS based security provider database during the domain creation using Domain Configuration Wizard.



But make sure that the tables are created before starting the Administration server according to the *.sql files provided with WebLogic installation.




If you created the domain with the default configuration (Embedded LDAP server as the security provider database) then you can change the domain configuration later to use RDBMS based security provider database.



Will meet you all with more exciting new features from Oracle WebLogic Server 10gR3!
Posted by Bala Kothandaraman at 5:31 PM
Labels:

3 comments:

  1. Chris GiddingsDecember 16, 2008 at 12:52 PM

    How would one configure WLS 10 to utilize LDAP to define roles and global roles within the environment so as to control access?

    ReplyDelete
  2. AnonymousMarch 22, 2010 at 9:15 PM

    Understandably your article helped me terribly much in my college assignment. Hats afar to you send, choice look ahead for more related articles without delay as its sole of my pick issue to read.

    ReplyDelete
  3. AnonymousApril 22, 2010 at 11:00 PM

    Sorry for my bad english. Thank you so much for your good post. Your post helped me in my college assignment, If you can provide me more details please email me.

    ReplyDelete

Subscribe to: Post Comments (Atom)