zoukankan      html  css  js  c++  java
  • Weblogic中配置Active Directory Authentication Provider

    其要点或者容易出错的关键点是:(<>及其中说明代表需要替换的内容)

            Host: ads.yourdomain.com         Host填AD服务器的域名或IP

             Port: 389                                       Port默认389端口,可以用telnet <ad server ip>  389  来测试你的域控端口是否可以访问

             Principal: cn=Administrator,cn=Users,dc=yourdomain,dc=com         cn填管理员用户名,dc dc 把域名拆开写就可以了

             Credential: ******* 你的管理员密码

      Confirm Credential: ******* 再一遍

         Users

          User Base DN:               cn=Users,dc=yourdomain,dc=com        

          User From Name Filter: (&(samAccountName=%u)(objectclass=user))

          User Name Attribute:      samAccountName

        

         Groups

         Group Base DN:              cn=Users,dc=yourdomain,dc=com        

         Group From Name Filter:  (&(cn=%g)(objectclass=group))

    具体参考下文  http://www.weblogic-wonders.com/weblogic/2010/12/04/configuring-active-directory-authenticator-with-weblogic-server/

    Configuring Active Directory Authenticator with Weblogic Server

    Weblogic Server comes with an Embedded LDAP Server which acts as the Default Provider for authentication, authorization and rolemapping.Since authentication is based on JAAS ( Java Authentication and Authorization Service), we can have external providers as well.These providers can be Out Of the Box Providers provided by WLS or Custom Providers which can be plugged in. I’ll discuss that in some other article.

    These are some of the providers


    WLS does provide an out of the box provider for Active Directory.
    These are the steps to configure it.
    Step 1). Open Active Directory Console

    Step 2). Create a User

    Step 3). Assign it to Administrator Group. This is required as Active Directory gives connection only to Admin User.

    Step 4). Go to Weblogic Server and Create an Active Directory Authentication Provider

    Step 5) Under Provider Specific, provide the following values, leave the others as default.

    Propagate Cause For Login Exception ( checked)
    Principal :CN=aduser,CN=Users,DC=faisal,DC=bea,DC=com
    User Base Dn : CN=Users,DC=faisal,DC=bea,DC=com
    Credential : XXXXXX
    Group Base Dn: CN=Users,DC=faisal,DC=bea,DC=com

    You should see the following in the config.xml

    <sec:authentication-provider xsi:type=”wls:active-directory-authenticatorType”>
    <sec:name>ActiveDirectory</sec:name>
    <sec:control-flag>SUFFICIENT</sec:control-flag>
    <wls:propagate-cause-for-login-exception>false</wls:propagate-cause-for-login-exception>
    <wls:principal>CN=aduser,CN=Users,DC=faisal,DC=bea,DC=com</wls:principal>
    <wls:user-base-dn>CN=Users,DC=faisal,DC=bea,DC=com</wls:user-base-dn>
    <wls:credential-encrypted>{3DES}YoOwqSH1jxsOlvUmAYOENw==</wls:credential-encrypted>
    <wls:group-base-dn>CN=Users,DC=faisal,DC=bea,DC=com</wls:group-base-dn>
    </sec:authentication-provider>

    Step 6) Change the control flag of the Active Directory Authenticator and the Default Authenticator to SUFFICIENT

    Step 7) Restart your server. Go to myrealm. You should be able to see the users and groups from the Active Directory.

  • 相关阅读:
    动态规划股票购入卖出
    输入两棵二叉树A,B,判断B是不是A的子结构。(ps:我们约定空树不是任意一个树的子结构)
    java模拟死锁
    从上往下打印出二叉树的每个节点,同层节点从左至右打印。
    java 多线程
    把只包含质因子2、3和5的数称作丑数(Ugly Number)。例如6、8都是丑数,但14不是,因为它包含质因子7。 习惯上我们把1当做是第一个丑数。求按从小到大的顺序的第N个丑数。
    目录操作
    获取文字高度以及根据label内容来调整label的高度
    视图抖动动画
    带有背景显示加载中的activity
  • 原文地址:https://www.cnblogs.com/jans2002/p/4760414.html
Copyright © 2011-2022 走看看