Embedded LDAP Provider
WebLogic Server includes an embedded LDAP server that acts as the default security provider data store for the Default Authentication, Authorization, Credential Mapping, and Role Mapping providers. The performance of the embedded LDAP server is best with fewer than 10,000 users.[2] If you have more users, consider using a different LDAP server and Authentication provider.
The embedded LDAP server in WebLogic Server contains user, group, group membership, security role, security policy, and credential map information. By default, each WebLogic Server domain has an embedded LDAP server configured with the default values set for each attribute. The WebLogic Authentication, Authorization, Credential Mapping, and Role Mapping providers use the embedded LDAP server as their database. If you use any of these providers in a new security realm, you may want to change the default values for the embedded LDAP server to optimize its use in your environment.
WebLogic Authentication Provider
The WebLogic Authentication provider, also known as the DefaultAuthenticator, accesses user and group information in WebLogic Server's embedded LDAP server. In the next section, we will discuss what's the difference between this provider and other 3rd-party providers.
Difference: Creating Users from Admin Console
When using the WebLogic Server Administration Console, or WLST,[9] you can create users[7] only in the following databases:
- The embedded LDAP server, configured with the WebLogic Authentication provider (DefaultAuthenticator)
- An RDBMS system that is configured with a valid SQL Authentication provider.
Summary
The embedded LDAP provider is unique in this way—it is managed via MBeans that are specific to WebLogic and the default LDAP server. The WebLogic Server Administration Console doesn't provide an MBean administrative layer for 3rd-party providers. For example, if you have installed openLDAP as the new authenticator provider and click on New to add users, you will get only the option of DefaultAuthenticator in the drop-down list. In other words, to create new users for other providers, you need to use the tools available with those stores.[3,9]
References
- Understanding Authentication Security Providers in Oracle WebLogic
- Managing the Embedded LDAP Server
- LDAP Data Interchange Files (LDIF)
- Oracle WebLogic Server Administration Console
- Configuring Authentication Providers
- Manage Users and Groups
- Create Users
- OpenLDAP
- Migrating Data with WLST
- WebLogic Server 12c and WebLogic Server 11g Releases (OTN)
No comments:
Post a Comment