3

I've found out that you can access the WebLogic users through LDAP.

I'm using the embedded LDAP server from weblogic, and connecting to it using JXplorer, like diplayed in this post.

Is it possible to create another user that has the same privileges of the CN=Admin user?

Here is an example:

Using JXplorer, I connect to the LDAP embedded server using port 7001, usernerme CN=Admin and providing the credentials.

In <domain> -> <realm> -> <people> I'm able to list and edit all weblogic users. I then create the user 'Mary' (either using weblogic console or JXplorer), and assign her with the 'Administrator role'.

When I try to connect in JXplorer using CN=Mary, I get Error 49 - Invalid Credentials.

What am I doing wrong here, or simply it's not possible to create users that have this permission level?

Improve this question

2 Answers 2

Reset to default
1

There is a actually a Note on Oracle Support that describes this situation (for 10.3.2 and later, so presumably it still applies to 12c)

How To Browse Weblogic Embedded Ldap With User Id APART FROM CN=ADMIN From an External Ldap Browser (Doc ID 1347745.1)

Apparently you need to edit the access control file (acls.prop) used by WebLogic Server: http://docs.oracle.com/cd/E24329_01/web.1211/e24422/ldap.htm#i1102243 It is located in your $WLHOME/server/lib/acls.prop (so not in the domain itself)

There you can supply LDAP users with additional grants, in the form of: ou=groups,ou=myrealm,dc=mydomain|subtree#grant:r,s,p,c#[all]#:authzID-dn:uid=ldapuser,ou=people,ou=myrealm,dc=mydomain:

Also see: http://supermaninthemiddle.wordpress.com/2011/05/16/configuring-read-only-access-to-arbitrary-user-to-weblogic-server-embedded-ldap/

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

Your question is a little unclear... what are you trying to do? If you just want to add a new user you can do the following...

You can create a new user by using the admin console and going to:

Security Realms -> <realm name> -> Users and Groups -> New

If you want the new user to be an Admin you can do the following.

Edit the user and add them to the Administrators group OR

Security Realms -> <realm name> -> Roles and Policies -> Realm Roles -> 
Global Roles -> Admin

And editing the Role Conditions to include a new user or group, effectively giving them admin permissions.

Improve this answer

1 Comment

Thanks for your answer, but what I want is to know how I can create a weblogic user that has the same permissions than the user CN=Admin that I use to connect to the embedded LDAP server. I'm able to create users (using weblogic console or LDAP explorer), but those users don't have permissions to navigate in the LDAP explorer, even when I assign them with the Administrator role.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.