GOOD DAY,,,
In a production system, Oracle Enterprise Content Management Suite applications need to use an external Lightweight Directory Application Protocol (LDAP) authentication provider. You need to re-associate the identity store for your application with one of the following external LDAP authentication providers before you complete the configuration of a Managed Server, before you connect a Managed Server to a repository, and before the first user logs in to the application:
3) Click on 'myrealm' and the following page appears
Click on 'Providers' link as marked above
4) Providers page appears
Select 'New' to create a new providers
5) Screen to enter their 'Name' and 'Type' for the new provider appears
Using the arrow buttons, move the newly created provider to the top of the
list and click 'Ok'
page gets displayed.
Select 'Control Flag' as 'Sufficient' for the newly created provider and click
15) The next step is to map the groups from AD to UCM/Oracle
Webcenter Groups
For that we need to create 'Roles' in Oracle Webcenter Content ,
with the same name as that of Groups
As given the screen shot above, we need to create Roles and assign rights to them.
17) Once the servers are restarted, login to Oracle Webcenter Content with the
In a production system, Oracle Enterprise Content Management Suite applications need to use an external Lightweight Directory Application Protocol (LDAP) authentication provider. You need to re-associate the identity store for your application with one of the following external LDAP authentication providers before you complete the configuration of a Managed Server, before you connect a Managed Server to a repository, and before the first user logs in to the application:
Unlike the previous versions, LDAP provider needs to be configured in Weblogic server NOT IN UCM.
Steps to integrate Microsoft's active directory is as follows:
1) Login to weblogic console of the domain and navigate to 'Domain Structure'
as given below
1) Login to weblogic console of the domain and navigate to 'Domain Structure'
as given below
2) On click of 'Security Realms, following page appears
Click on 'Providers' link as marked above
4) Providers page appears
Select 'New' to create a new providers
5) Screen to enter their 'Name' and 'Type' for the new provider appears
For active directory the type should be : ActiveDirectoryAuthenticatorLDAP
Authentication Provider Authenticator Type
Microsoft AD ActiveDirectoryAuthenticator
Click 'Ok'
6) Settings for 'my realm' appears as given below. The newly created provider should be the first on in the list. To do that, we
need to reorder the listing of providers using ‘Reorder’.
Reorder page appears as given below
Using the arrow buttons, move the newly created provider to the top of the
list and click 'Ok'
On clicking 'Ok' , providers list will be updated as given below
7) Click on the newly created provider name and ‘Settings for
'Save'.
8) After changing the control flag and saving the settings click on ‘Provider
Specific’ tab in the same page.
‘Settings’ page for the new provider gets displayed as given below
9) To connect the specific provider, we need to provide the details Set Provider
Specific values in the following fields, and leave default values in the other
fields:
Set connection Details
. Host: The host name or IP address of the LDAP server.
. Port: The Oracle Internet Directory Port, 389 by default.
. Principal: The Distinguished Name (DN) of the LDAP user that Oracle
WebLogic Server should.
. Principal: The Distinguished Name (DN) of the LDAP user that Oracle
WebLogic Server should.
. use to connect to the LDAP server; for example:
. cn=orcladmin
. Credential: The credential used to connect to the LDAP server (usually a
password).
. Confirm Credential: The same value as for the Credential field.
Group Details
. cn=orcladmin
. Credential: The credential used to connect to the LDAP server (usually a
password).
. Confirm Credential: The same value as for the Credential field.
User Details
. User Base DN: The base distinguished name (DN) of the tree in the LDAP
directory that contains users; for example: cn=users,dc=example,dc=co
. Note: Use an exact DN rather than a top-level DN. Using a top-level DN
would provide access to all the default users and groups under the DN,
giving access to more users than required by the application.
directory that contains users; for example: cn=users,dc=example,dc=co
. Note: Use an exact DN rather than a top-level DN. Using a top-level DN
would provide access to all the default users and groups under the DN,
giving access to more users than required by the application.
. Use Retrieved User Name as Principal: Specifies whether or not the user
name retrieved from the LDAP server should be used as the Principal value.
name retrieved from the LDAP server should be used as the Principal value.
. Group Base DN: The base distinguished name (DN) of the tree in the LDAP
directory that contains groups; for example:
directory that contains groups; for example:
cn=groups,dc=example,dc=com
After specifying connection, users and groups details. click on 'save' to save all the details.
Groups
10) Go back to the list of providers screen (my realm page) and click on the
default provider as give below
‘Settings’ page for the default provider opens as given below Change the control flag for the ‘default provider’ to ‘Sufficient’ and click ‘Save’
Verify whether the user names/groups listed above are coming from the
newly configured provider by checking the ‘Provider’ column for each user as
given in the screen shot.
Webcenter Groups
For that we need to create 'Roles' in Oracle Webcenter Content ,
with the same name as that of Groups
As given the screen shot above, we need to create Roles and assign rights to them.
16) The next steps is to map the groups to these roles using credential mapping
For that we need to create a credential mapping as given below
Once the credential mapping is added as given above, an entry for the
mapping should be added into the providers For that navigate to the
provider.hda file for jps provider located at
"domain_name"ucm/cs/data/providers/jpsprovider
There in add the following variable:
ProviderCredentialsMap="map name created above"
Save the file and restart UCM server .
AD users and verify the access rights.
Enjoy,
Mohammad K. Faidi
"Think Positive"
"Think Positive"