Infosys’ blog on industry solutions, trends, business process transformation and global implementation in Oracle.

« Analytics and the APP! | Main | Unravel the mysteries around Equity Overrides »

Facing Authentication issue for ADLDS using ActiveDirectoryAuthenticator

 

In few Projects, Uses Active Directory Lightweight Directory Services (AD LDS), formerly known as Active Directory Application Mode (ADAM) and used to setup external LDAP for authentication in OBIEE.

In one of our project, we had scenario to configure LDAP authentication using Active Directory Lightweight Directory Services (AD LDS) in OBIEE. We have tried to configure LDAP type as ActiveDirectoryAuthenticator and faced issue to authenticate application. Sharing my experience below when configured LDAP as ActiveDirectoryAuthenticator and solution to Resolve issue.

ActiveDiretoryAuthenticator as Authenticator:

When configured ActiveDiretoryAuthenticator in Weblogic to access Active Directory Lightweight Directory Services (AD LDS) for authentication, authentication error is getting for valid user id even though AD LDS users and groups able to see in security realm.

Error:

The ActiveDiretoryAuthenticator uses attributes which are incompatible with the Active Directory Lightweight Directory Service (AD LDS). Specifically, the ActiveDirectoryAuthenticator uses the attribute User-Account-Control (UAC), which is used in the full version of ActiveDirectory, but is not used with the lightweight version. Therefore, the default ActiveDirectoryAuthenticator cannot be used with AD LDS.

Generic LDAPAuthenticator as Authenticator:

Microsoft ADAM is a lightweight implementation of Active Directory which does not provide all the services of the complete Active Directory provider. So we should not be using the Active Directory Authentication Provider to configure ADAM.

Solution for above issue to use the generic LDAPAuthenticator with AD LDS instead of using the ActiveDirectoryAuthenticator. Unable to start Admin server after configuring generic LDAPAuthenticator and getting below error.

Error:

Solution:

JPS will not support the generic LDAPAuthenticator by default, which will result in the server startup failure issue and JPS Error.

Add idstore.type property in the jps-config.xml file located under <domainhome>/config/fmwconfig to support the Generic LDAPAuthenticator to integrate WLS with the AD LDS Server and restart Admin Server service.

 

Note: take backup of jps-config.xml before modifying.

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Please key in the two words you see in the box to validate your identity as an authentic user and reduce spam.

Subscribe to this blog's feed

Follow us on

Blogger Profiles