Creating an hierarchical user structure in embedded LDAP of weblogic

1

Introduction

Users and groups are essential for the assignment of tasks in BPM and/or BPEL. On a production environment a seperate LDAP server is used, with it’s own administration tools. On a development enviromnent however, the embedded ldap in weblogic is used very often, giving you the flexibility to create your own users and groups. Administration of the embedded ldap is done trough the weblogic console.

However the creation of a hierarchy between users is not possible using the console for the embedded ldap. The manager property neccesary to create the hierarchy is unfortunately unavailable.

User hierarchy is very usable in task assignment from BPM and/or BPEL so how to assign managers? In this blog I will describe how to create this hierarchy using an external ldap browser.

How to

The first step is to configure the embedded ldap. The credentials for weblogic must be specified so you can access is using an external ldap browser.

  • Open the weblogic console
  • Click on your domain
  • In the domain settings window, click Security, then on Embedded LDAP
  • Set the credentials
  • Save
  • Then restart the weblogic server

Download and install an LDAP browser, I used JXplorer.
Create a connection to ldap running on weblogic server.

  • Hostname: your_host_name
  • Port: port of admin server
  • Protocol: LDAP v2
  • DSML Service: empty
  • Base DN: DC=your_domain_name
  • Security level: User + Password
  • User DN: CN=Admin, don’t use weblogic
  • Password: credentials set in weblogic console
  • “OK”
  • You will see a navigator showing your groups and users

Using this browser it is possible to administrate users and or groups. Our goal was to create user hierarchy like for example a manager – employee relation. Let’s assume we have the users, king (the boss), john and josh (the managers) and Andrew and Adrian as employees. The following hierarchy must be created.

King
-John
–Andrew
-Josh
–Adrian

This should be done by specifying each users manager.
In JXplorer select the user John, on the other tab in the html view specify his manager. Here you should use the whole ldap path to the user id of the manager.

The syntax of this path is: uid=uid_of_the_manager,ou=people,ou=myrealm,dc=your_domain_name
Using the values for king results in the property value for the manger of john and josh.
This hierarchy can be visualized using jdeveloper using the identity lookup, on for example the assignment tab of a task definition. Search for john and click on hierarchy, king is shown as manager.

Next select john and click on reportees, andrew is shown as reportee.

Repeat this for josh. As you can see the whole hierarchy is created and ready to be used in task assignment.

Resources

I used the preconfigured virtual box provided by Oracle

Share.

About Author

1 Comment

  1. Simply awesome … all steps clearly explained … just the doc I was looking for after being stuck for sometime …
    keep them coming

Leave a Reply