Creating an hierarchical user structure in embedded LDAP of weblogic
Users and groups are essential for the assignment of tasks in BPM and/or BPEL. On a production environment a seperate LDAP server is used, with it’s own administration tools. On a development enviromnent however, the embedded ldap in weblogic is used very often, giving you the flexibility to create your own users and groups. Administration of the embedded ldap is done trough the weblogic console.
However the creation of a hierarchy between users is not possible using the console for the embedded ldap. The manager property neccesary to create the hierarchy is unfortunately unavailable.
User hierarchy is very usable in task assignment from BPM and/or BPEL so how to assign managers? In this blog I will describe how to create this hierarchy using an external ldap browser.
The first step is to configure the embedded ldap. The credentials for weblogic must be specified so you can access is using an external ldap browser.
- Open the weblogic console
- Click on your domain
- In the domain settings window, click Security, then on Embedded LDAP
- Set the credentials
- Then restart the weblogic server
Download and install an LDAP browser, I used JXplorer.
Create a connection to ldap running on weblogic server.
- Hostname: your_host_name
- Port: port of admin server
- Protocol: LDAP v2
- DSML Service: empty
- Base DN: DC=your_domain_name
- Security level: User + Password
- User DN: CN=Admin, don’t use weblogic
- Password: credentials set in weblogic console
- You will see a navigator showing your groups and users
Using this browser it is possible to administrate users and or groups. Our goal was to create user hierarchy like for example a manager – employee relation. Let’s assume we have the users, king (the boss), john and josh (the managers) and Andrew and Adrian as employees. The following hierarchy must be created.
This should be done by specifying each users manager.
In JXplorer select the user John, on the other tab in the html view specify his manager. Here you should use the whole ldap path to the user id of the manager.
The syntax of this path is: uid=uid_of_the_manager,ou=people,ou=myrealm,dc=your_domain_name
Using the values for king results in the property value for the manger of john and josh.
This hierarchy can be visualized using jdeveloper using the identity lookup, on for example the assignment tab of a task definition. Search for john and click on hierarchy, king is shown as manager.
Next select john and click on reportees, andrew is shown as reportee.
Repeat this for josh. As you can see the whole hierarchy is created and ready to be used in task assignment.
I used the preconfigured virtual box provided by Oracle
- The AMIS Summary of Oracle OpenWorld 2013 is available for download – 60-page white paper
- WebLogic & FMW Provisioning update
- The road ahead for WebLogic 12c
- Case Study: A Case of Fusion Middleware
- Het Oracle OpenWorld Preview Evenement (5 september 2013) – 15 sprekers & sessies
- (2/2) Using the MetaData Services (MDS) in a SOA environment
- Fanning Out Events on the Oracle SOA Suite 11g Event Delivery Network
- Oracle SOA Suite 11g PS 5 introduces BPEL with conditional correlation for aggregation scenarios
- Configuration of BAM and BPM for process analytics
- 5 november: Masterclass SOA voor Oracle Database Professionals