Oracle SOA Suite 12c: The LDAPAdapter, a quick and easy tutorial

0

In enterprises, LDAP servers are often used to store user credentials and groups and share them among applications. Oracle SOA Suite 12c introduces a new technology adapter; the LDAPAdapter which allows easy integration with LDAP servers. In this blog post I will provide a quick and easy howto on installation of an LDAP server and browser (ApacheDS and Apache Directory Studio). I will also describe the configuration required to use the LDAPAdapter and provide an example BPEL process which allows creation of new users in the ApacheDS LDAP server by means of webservice calls.

IntroSOASuiteLDAP

Setting up the LDAP server

Installing an LDAP server

For this example I’ll use ApacheDS as LDAP server and Apache Directory Studio as LDAP browser. First download and install Apache Directory Studio from http://directory.apache.org/studio/. Next create an LDAP server. Click the LDAP server tab in the bottom left corner and click New Server.

CreateNewLDAPServer

Select ApacheDS 2.0.0 and click finish.

CreateNewLDAPServer2

Now you can start the server by selecting it and clicking the green play button.

Create a connection to the LDAP server

Next to the LDAP Servers tab, there is a Connections tab. Create a new connection. Use localhost and port 10389.

CreateNewLDAPServer3

Click Next and fill in the following credentials: Bind DN or User: uid=admin,ou=system and Bind password: secret.

CreateNewLDAPServer4

You can now connect to your newly created server and browse it.

CreateNewLDAPServer5

Configuring Weblogic

Target the adapter

In Weblogic Server you need to configure a connection factory in the adapter configuration. First login to Weblogic console and click on the LdapAdapter.

CreateWeblogic01

The adapter is by default not targeted. You should specify a target if you want to use it. In my case (JDeveloper integrated Weblogic server) only one target can be selected: DefaultServer. Set the target and save.

CreateWeblogic02
This is required in order to access the connection factories provided by the adapter and for example browse for them in JDeveloper.

Configure the connection factory

Go to the configuration of the LdapAdapter, Outbound Connection Pools.

CreateWeblogic03

I decided to configure eis/ldap/master. Click on that and provide the required settings (see screenshot).

CreateWeblogic04

The first time when configuring a connection factory for an adapter, Weblogic asks for the name of the configuration plan to use. It’s a good practice to use a name which makes clear for which adapter the configuration is (or put it in a separate directory per adapter). For example PlanLdap.xml.

After the configuration is complete, restart the server. The LdapAdapter cannot be updated like the DbAdapter. It is more similar to the BamAdapter in behavior. The adapter is deployed upon server start. Upon deployment, a configuration change is applied.

JDeveloper

Configuring the LdapAdapter

Create an application, create an empty project with a synchronous BPEL 2.0 process. In the composite editor, drag the new LDAP adapter to the References lane to start configuring. The default password is still secret.

CreateJDeveloper01

Using the browse button (magnifying glass after the JNDI Name field). You can select the eis/ldap/master. If you can’t, you forgot to target the adapter.

CreateJDeveloper02

Choose ‘Add’ as the outbound operation. Use the following classes: inetOrgPerson and person. Use uid, userPassword as fields.

CreateJDeveloper03

Now you can Next, Finish to the end of the wizard and fill in details of the BPEL process calling the LDAP Server.

Seeing it work

I’ve created a small BPEL process which calls the adapter. Since it’s relatively easy I will not provide screenshots for it. Mind the following though: the userPassword should be at least 5 characters and should not contain the username. I’ve chosen ‘Welcome01′ for this. The dn should be as can be seen in the below screenshot example. You can create it by means of concatenation. Using the Test Webservice screen from Fusion Middleware Control, we can see my service can successfully call the LDAP server.

CreateWorks01

CreateWorks02

In Apache Directory Studio you can confirm the user actually has been created.

CreateWorks03
Check to see if a user is actually created in the LdapServer! The LdapAdapter will return success even if it has failed (or the server did not return a correct failure result). For example after a successful request, I could see in the domain log file entries like:

org.opends.sdk.ConstraintViolationException: Constraint Violation: CONSTRAINT_VIOLATION: failed for MessageType : ADD_REQUEST
Message ID : 6
Add Request :
Entry
dn[n]: uid=maartenmaarten,ou=users,ou=system
objectClass: inetOrgPerson
objectClass: person
uid: maartenmaarten
userPassword: '0x6D 0x61 0x61 0x72 0x74 0x65 0x6E 0x6D 0x61 0x61 0x72 0x74 0x65 0x6E '
sn: maartenmaarten
cn: maartenmaarten
: Password shouldn't contain parts of the username
at org.opends.sdk.ErrorResultException.wrap(ErrorResultException.java:164)
at com.sun.opends.sdk.ldap.AbstractLDAPFutureResultImpl.setResultOrError(AbstractLDAPFutureResultImpl.java:159)
at com.sun.opends.sdk.ldap.LDAPClientFilter$1.addResult(LDAPClientFilter.java:93)
at com.sun.opends.sdk.ldap.LDAPClientFilter$1.addResult(LDAPClientFilter.java:73)

The user was not created in this case. In a process flow you can of course also use the LdapAdapter again to search for the user you have just created to confirm it was successful.

Conclusion

In this quick howto I have used the example of adding a user by means using the new Oracle SOA Suite 12c LdapAdapter. Of course there are many situations in which this adapter will useful and the adapter is capable of much more then what I’ve just described. Read for example http://docs.oracle.com/middleware/1213/adapters/develop-soa-adapters/adptr_ldap.htm#TKADP2901. Other use cases for the adapter could be if you have users stored in different systems and want to create users in all of them by means of a single service call or if you want to use information (such as groups or e-mail addresses) available from a provided LDAP server. Using the LdapAdapter, you can provide an abstraction to certain LDAP operations by means of services and make the LDAP server part of the integration effort instead of leaving it out or having to build custom integrations for it.

Share.

About Author

Maarten is an experienced and certified Oracle SOA / Java / BPM integration specialist

Leave a Reply