Oracle SOA Suite 12c: The LDAPAdapter, a quick and easy tutorial

Share this on .. Tweet about this on TwitterShare on LinkedIn5Share on Facebook0Share on Google+0Email this to someoneShare on Tumblr0Buffer this page

In enterprises, LDAP servers are often used to store user credentials and groups and share them among applications. Oracle SOA Suite 12c introduces a new technology adapter; the LDAPAdapter which allows easy integration with LDAP servers. In this blog post I will provide a quick and easy howto on installation of an LDAP server and browser (ApacheDS and Apache Directory Studio). I will also describe the configuration required to use the LDAPAdapter and provide an example BPEL process which allows creation of new users in the ApacheDS LDAP server by means of webservice calls.


Setting up the LDAP server

Installing an LDAP server

For this example I’ll use ApacheDS as LDAP server and Apache Directory Studio as LDAP browser. First download and install Apache Directory Studio from Next create an LDAP server. Click the LDAP server tab in the bottom left corner and click New Server.


Select ApacheDS 2.0.0 and click finish.


Now you can start the server by selecting it and clicking the green play button.

Create a connection to the LDAP server

Next to the LDAP Servers tab, there is a Connections tab. Create a new connection. Use localhost and port 10389.


Click Next and fill in the following credentials: Bind DN or User: uid=admin,ou=system and Bind password: secret.


You can now connect to your newly created server and browse it.


Configuring Weblogic

Target the adapter

In Weblogic Server you need to configure a connection factory in the adapter configuration. First login to Weblogic console and click on the LdapAdapter.


The adapter is by default not targeted. You should specify a target if you want to use it. In my case (JDeveloper integrated Weblogic server) only one target can be selected: DefaultServer. Set the target and save.

This is required in order to access the connection factories provided by the adapter and for example browse for them in JDeveloper.

Configure the connection factory

Go to the configuration of the LdapAdapter, Outbound Connection Pools.


I decided to configure eis/ldap/master. Click on that and provide the required settings (see screenshot).


The first time when configuring a connection factory for an adapter, Weblogic asks for the name of the configuration plan to use. It’s a good practice to use a name which makes clear for which adapter the configuration is (or put it in a separate directory per adapter). For example PlanLdap.xml.

After the configuration is complete, restart the server. The LdapAdapter cannot be updated like the DbAdapter. It is more similar to the BamAdapter in behavior. The adapter is deployed upon server start. Upon deployment, a configuration change is applied.


Configuring the LdapAdapter

Create an application, create an empty project with a synchronous BPEL 2.0 process. In the composite editor, drag the new LDAP adapter to the References lane to start configuring. The default password is still secret.


Using the browse button (magnifying glass after the JNDI Name field). You can select the eis/ldap/master. If you can’t, you forgot to target the adapter.


Choose ‘Add’ as the outbound operation. Use the following classes: inetOrgPerson and person. Use uid, userPassword as fields.


Now you can Next, Finish to the end of the wizard and fill in details of the BPEL process calling the LDAP Server.

Seeing it work

I’ve created a small BPEL process which calls the adapter. Since it’s relatively easy I will not provide screenshots for it. Mind the following though: the userPassword should be at least 5 characters and should not contain the username. I’ve chosen ‘Welcome01’ for this. The dn should be as can be seen in the below screenshot example. You can create it by means of concatenation. Using the Test Webservice screen from Fusion Middleware Control, we can see my service can successfully call the LDAP server.



In Apache Directory Studio you can confirm the user actually has been created.

Check to see if a user is actually created in the LdapServer! The LdapAdapter will return success even if it has failed (or the server did not return a correct failure result). For example after a successful request, I could see in the domain log file entries like:

org.opends.sdk.ConstraintViolationException: Constraint Violation: CONSTRAINT_VIOLATION: failed for MessageType : ADD_REQUEST
Message ID : 6
Add Request :
dn[n]: uid=maartenmaarten,ou=users,ou=system
objectClass: inetOrgPerson
objectClass: person
uid: maartenmaarten
userPassword: '0x6D 0x61 0x61 0x72 0x74 0x65 0x6E 0x6D 0x61 0x61 0x72 0x74 0x65 0x6E '
sn: maartenmaarten
cn: maartenmaarten
: Password shouldn't contain parts of the username
at org.opends.sdk.ErrorResultException.wrap(
at com.sun.opends.sdk.ldap.AbstractLDAPFutureResultImpl.setResultOrError(
at com.sun.opends.sdk.ldap.LDAPClientFilter$1.addResult(
at com.sun.opends.sdk.ldap.LDAPClientFilter$1.addResult(

The user was not created in this case. In a process flow you can of course also use the LdapAdapter again to search for the user you have just created to confirm it was successful.


In this quick howto I have used the example of adding a user by means using the new Oracle SOA Suite 12c LdapAdapter. Of course there are many situations in which this adapter will useful and the adapter is capable of much more then what I’ve just described. Read for example Other use cases for the adapter could be if you have users stored in different systems and want to create users in all of them by means of a single service call or if you want to use information (such as groups or e-mail addresses) available from a provided LDAP server. Using the LdapAdapter, you can provide an abstraction to certain LDAP operations by means of services and make the LDAP server part of the integration effort instead of leaving it out or having to build custom integrations for it.

Share this on .. Tweet about this on TwitterShare on LinkedIn5Share on Facebook0Share on Google+0Email this to someoneShare on Tumblr0Buffer this page

About Author

Maarten is a Senior Oracle Integration Consultant with focus on Oracle Fusion Middleware, Java and Continuous Integration / Continuous Delivery. In 2015 he was nominated ACE Associate. Over the past 10 years he has worked for numerous customers in the Netherlands where he has implemented integrations and streamlined software delivery processes. Maarten is passionate about his job and likes to share his knowledge through publications, frequent blogging and presentations.


  1. Thanks a lot for your nice article Maartin. I’m using Jdeveloper 12.2.1. I cannot find LdapAdapter in wbelogic deployments. Should I install that using a separate library?

  2. Hi Maarten,

    Nice article. Is it possible to validate username and password again active directory through LDAP adapter ?? Could you please let me know if this possible.

    • Hi Suresh,

      I have not seen a direct way of doing authentication of specific users with the LDAP Adapter. If you want authentication, I suggest you use an authentication provider as can be configured in WebLogic Server ( As a possible alternative you might be able to fetch the password from the LDAP using the adapter, see if/how it is encrypted and compare it to what you expect it to be. I haven’t tried this. You have to mind though that the password might appear in audit logs this way. You can encrypt this (

      Hope this helps you,
      With kind regards,

      • Raphael Biersbach on

        Hi Maarten,

        is it possible to directly connect to a subtree of the ldap directory?

        In my case my user only has the permission to connect to a certain base dn.
        Because there is no possibility to specify a base dn, the adapter tries to connect to the root, where my permissions are insufficient.
        This is a huge problem for me because it makes the LDAPAdapter useless for this situation.

        With kind regards,

Leave a Reply