Creating an hierarchical user structure in embedded LDAP of weblogic DomainSettings

Creating an hierarchical user structure in embedded LDAP of weblogic

Introduction

Users and groups are essential for the assignment of tasks in BPM and/or BPEL. On a production environment a seperate LDAP server is used, with it’s own administration tools. On a development enviromnent however, the embedded ldap in weblogic is used very often, giving you the flexibility to create your own users and groups. Administration of the embedded ldap is done trough the weblogic console.

Creating an hierarchical user structure in embedded LDAP of weblogic UsersAndGroups

However the creation of a hierarchy between users is not possible using the console for the embedded ldap. The manager property neccesary to create the hierarchy is unfortunately unavailable.

Creating an hierarchical user structure in embedded LDAP of weblogic LdapUser

User hierarchy is very usable in task assignment from BPM and/or BPEL so how to assign managers? In this blog I will describe how to create this hierarchy using an external ldap browser.

How to

The first step is to configure the embedded ldap. The credentials for weblogic must be specified so you can access is using an external ldap browser.

    • Open the weblogic console
    • Click on your domain

Creating an hierarchical user structure in embedded LDAP of weblogic DomainSettings

    • In the domain settings window, click Security, then on Embedded LDAP

Creating an hierarchical user structure in embedded LDAP of weblogic LdapSettings

  • Set the credentials
  • Save
  • Then restart the weblogic server

Download and install an LDAP browser, I used JXplorer.
Create a connection to ldap running on weblogic server.

    • Hostname: your_host_name
    • Port: port of admin server
    • Protocol: LDAP v2
    • DSML Service: empty
    • Base DN: DC=your_domain_name
    • Security level: User + Password
    • User DN: CN=Admin, don’t use weblogic
    • Password: credentials set in weblogic console
    • “OK”

Creating an hierarchical user structure in embedded LDAP of weblogic OpenLdapConnection

    • You will see a navigator showing your groups and users

Creating an hierarchical user structure in embedded LDAP of weblogic JXNavigator

Using this browser it is possible to administrate users and or groups. Our goal was to create user hierarchy like for example a manager – employee relation. Let’s assume we have the users, king (the boss), john and josh (the managers) and Andrew and Adrian as employees. The following hierarchy must be created.

King
-John
–Andrew
-Josh
–Adrian

This should be done by specifying each users manager.
In JXplorer select the user John, on the other tab in the html view specify his manager. Here you should use the whole ldap path to the user id of the manager.

Creating an hierarchical user structure in embedded LDAP of weblogic UserJohn

The syntax of this path is: uid=uid_of_the_manager,ou=people,ou=myrealm,dc=your_domain_name
Using the values for king results in the property value for the manger of john and josh.
This hierarchy can be visualized using jdeveloper using the identity lookup, on for example the assignment tab of a task definition. Search for john and click on hierarchy, king is shown as manager.

Creating an hierarchical user structure in embedded LDAP of weblogic MgrJohn

Next select john and click on reportees, andrew is shown as reportee.

Creating an hierarchical user structure in embedded LDAP of weblogic ReportsJohn

Repeat this for josh. As you can see the whole hierarchy is created and ready to be used in task assignment.

Resources

I used the preconfigured virtual box provided by Oracle

2 Comments

  1. Krishna Moorthi September 8, 2014
  2. Avishek May 9, 2014