LDAP AUTHENTICATION STEPS:

Log on To Console Select Security myrealm

Lock and Edit Configuration Users and Groups Providers

Authentication ProvidersNewName it and select the type as LDAP Authenticator

Reorder it put the LDAP Authenticator as 1st

Select the LDAP authenticatorSet Control flag to SUFFICIENT

Save the changes select Provider Specific Details TO BE SPECIFIED IN CONFIGURING PROVIDER SPECIFIC DETAILS: CONNECTION : 1) Host Name or IP address of the LDAP server 2) Principal: Its the DN of the LDAP user that weblogic server should use to connect to LDAP server. 3) Credential: Its the password to connect to LDAP server. 4) Confirm Credential: Re-enter the credential. 5) SSL : Optional USERS: 6) 7) 8) 9) 10) User Base DN: The base DN of the tree in LDAP directory that contains the users All Users Filter: a default filter is created according to the schema if the user is empty or null. User From Name Filter: same as the above User Search Scope: Scope to which provider need to search in LDAP tree.(subtree is default ) User Attribute Name: The attribute of an LDAP user object that specifies the name of user. Its usually sAMAccountName. 11) User Object Class: LDAP object class which stores the users. 12) Use retrieved user name as principal: Optional . GROUPS:

13) 14) 15) 16) 17)

Group Base DN: The base DN of the tree in LDAP directory that contains the groups. All Groups Filter: a default filter is created according to the schema if the user is empty or null. Group From Name Filter: same as the above Group Search Scope: Scope to which provider need to search in LDAP tree.(subtree is default ) Group Membership Searching: If unlimited is given we need not specify the level in next step and if limited is given we need to specify the level in next step i.e., Max.Group Searching Level 18) Ignore Duplicate Membership: determines whether or not duplicate members are ignored.(to be checked) STATIC GROUPS: 19) 20) 21) 22) Static Group Name Attribute: generally its sAMAccountName Static Group Object Class: group Static Member DN Attribute:member Static Group DNs from Member DN Filter: same as above filter

DYNAMIC FILTERS: 23) DYNAMIC GROUP NAME ATTRIBUTE: sAMAccountName Leave the rest options as they are without filling them GUID Name: name of GUID as specified in the security realm.

The values need to be specified as described above . Save the changes in common tab change the control flg to optional as shown below

RESTART THE SERVER COMPONENTS