Art of BI: Weblogic Server LDAP SSL Provider

Okay this is something that isn’t immediately expressed in most integrations and not highlighted in the Oracle BI documentation but it happens every now and then – A client’s LDAP server is SSL protected and we need to leverage LDAP in our Oracle BI implementation.  The long and the short of this method are found here, http://download.oracle.com/docs/cd/E21764_01/web.1111/e13707/atn.htm#BABDBHAA.

Here’s how to set up the configuration:

  1. Configure the LDAP Authentication provider. Make sure you select SSLEnabled on the Configuration > Provider Specific page.
  2. Obtain the root certificate authority (CA) certificate for the LDAP server.
  3. Create a trust keystore using the preceding certificate. For example, the following example shows using the keytool command to create the keystore ldapTrustKS with the root CA certificate rootca.pem.:

    keytool -import -keystore ./ldapTrustKS -trustcacerts -alias oidtrust -file rootca.pem -storepass TrustKeystorePwd -noprompt

    For more information about creating a trust keystore, see Chapter 11, “Configuring Identity and Trust.”

  4. Copy the keystore to a location from which WebLogic Server has access.
  5. Start the WebLogic Server Administration Console and navigate to the server-name > Configuration > Keystores page, where server-name is the WebLogic Server instance for which you are configuring this keystore.
  6. If necessary, in the Keystores field, click Change to select the Custom Identity and Custom Trust configuration rules.
  7. If the communication with the LDAP server uses 2-way SSL, configure the custom identity keystore, keystore type, and passphrase.
  8. In Custom Trust Keystore, enter the path and file name of the trust keystore created in step 2.
  9. In Custom Trust Keystore Type, enter jks.
  10. In Custom Trust Keystore Passphrase, enter the password used when creating the keystore.
  11. Reboot the WebLogic Server instance for changes to take effect.

Resources:

http://download.oracle.com/docs/cd/E21764_01/web.1111/e13707/atn.htm#BABDBHAA

Contact Us
Christian Screen
Christian is an innovator in analytics and data warehousing design, best practices, and delivery. With more than fifteenyears of decision support and data warehousing with key experiences at Office Depot HQ, Sierra-Cedar, and Capgemini, he oversees the Oracle Analytics Practice which includes the technical development and delivery of Oracle BI collaboration software, data warehouse solutions, Oracle BI/EPM projects, and packaged analytics solutions at Datavail.

Leave a Reply

Your email address will not be published.
Required fields are marked (*).

1 thought on “Art of BI: Weblogic Server LDAP SSL Provider”