How to configuring Active Directory with Weblogic ,WebCenter ,UCM ?

this post contain procedure for configuring Active Directory with Weblogic , WebCenter Content

you will find some External Links with screenshot

firstly Active Directory Modification

you need to make some modification on active directory

Remove all admin privileges on ECM admins account but after you do these steps and confirm with me first

Use normal user to integrate Active directory with Oracle UCM so please follow the following steps to create the user

a.       Open up Active Directory Sites and Services

b.       Highlight servers , then right-click and choose Delegation.

c.       This will start the Delegate Control Wizard. Add the audit user’s account.

d.      Choose Custom and select all the objects you want the auditor to manage (User, OU, etc.).

e.       Choose the all read permissions you want them to have .

creating active directory provider

follow steps for creating active directory provider from one of the following links

How to Configure Active Directory with Weblogic Server?  (the part of Roles not important)

for exploring Active Directory try the following explorer

download the following light Active Directory Explorer from here

for active directory provider details here’s example
the following not get all users

Principal:CN=Service Oracle SSO,OU=Service,DC=elec,DC=gov,DC=eg
Credential:password
User Base DN:CN=Users,DC=elec,DC=gov,DC=eg
All Users Filter:(objectclass=user)
User From Name Filter:(&(cn=%u)(objectclass=user))
User Name Attribute:sAMAccountName
User Object Class:user
Use Retrieved User Name as Principal:true
Group Base DN:OU=Groups,DC=elec,DC=gov,DC=eg
All Groups Filter:(&(sAMAccountName=*)(objectclass=group))
Group From Name Filter:(&(sAMAccountName=%g)(objectclass=group))

keep static groups with default configuration

the following setting only  all 1000 user and all groups

Principal:CN=Service Oracle SSO,OU=Service,DC=elec,DC=gov,DC=eg
Credential:password
User Base DN:DC=elec,DC=gov,DC=eg
All Users Filter:(objectclass=user)
User From Name Filter:(&(sAMAccountName=*)(objectclass=user))
User Name Attribute:sAMAccountName
User Object Class:user
Use Retrieved User Name as Principal:true
Group Base DN:DC=elec,DC=gov,DC=eg
All Groups Filter:(&(sAMAccountName=*)(objectclass=group))
Group From Name Filter:(&(sAMAccountName=%g)(objectclass=group))
keep static groups with default configuration

2 second method will give exception size limit excceeds
Caused by: netscape.ldap.LDAPException: error result (4); Sizelimit exceeded

another Example for provider configuration

Principal: CN=weblogic,CN=Users,DC=

mydomain,DC=it where “mydomain” is set to my domain name
SSLEnabled: NO
User Base DN: CN=Users,DC=mydomain,DC=it
All Users Filter: (objectclass=user)
User From Name Filter: blank
User Search Scope: subtree
User Name Attribute: sAMAccountName
User Object Class: user
Use Retrieved User Name as Principal YES

Group Base DN: DC=mydomain,DC=it
All Groups Filter: (objectclass=group)
Group From Name Filter: (&(cn=%g)(objectclass=group))
Group Search Scope: subtree
Group Membership Searching: unlimited
Max Group Membership Search Level: 0
Ignore Duplicate Membership NO
Use Token Groups For Group Membership Lookup NO

Static Group Name Attribute: cn
Static Group Object Class: group
Static Member DN Attribute: member
Static Group DNs from Member DN Filter: (&(member=%M)(objectclass=group))

another Example for provider configuration

host: 172.16.50.5
port :389
principal:CN=user,CN=Users,DC=foli,DC=codo,DC=com,DC=sa
Credential:user
Confirm Credential:user
SSLEnabled:false
User Base DN:DC=foli,DC=codo,DC=com,DC=sa
All Users Filter:(objectclass=user)
User From Name Filter:
User Search Scope:subtree
User Name Attribute:sAMAccountName
User Object Class::user
Use Retrieved User Name as Principal:true
Group Base DN:DC=foli,DC=codo,DC=com,DC=sa
All Groups Filter:(objectclass=group)
Group From Name Filter:(&(cn=%g)(objectclass=group))
Group Search Scope:subtree
Group Membership Searching:unlimited
Max Group Membership Search Level:0
Ignore Duplicate Membership:false
Use Token Groups For Group Membership Lookup:true
Static Group Name Attribute:cn
Static Group Object Class:group
Static Member DN Attribute:member
Static Group DNs from Member DN Filter:(&(member=%M)(objectclass=group))
Connection Pool Size:6
Connect Timeout:0
Connection Retry Limit:1
Parallel Connect Delay:0
Results Time Limit:0
Keep Alive Enabled:false
Follow Referrals:true
Bind Anonymously On Referrals:false
Propagate Cause For Login Exception:false
Cache Enabled:true
Cache Size:32
Cache TTL:60
GUID Attribute:objectguid

Provider Not Display All users

some times the user provider can’t retrieve all users  ,here’s a troubleshoot  for solving this issue

Troubleshooting Active Directory ( not all users from AD are displayed in the “Users and Groups ” tab )

Mapping Active Directory Users With UCM Roles

for mapping between Active Directory groups and UCM Role  (the last of that post and you will found credential maps on UCM  )

Cradintial Map on UCM for Active Directory UCM maping

How to install Active Directory Tools Under Windows 7 ?

post source
First of all you need to download the software from Microsoft. In the Microsoft Download Centre these are called “Remote Server Administration Tools for Windows 7” a direct link to the download page is given below;

http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=7d2f6ad7-656b-4313-a005-4e344e43997d

If you scroll down to the “Files in This Download” section of the page you’ll see two files. Depending on whether or not you’re running 32-bit or 64-bit Windows 7 you need to pick the correct file. If you’re unsure of which version you’re running then go to the start button, right-click “Computer” and then select “Properties”. You’ll see something like this;

System Information (64-bit/32-bit)

Look at the “System type:” value and you’ll see what version of Windows you’re running.

If you’re running 32-bit then you need to download the file which starts “x86…” (currently this is “x86fre_GRMRSAT_MSU.msu” but it might change). For 64-bit users you need to download the file which begins “amd64…” (currently this is “amd64fre_GRMRSATX_MSU.msu”) – this is true even if you’re running a non-AMD 64-bit processor. The reason for this I’ll leave Microsoft to explain …

Once you’ve got the file install it (it’s a standard KB update file).

After it’s been successfully installed go to the Start Menu > Control Panel and select “Programs”;

“Turn Windows Features on or off” under “Programs and Features”

The “Windows Features” dialog box will be displayed, scroll down to “Role Administration Tools” (under “Remote Server Administration Tools”) and select the the following items;

“Windows Features” dialog

Click “OK” to make the changes.

In order to make finding these under the Start Menu a little easier right-click the Start Button and select “Properties”;

Taskbar and Start Menu Properties

Select “Customize …” and then scroll down the list until you see “System administrative tools” and choose where you want the tools to display;

Customize Start Menu

Under the Start Menu you will now see an “Administrative Tools” option, under this you’ll see the new AD Tools;

Active Directory Start Menu Items

NOTE: Sometimes a reboot is required to pick up these changes!