ACL properties for OID ldap binding -- similar to embedded WLS LDAP?
Hey all,
My goal is to allow users to bind to OID via LDAP using their own username/password and allow them privs to change their userPassword attribute. I plan on using a custom java app and the javax.naming.* package to code this. I have implemented this solution with openLdap and WLS by applying the following ACL changes:
------
I've been able to do this when using the embedded WLS LDAP server, but I had to alter the acls.prop to include the following:
ou=people,ou=myrealm,dc=my_domain|subtree#grant:r,w,o,s#userpassword#this:
Details from:
http://download.oracle.com/docs/cd/E12840_01/wls/docs103/secmanage/ldap.html#wp1102244
------
I was also able to do the same using openLdap by altering the slapd.conf file to include the following:
access to attr=userPassword
by self write
by anonymous auth
by * none
------
Now, I've been reviewing the OID docs but I haven't been able to find any auth properties like I have found for openldap and wls. Since OID is LDAPv3, I assume I should be able to execute Modifications through java ldap code.
The end application is Oracle UCM, so the app will be consume as such: UCM --> WLS -- via OID Authentication Provider --> OID . I believe I will want to modify OID directly as WLS doesn't actually house the user info, but let me know if anyone believes differently. I haven't checked into it, but I don't believe Auth Providers offer a two-way sync, but only sync from the target provider.
I've been in the research phase so far, so I'm not sure if acl or other security configs are required for this functionality, but I assume it would be... I'll be starting to test code this week, so I'll be sure to update my findings here.
Please let me know if more info is needed to help out!
Thanks,
-ryan
Ryan Sullivan | ECMconsultant
http://www.ecmconsultant.net/