Skip to Main Content

General Development Discussions

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Interested in getting your voice heard by members of the Developer Marketing team at Oracle? Check out this post for AppDev or this post for AI focus group information.

Problems with getting Principals from OpenLDAP

Hussain AkbarAug 15 2024

I have an OSB installation on WebLogic 12C in Oracle Linux 7. I had configured authentication using a OpenLDAP server on another OL7 instance. Actually, there are two OSB servers; for UAT and production, both use the same LDAP. The firewalld and SELinux services have been disabled.

I added the roles, etc. in EM. Now I can login to em and servicebus consoles using a user defined in LDAP.

I added a login service to be called by my Android app. The app send credentials in the basic authentication header to the OSB proxy service which requires same. There is no business service as the pipeline returns an “ok” message which would work only when the correct credentials are used otherwise OSB would just send back a 403 reply without the pipeline being invoked. So far, so good.

Next, I replaced the response body with $inbound/ctx:security/ctx:transportClient/ctx:principals with the aim being: If the user is part of appadmins group (defined as goupOfNames in LDAP), the mobile app would enable a particular menu item. The pipeline has nothing other than the replace and a reply actions. This all worked easily on local environment where I defined the user and group in the JDev's integrated provider. It also works - some of the time - on UAT and production environments.

Some of the time, the response would be instantaneous while at others the response never comes till the app gives a timeout after 60 seconds. If I keep retrying, the action would start working, would work for a few minutes before stopping again.

I also noticed that in the times that the API stops, I also can't login to em console with an LDAP-defined user id; the page loading spinner goes on for 60 seconds. The built-in “weblogic” user works for the api as well as the console login.

I checked the logs of both AdminServer and OSBServer machines, but see no exception messages there.

Comments
Post Details
Added on Aug 15 2024
0 comments
85 views