Comments (15)
Hi,
indeed, after an authenticator change you need to subscribe on this change ( also for domain changes ) and autorestart the adminserver
here you got an example of this.
but after restart it should re- create it again. then the index.py script is failing.
https://github.com/biemond/biemond-orawls/blob/master/files/providers/wls_authentication_provider/index.py.erb
you can use puppet resource wls_authentication_provider --debug or run puppet with --debug to see this WLST script and test it yourself in wlst.sh
hope this helps
from biemond-orawls.
Hey thanks for helping!
Maybe I'm missing something or don't understand what your saying. This seems non-idempotent since it errors on the second run but all green on the initial run.
When i try the: puppet resource wls_authentication_provider --debug command i get
Could not run: Could not find template 'puppet:///modules/orawls/providers/wls_authentication_provider/index.py.erb'
Thanks again
from biemond-orawls.
ok,
oh you are using a puppet master, that the reason puppet resource fails
but when the index py script fails , so it doesn't detect it is already there and so it will do another create.
can you do this puppet agent --test --debug. If it fails can you update the orawls module to it latest version ( I fixed the debug error )
from biemond-orawls.
Hey,
After reviewing commit, 'ad6e98f30f884cc1a6c7b79feda629d75682583c', i've
found that the check won't work for the 'ActiveDirectoryAuthenticator' provider that we are using.
weblogic.security.providers.authentication.ActiveDirectoryAuthenticator
from biemond-orawls.
oh strange,
does it crash
from biemond-orawls.
Can you try this manually with wlst
Only user and group won't support external ldap because it can be too heavy to retrieve them all
from biemond-orawls.
Ran the script directly and got this.
Successfully connected to Admin Server 'AdminServer' that belongs to domain
'JOETEST'.Warning: An insecure protocol was used to connect to the server.
To ensure on-the-wire security, the SSL port orAdmin port should be used instead.dr-- DefaultAuthenticatordr-- DefaultIdentityAsserter___DefaultAuthenticator___
Problem invoking WLST - Traceback (innermost last):File "/home/ser_dvapp/index.py", line 41,
in ?NameError: domain
In the output file is:
name;authentication_provider_name;control_flag;domain;order
Not sure if this is what you wanted...
from biemond-orawls.
thanks
can you add this to the top of the script.
domain = 'xxx'
and try it again because https://github.com/biemond/biemond-orawls/blob/master/lib/utils/wls_daemon.rb
automatically add this to every WLST invocation.
from biemond-orawls.
Stdout:
dr-- DefaultAuthenticator
dr-- DefaultIdentityAsserter
___DefaultAuthenticator___
___DefaultIdentityAsserter___
This Exception occurred at Wed Jan 21 14:02:24 EST 2015.
javax.management.AttributeNotFoundException: Security:Name=myrealmDefaultIdentityAsserter:ControlFlag
ControlFlag does not exists, continue
~~~~COMMAND SUCCESFULL~~~~
/tmp/wlstScript.out:
name;authentication_provider_name;control_flag;domain;order
"xxx/DefaultAuthenticator";"DefaultAuthenticator";"REQUIRED";"xxx";"0"
"xxx/DefaultIdentityAsserter";"DefaultIdentityAsserter";;"xxx";"1"
from biemond-orawls.
Ok much better
did you add the AD authentication provider?
Because this looks ok and it does not crash.
Thanks
from biemond-orawls.
Obviously I'm not the best with weblogic so I apologize. When I login to the console there are three providers. One being ActiveDirectoryAuthenticator. When I run the script directly, your right it doesn't fail. But when i run puppet it fails. Is there something that needs to be added to the script that will pick up ActiveDirectoryAuthenticator ? Thanks for your help. I know this is painful.
from biemond-orawls.
And did you restart the adminserver?
your script fails in create ( already exists) and not in index, the index script should detect this one so puppet does not need to execute the create script
Can you give me your AD wls puppet definition, I will also add this to my config and see if I can find the problem in the index py script.
from biemond-orawls.
Its all pulled from hiera which is
authentication_provider_instances:
'DefaultAuthenticator':
ensure: 'present'
control_flag: 'SUFFICIENT'
order: '0'
'ActiveDirectoryAuthenticator':
ensure: 'present'
control_flag: 'SUFFICIENT'
providerclassname: 'weblogic.security.providers.authentication.ActiveDirectoryAuthenticator'
attributes: 'Credential;GroupBaseDN;GroupFromNameFilter;GroupMembershipSearching;Host;MaxGroupMembershipSearchLevel;Principal;UserBaseDN;UserFromNameFilter;UserNameAttribute;Port'
attributesvalues: 'password;DC=ad,DC=company,DC=org;(&(sAMAccountName=%g)(objectclass=group));limited;ad.company.org;0;CN=SER_WASadmin,OU=Service Accounts,DC=ad,DC=company,DC=org;DC=ad,DC=company,DC=org;(&(sAMAccountName=%u)(objectclass=user));sAMAccountName;389'
order: '1'
#before: Orawls::Domain[domain]
I tried the before but that failed before running which is why its commented out.
Hope this is what you requested.
from biemond-orawls.
thanks
I will do some tests and make a patch
from biemond-orawls.
Your config is working fine for me
see
https://github.com/biemond/biemond-orawls-vagrant-12.1.3/blob/master/puppet/hieradata/admin.example.com.yaml#L144
[vagrant@admin ~]$ sudo puppet resource wls_authentication_provider
wls_authentication_provider { 'default/ActiveDirectoryAuthenticator':
ensure => 'present',
control_flag => 'SUFFICIENT',
order => '1',
}
wls_authentication_provider { 'default/DefaultAuthenticator':
ensure => 'present',
control_flag => 'SUFFICIENT',
order => '0',
}
wls_authentication_provider { 'default/DefaultIdentityAsserter':
ensure => 'present',
order => '2',
}
So probably you need to restart the adminserver
like this
authentication_provider_instances:
'DefaultAuthenticator':
ensure: 'present'
control_flag: 'SUFFICIENT'
order: '0'
'ActiveDirectoryAuthenticator':
ensure: 'present'
control_flag: 'SUFFICIENT'
providerclassname: 'weblogic.security.providers.authentication.ActiveDirectoryAuthenticator'
attributes: 'Credential;GroupBaseDN;GroupFromNameFilter;GroupMembershipSearching;Host;MaxGroupMembershipSearchLevel;Principal;UserBaseDN;UserFromNameFilter;UserNameAttribute;Port'
attributesvalues: 'password;DC=ad,DC=company,DC=org;(&(sAMAccountName=%g)(objectclass=group));limited;ad.company.org;0;CN=SER_WASadmin,OU=Service Accounts,DC=ad,DC=company,DC=org;DC=ad,DC=company,DC=org;(&(sAMAccountName=%u)(objectclass=user));sAMAccountName;389'
order: '1'
# subscribe on a domain change and restart the adminserver
wls_adminserver_instances_domain:
'AdminServer_Wls1213':
ensure: 'running'
server_name: *domain_adminserver
domain_name: *domain_name
domain_path: "/opt/oracle/wlsdomains/domains/Wls1213"
os_user: *wls_os_user
weblogic_home_dir: *wls_weblogic_home_dir
weblogic_user: *wls_weblogic_user
weblogic_password: *domain_wls_password
jdk_home_dir: '/usr/java/latest'
nodemanager_address: *domain_adminserver_address
nodemanager_port: *domain_nodemanager_port
jsse_enabled: true
custom_trust: *wls_custom_trust
trust_keystore_file: *wls_trust_keystore_file
trust_keystore_passphrase: *wls_trust_keystore_passphrase
refreshonly: true
subscribe: Wls_authentication_provider[ActiveDirectoryAuthenticator]
from biemond-orawls.
Related Issues (20)
- change wlst_action HOT 1
- Some "get" methods still exist after replacement by "get_attribute_value"
- Issues when trying to set nodemanager_username and _password HOT 1
- Managed server not creating using wlserver
- Datasource created in WLS 12.2.1.3 appears to not display in Monitoring tab
- Upgrade to 12.2.1.4 HOT 1
- Errors when running puppet on an AIX operating system HOT 1
- Repo description doesn't match Documentation HOT 1
- FMW install in Solaris for new version fails HOT 1
- wls_opatch and multiple orainst_dir HOT 1
- opatch not being applied when doing a puppet run
- Support for 12.2.1.4
- OHS 12.2.1.4 HOT 7
- extraproperties is not idempotent HOT 1
- Odd issue that we need assistance with
- JDBC_persistence_store - get('MigrationPolicy') & get('DistributionPolicy') causes timeout
- Support for Weblogic version 14.1.1.0
- for keystores of type pkcs12, wls_authentication_provider creation fails with "Error: No domain or domain template has been read." HOT 3
- 0400 Puppet (err): Failed to apply catalog: BUG! removeinfectedconnections should have been '0' or '1' HOT 19
- Does orawls supports puppet enterprisemodules-easy_type (v2.48.3) as hajee-easy_type (v0.15.6) is been depricated?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from biemond-orawls.