Infrastructure at your Service

Morgan Patou

Documentum story – Replicate an Embedded LDAP manually in WebLogic

In this blog, I will talk about the WebLogic Embedded LDAP. This LDAP is created by default on all AdminServers and Managed Servers of any WebLogic installation. The AdminServer always contains the Primary Embedded LDAP and all other Servers are synchronized with this one. This Embedded LDAP is the default security provider database for the WebLogic Authentication, Authorization, Credential Mapping and Role Mapping providers: it usually contains the WebLogic users, groups, and some other stuff like the SAML2 setup, aso… So basically a lot of stuff configured under the “security realms” in the WebLogic Administration Console. This LDAP is based on files that are stored under “$DOMAIN_HOME/servers/<SERVER_NAME>/data/ldap/”.

 

Normally the Embedded LDAP is automatically replicated from the AdminServer to the Managed Servers during startup but this can fail for a few reasons:

  • AdminServer not running
  • Problems in the communications between the AdminServer and Managed Servers
  • aso…

 

Oracle usually recommend to use an external RDBMS Security Store instead of the Embedded LDAP but not all information are stored in the RDBMS and therefore the Embedded LDAP is always used, at least for a few things. More information on this page: Oracle WebLogic Server Documentation.

 

So now in case the automatic replication isn’t working properly, for any reason, or if a manual replication is needed, how can it be done? Well that’s pretty simple and I will explain that below. I will also use a home made script in order to quickly and efficiently start/stop one, several or all WebLogic components. If you don’t have such script available, then please adapt the steps below to manually stop and start all WebLogic components.

 

So first you need to stop all components:

[[email protected]_server_01 ~]$ $DOMAIN_HOME/bin/startstop stopAll
  ** Managed Server msD2-01 stopped
  ** Managed Server msD2Conf-01 stopped
  ** Managed Server msDA-01 stopped
  ** Administration Server AdminServer stopped
  ** Node Managed NodeManager stopped
[[email protected]_server_01 ~]$ ps -ef | grep weblogic
[[email protected]_server_01 ~]$

 

Once this is done, you need to retrieve the list of all Managed Servers installed/configured in this WebLogic Domain for which a manual replication is needed. For me, it is pretty simple, they are printed above in the start/stop command but otherwise you can find them like that:

[[email protected]_server_01 ~]$ cd $DOMAIN_HOME/servers
[[email protected]_server_01 servers]$ ls | grep -v "domain_bak"
AdminServer
msD2-01
msD2Conf-01
msDA-01

 

Now that you have the list, you can proceed with the manual replication for each and every Managed Server. First backup the Embedded LDAP and then replicate it from the Primary (in the AdminServer as explained above):

[[email protected]_server_01 servers]$ current_date=$(date "+%Y%m%d")
[[email protected]_server_01 servers]$ 
[[email protected]_server_01 servers]$ mv msD2-01/data/ldap msD2-01/data/ldap_bck_$current_date
[[email protected]_server_01 servers]$ mv msD2Conf-01/data/ldap msD2Conf-01/data/ldap_bck_$current_date
[[email protected]_server_01 servers]$ mv msDA-01/data/ldap msDA-01/data/ldap_bck_$current_date
[[email protected]_server_01 servers]$ 
[[email protected]_server_01 servers]$ cp -R AdminServer/data/ldap msD2-01/data/
[[email protected]_server_01 servers]$ cp -R AdminServer/data/ldap msD2Conf-01/data/
[[email protected]_server_01 servers]$ cp -R AdminServer/data/ldap msDA-01/data/

 

When this is done, just start all WebLogic components again:

[[email protected]_server_01 servers]$ $DOMAIN_HOME/bin/startstop startAll
  ** Node Manager NodeManager started
  ** Administration Server AdminServer started
  ** Managed Server msDA-01 started
  ** Managed Server msD2Conf-01 started
  ** Managed Server msD2-01 started

 

And if you followed these steps properly, the Managed Servers will now be able to start normally with a replicated Embedded LDAP containing all recent changes coming from the Primary Embedded LDAP.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Morgan Patou
Morgan Patou

Technology Leader ECM & Senior Consultant