LDAP Integration with ALBPM EE for Weblogic - Business Process Management Suite

Please,any one respond the following query.
1. How to configure the LDAP Services into ALBPM EE for Weblogic server?
2. After the above configuration how to synchronize the LDAP Services with ALBPM Directory Services?. 

Do you mean LDAP Directory Service??
If you mean that, there is a hybrid configuration option. In Admin Center, you can configure LDAP configuration by selecting "Use an external directory service provider ...." (2nd screen in the wizard.).
After the configuration, there is no need to sync. LDAP. It use LDAP, Active Directory etc. as user base and all other bpm config. data are stored in DB (roles, BPM parameters, External Resource Definitions, etc.)

Hi turhan,
I've tried this configuration without any success. Do you know of any resource where I could find a detailed explanation on how to configure ALBPM with Active Directory?
I'm specially stuck with:
- the BPM Administrator User. Where should it be created? How do I specify this user name?
- the LDAP URL construction. I don't know how to specify the subtree that will be used as my organization in BPM.
I hope somebody can help me with this, thanks a lot.


How to bring users from existing DB to BPM Directory Service?

I need your helps.
I installed OBPM for WebLogic Server Version and configured Directory Service using only DB, not hybrid.
Then, I tried to bring users who will use BPM System from existing DB to BPM Directory Service.
But, I couldn't.
When I configured BPM Directory Service to Hybrid using DB + Existing LDAP, I could find users from LDAP in Organization, BPM Administration Console.
I think, there isn't no configuration option for External User DB similar to LDAP configuration in hybrid configuration.
Show me the way to bring users to BPM DS.

Security in SOA

Hi All
I am completely new to SOA framework. For one of our projects we plan to use the already available services (from different software components) to build our application. Now, I understand that I can create a BPEL process to call these services to accomplish our task. We also plan to create proxy services for the available ones using OSB. There is some human interaction required during the BPEL process. We plan to create portlets separately and use the task service to query/update the process instances.
What I am not sure about yet is the security. We have all the users (that can deal with different BPEL processes' human tasks) in our LDAP. How do we configure/use LDAP in this scheme.
Is there a document that I can read for this?
Hi All, again
I read somewhere, I will be good to go if I just configure the security realm in weblogic.
I went ahead and added a new provider for "myrealm" in weblogic console. Restarted the server (admin and soa_server_1), and could see all my usernames and groups from LDAP under the 'Users and Groups' tab under myrealm.
However if I can not login to hostname:8001/integration/worklistapp with any of those users in LDAP.
Am I missing something?
The users in your LDAP can't login to WL console if they aren't in the WL default groups ( Administrators, Operators, Monitors, etc. )
If you're trying to login to the BPEL integration worklist, I think you need to have membership in a group called "SoaGroup" ( defined within your WL security realm ). 
After adding a new provider (ldap) for myrealm, I could see all the groups defined in my LDAP, in weblogic itself. I was hoping I could log into worklist, if I am a member of one of these groups.
I could not fing 'SoaGroup' under 'myrealm'.
Did you find a solution for this problem?
I am facing a similar issue except that I'm using a Read-Only SQL Authentication provider.

Problem while  loging in worklist application

I am using SOA suite for Oracle J Developer 11g. Everything works fine I was able to see the http://localhost:7001/em.
Also I am able to open http://localhost:8001/integration/worklistapp/faces/login.jspx
I was not able to login as username: jcooper and Password : welcome1.
But I am able logged in as administrator. I.e. "weblogic".
Please let me know what am I missing?
Thanks in advance.
Hi Sandeep,
In 11gR1, demo users are not seeded by default as like 10g.
You will only have weblogic & oraclesystemuser available in the embeddded ldap.
You have manually seed the demo users, if required.
Follow the instructions mentioned in http://download.oracle.com/docs/cd/E12839_01/integration.1111/e10226/appx_users.htm#SOAAG231 to seed demo users. 
Thank you for reply,
How should I manually seed the demo users. Shall I configure Security Realms from console.
Please provide some example if possible.
Thank you,
You can configure the security realms from WLS Console itself.
Login to WLS Console. Navigate to Security Realms. You can create realms to point to an external ldap over there. Worklist will work with only one realm. It will not support multiple realms.
To configure external ldap, use the following doc.
What are the steps necessary to hook in users/groups from an external ldap (like OpenLDAP) into 11g?
I configured an OpenLDAP provider in the default realm via the weblogic console and was able to see the users and groups in the OpenLDAP via the console and even via jdeveloper in the human workflow task definition search capability. I also made the new OpenLDAP provider the first entry in the list, marked it sufficient, and updated the default authenticator to be sufficient.
Once I do this I get an error if I attempt to log into the worklist app:
Caused by: java.util.MissingResourceException: Can't find bundle for base name com.collaxa.cube.i18n.exception_cube, locale en_US
I also get this error if I configure a new security realm and update the workflow-identity-config.xml and use that realm name.
I attempted even updating jps-config-jse.xml with new service provider and service instance information but it did not change anything.
I can assign a task to one of the groups I created in my ldap but again I can't log into the worklist application to then act on the tasks.
I have tried reading many of the documents but I am missing something. Any posts/blogs/etc I find about setting up your own ldap provider seems to make it very simplistic and not suggesting that I needed to configure jps-config-jse.xml file.

Realm is not populated for BPM app

I am new to Oracle BPM 11g. I am trying to deploy one hellow world application (using :- http://st-curriculum.oracle.com/obe/fmw/obpm/11g/r1/firstProcess/firstprocess_obpm11g.htm) in my local WL server.
In the Deploying and Testing the Application part , i need to connect to the internal LDAP realm within the WebLogic server , in order to map the Reviewer and Requester roles to a user in the LDAP. To do that i follow all the steps (Mapping the Studio Role to an LDAP Role ) till step 3 and I have succesfully conected my local WL server, but in Step 4 Realm is not getting automatically populated.
Can anybody please help me to configure local LDAP realm with in my WL as i can accomplish the 4th step of Mapping the Studio Role to an LDAP Role section in that document.
Thanks in advance. 
Hi. Please ensure you have in the Weblogic (myRealm) the users you need to chose. If isn't please create them and try to add them as users to the rol.
myRealm is there.
eventhough i created a new one also the Realm is still not yet populated. 
Hi. What I meant is that you check if there any user in the myRealm, if there aren't, please create them. Open the myrealm >select tab Users and Groups and there check the existence of the users.
After do that, go back to the JDeveloper and add the user created as member of the rol
In the tutorial you aremaking the select jcooper users, as far as I know, they are users of the exelent book Getting Started with Oracle BPM Suite 11g R1 (Sales Quote Demo).Please check that book, they also handle with the creatin of user in the weblogic LDAP.
You can download the salesquotedemo process from http://www.oracle.com/technetwork/middleware/soasuite/bpm-11g-sales-quote-demo-setup-and--131283.zip 
I hope your issue is Resolved. If not, here is the solution. Its Very simple and just takes about 10 mts.
1. Basically there is a sample App (simple EAR that has a WAR with one xml file having users/groups etc) from Oracle which is used for running/testing any Oracle Sample Applications like SalesQuoteDemo, HelloWorld or FOD (Fusion Order Demo) etc. This sample when run will create list of users and groups and associate users to groups.
2. This link should give all the details of this sample app, users, groups, hierarchies etc. You don't need to see and understand all these details just for running samples.
3. Here is the link to download DemoCommunitySeedApp.
4. Here is a post of mine, with simple steps to deploy and create the demo users. All you need is have your weblogic authenticator as default which is already there unless you add any external AD. I hope you do not. Ofcourse you should have SOA Domain with just admin server (having all soa modules also) or admin + soa server. Either way, you need a server that has soa modules. Then DEPLOY the EAR to this server and run the URL given in the readme.txt file from the unzipped sample:
Re: Seed Demo Community Failes
Ravi Jegga 
Thanks Ravi!
this help a lot! 
FYI, in order to complete this tutorial, a server must be set up..and the project must be deploy there, not in local pc..

Do we have database tables for Oracle MFT ?

Hi, Do we have database tables for Oracle MFT ? where we can see users configured in MFT console--> Security Realms, dashboard logging etc ? Thanks,Kumar.
Hi, As with most FMW products MFT has it's own Repository schema. As can be read here: https://docs.oracle.com/middleware/1221/core/INMFT/GUID-36DFF16B-4891-46EB-9554-436A3CCF85BB.htm#INSOA380  However, users and groups are configured in weblogic console -> realm -> Users & Groups, as described here: https://docs.oracle.com/middleware/1221/mft/mft-user-guide/GUID-8ACC7C8B-6251-4B13-A811-DFDE3BB60D89.htm#MFTUG438 . Regards,Martien
Hi Martien, Thanks for your reply.  I am looking for tables and schema where below details will store in MFT. However, users and groups are configured in weblogic console -> realm -> Users & Groups, Thanks,Kumar.
Hi Kumar, As said, they're in the Weblogic Security Realm. Not in the database. And it depends on your authenticators where the details are stored. If you work with the default authenticator, then it is stored in the (AdminServer) Domain. And on the managed servers in their local LDAP Cache. If you use AD or an other external LDAP, then they're stored there. Regards,Martien
Thanks for you response. Yes we have AD. I got the answer. Thank you Martien.
You're welcome. If my answer helped you or was correct, then it's appreciated if you mark it as such. This is also an indicator for other users.