Integrate OEM 13c With MS Active Directory..Or..”One Account To Rule Them All…”

There are some instructions on the internet floating around in order to integrate the OEM 13c (or basically Weblogic 12c) and OEM 13c with Microsoft Active Directory/LDAP.

However in our case things went not as smoothly as advertised (Duh!). We have two OEM installations (OEM 12c and OEM 13c) in our company, but using the same AD. One would expect to just copying the settings from the working installation (OEM 12c) to the new OEM (13c) and everything would be peachy..Alas…This was not so much what was happening on our site.

With the aid of Oracle Support (credit where credit is due!) we (they) where able to solve this issue..

Both for future reference and documentation I’m sharing the settings we needed to set to make the stack play together nicely..

I’m not going to re-write the excellent instructions provided by oracle with the video located here: Oracle AD instructions

When following the above instruction don’t work, continue with my experiences as a last resort before contacting Oracle Support..

Start with the basics and open the WebLogic Console in the browser:

Selection_013Log in, and navigate to the page indicated by the green bars:


The key is in the configuration parameters used (once again: duh!). Below are the settings which worked for our site:

 *note* anything NOT mentioned should be either default, or the same as in the tutorial video from oracle

Host:  <Domain Controller without domain name e.g. DC01 instead of >
Port:  389
Principal:  CN=XXXX,OU=Service Accounts,DC=company,DC=com
User Base DN:  DC=company,DC=com
All Users Filter:  <cleared/empty>
User From Name Filter: (&(sAMAccountName=%u)(objectclass=person))
User Name Attribute=sAMAccountName
Group Base DN:  OU=OEM,OU=Groups,OU=Global Accounts,OU=Company_Locations,DC=company,DC=com
All Groups Filter: <cleared/empty>
Group From Name Filter: (&(cn=%g)(objectclass=group))
Group Membership Searching= <select> limited
Max Group Membership Search Level=3
Static Group DNs from Member DN Filter=(&(member=%M)(objectclass=group))

restart OEM with:
./emctl stop oms -all -force
./emctl start oms
This is what did it for us, hope it helps.

If not in your case…revert to Oracle Support or Google some more 😉


About GemsOfProgramming

Beeing a previously enthusiastic Java programmer, I rolled into the Oracle Database Administration world. It turned out I got a knack for this, and since approx. 2000 I'm a full time DBA. My experiences touches lot of Oracle products like Forms and Reports 9/10, JDAPI, Application Server, Weblogic Fusion and of course: Oracle Enterprise Databases, JavaFX, Swing and other Java components.
This entry was posted in Oracle Enterprise Manager, Technical Stuff and tagged , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s