Deltek Time and Expense Weblogic LDAP Config with SSL

This quick screen shot and description on how to setup Weblogic LDAP connection for DELTEK Time and Expense with SSL to a non-local AD server. If you have questions feel free to contact TBS-LLC.

What we are trying to setup:

• We are trying to connect to LDAPS:\\LDAP.GOOGLE.COM:636 
• "LDAP" is the name of the LDAP principals account.
• All TE users accounts resides in a AD group called TEUSER under the LDAP.GOOGLE.COM domain. 
• AD usernames are stored in a userPrincipleUserName account with @GOOGLE.COM at the end. i.e. XXXX@GOOGLE.com

Setup Details:

• Enter:
•  LDAP.GOOGLE.COM into Host
• 636 into Port
• Principle place the Distinguished name in the form of "CN=LDAP, OU=LDAP-Service,....."
• Principle Password into Credential
• Click SSL Enabled
• 
• Make sure you USER BASE DN and USER FROM NAME FILTER are Correct
• USER BASE DN is the top level of the tree
• USER FROM NAME FILTER is where you establish what field you want to filter on)
• In our case we are using the PrincipalName from MS AD 
• The group Doesn't really matter because T&E has the LDAPHelper Weblogic authenticator.
• You must use have the LDAPHelper authenicator in the WEBLOGIC provider or it won't work.
• 
•  
•  

Java AES Encryption

Java AES Encryption (256 Bit):

• First, look at http://stackoverflow.com/questions/15554296/simple-java-aes-encrypt-decrypt-example to understand a simple AES Encrypt and Decrypt
• Second, look at Apache Commons's http://commons.apache.org/proper/commons-codec/ for the ability to translate the raw binary string into a Base64/HEX value.
• Third, look at http://stackoverflow.com/questions/18362137/encryption-with-aes-256-java to understand how encryption works with Base64 conversion for DB storage
• Next, look at http://stackoverflow.com/questions/992019/java-256-bit-aes-password-based-encryption for detailed AES256 encryption/decryption
• I used the code from  "After reading through erickson's suggestions...". With 1 small comment:

• // I don't think this should happen, but just in case..
  if (tmp != null)
  fout.write (tmp);

• This is used for muti-part encryption. So make sure you don't just delete it or comment it out.
• Finally, look at Java 6 or Java 7 to understand how to overwrite the default 128 limit. Please read the disclaimer. I don't want anyone getting in trouble for US government export control rules.