My Oracle Support Banner

Oracle GlassFish Server "asadmin create-auth-realm" command Does Not Write The Password Alias Name In The domain.xml File (Doc ID 1413935.1)

Last updated on NOVEMBER 05, 2016

Applies to:

Oracle GlassFish Server - Version: 3.0 to 3.1.1 - Release: 3.0 to 3.1
Information in this document applies to any platform.


When a password alias name is used with the "asadmin create-auth-realm" command it does not write the password alias name in the domain.xml file. Instead it writes the actual password. The problem is reproducible if you run the following command:

bash-3.00#./asadmin --port 3148 create-auth-realm --classname --property directory=ldap\\://test\.oracle\.com\\:389:jaas-context=ldapRealm:base-dn=dc\\=oracle\,dc\\=com:search-bind-password=\$\{ALIAS\\=ldapbind-password\} my-ldap-realm
Command create-auth-realm executed successfully.

From domain.xml:
<auth-realm name="my-ldap-realm" classname="">
<property name="directory" value="ldap://"></property>
<property name="base-dn" value="dc=oracle,dc=com"></property>
<property name="search-bind-password" value="mypassword"></property>
<property name="jaas-context" value="ldapRealm"></property>

Please note the actual password displayed at:
<property name="search-bind-password" value="mypassword"></property>

It should be:
<property name="search-bind-password" value="${ALIAS=ldapbind-password}"></property>


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.