Unable to Delete the Application's Roles and Policies Imported to WLS Admin Console (Doc ID 1999168.1)

Last updated on AUGUST 21, 2023

Applies to:

Symptoms

Application (.ear file) has custom roles and policies and is deployed to WLS server using Security Model "Advanced".

After the application is successfully deployed (ACTIVE state), we see Roles and Policies from DD are displayed in console under

          Deployments -> <Application name> -> Corresponding module -> Security -> Roles and Policies

The Weblogic Server console also gives an opportunity to create new roles under

          Deployments ->Application name -> Corresponding module ->Security -> Roles and Policies -> New

The DD roles and policies and the newly created roles and policies (from console) are all imported to <Managedserver>.ldif file under DOMAIN_HOME/servers/<server_name>/data/ldap

Now, change the roles and policies in DD to a different name (remove old roles and policies and create new ones). Re-package the application and replace it with the existing .ear file in the application source location.

Restart the managed servers.

Now, in the console under

        Deployments ->Application name ->Corresponding module ->Security -> Roles and Policies

you will see both the old and new policies.  The expected behavior is that only new policies and roles should be displayed and that the old references should be gone.

How do we delete the old policies that are dangling in the ldif file even though the application DD's do not have it anymore?

Simply deleting the roles and policies from the console or using WLST does not remove their references from <ManagerServer>.ldif file

Cause

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.