Aug 312013

Never re-upload a new ldif without cleaning up entries created by an eventual previous ldif upload. otherwise your wls domain will become corrupted.To upload ldif file active directory please follow below steps.

How to delete users/groups before re-uploading using the LDAP Browser tool

1 – Get the LDAP Browser tool
2 – Create an LDAP connection to the embedded LDAP
2.1 – You need to know the LDAP admin connection credentials. The admin user is cn=Admin.
The password needs to be updated in WLS Console. Go to the WLS Console at <domain_name> -> Security ->Embedded LDAP and type a new password in Credential field.

Embedded LDAP password reset
2.2 – Restart the admin server after that.
3. – The LDAP port is the same as AdminServer’s. Below is an example of LDAP connection entry in LDAP browser.

Ldap browser Connect screen
4. – Log in to the LDAP server
5. – Browse the groups node
6. – Select all groups, except the following: Administrators, Monitors, Operators,  CrossDomainConnectors, Deployers, etc which are required for administrative jobs.
7. – Delete selected groups.

delete groups in ldap browser
8. – If you also want to delete users using LDAP Browser, browse the people node, select all users (except weblogic, SystemUser, operator and deployer, etc which are required for administrative jobs) and delete them.

Re-uploading the ldif file

This should be done in the same way as usual, either through WLS Console or via

Through WLS console:

1. Go to WLS administrative console and log in as weblogic/weblogic. Tipically, the console URL is

2. Navigate to Security Realms -> myrealm -> Providers -> DefaultAuthenticator -> Migration, according to the sequence of screen shots below.

Security Realm Screen Weblogic

Security Realm Providers

Security Realm Providers Screen


3.     Specify the absolute path on the ldif file in the text box “Import File on Server” and click the Save button.

Default Authentication Import Screen



Through WLST script:

Execute the following steps:

1. Download the ldift file to system
2. Run $WLS_HOME/common/bin/ to start the wlst command line tool
3. Run Below commands one by one

connect('weblogic', 'weblogic', 't3://localhost:7001')
cmo.importData('DefaultAtn', '/tmp/WLS_Users_and_Groups.ldift', None)

Distributing Ldift to all managed servers

1 – After having re-uploaded the ldif file In WLS Console, go to <domain-name> -> Security -> Embbeded LDAP and check the option Refresh Replica At Startup, as in the picture below.

Refresh Replica At Startup Option


2 – Stop the managed servers.
3 – Stop the Admin server.
4 – Start the Admin server.
5 – Start the managed servers.


© Incase of any copyright infringements please check copyrights page for faster resolutions.

  One Response to “Steps To Re-upload ldif File in Weblogic”

  1. Excellent article .. Keep posting 🙂

Leave a Reply

Show Buttons
Hide Buttons