01 February 2017
Well, when whoever suggested that weblogic is using LDAP, I’m not sure that’s the whole story. I’m not closely familiar with weblogic, but with a quick minute
of browsing, I see it has web-based components. In which case, you’ve got another potential layer (or a different layer) in the story. When I said the authentication method used by LDAP depends, there are a lot of complex details behind that or I would have
spoken more specifically. At the simplest level, the LDAP client sends a username and password. At the more complex end, it might be Kerberos via SPNEGO. But with weblogic, it may be that the LDAP client is wrapped by a web server (or there is no LDAP involved
and it is basic or integrated windows auth), in other words, the web server proxies the LDAP connection for the client. In which case, there may be a token/cookie that persists past the LDAP connection and even the web session. With web services that use simple
Lots of complexity, but it all goes down to understanding how something is designed, which so few vendors document.