4.0.1 to 4.1.1 -- LDAP Directory Authentication Scheme fails

Similar Messages

• Authentication getting failed in sun one Ldap

  HI,
  Any one please can assist me for sun one ldap.
  My application developed(ldap related) based on lotus domino ldap server and webspere.
  now we are trying to deploy the same code with Websphere and sun one ldap server at our local environment.
  Iam getting the prblem of authentication fail.
  please follow the logs as.
  My question is what ever the code written for lotus domino is compatible with sun one ldap.Iam new to LDAP .
  pls any one give the suggestions.
  LDAP Interface: Performing LDAP authentication for user [NYilmaz]
  17 Dec 2007 18:43:13,359 [WARN ] NABLDAP: Transmission will be over an unencrypted connection. The username and password are transmitted in clear text form which is very insecure. Consider replacing the LDAP protocol with LDAPS (SSL).
  17 Dec 2007 18:43:13,359 [DEBUG] NABLDAP: Establishing a new authenticating connection to [ldap://gpat.bsdev.com]
  17 Dec 2007 18:43:13,375 [INFO ] NABLDAP: Failed to authenticate with the remote server on [ldap://gpat.bsdev.com] because of error '[LDAP: error code 34 - Invalid DN]'
  17 Dec 2007 18:43:13,375 [WARN ] LDAP Interface: Unsuccessful authentication attempt for user [NYilmaz]
  17 Dec 2007 18:43:13,375 [DEBUG] LDAP Interface: Writing the value {javax.naming.InvalidNameException:[LDAP: error code 34 - Invalid DN]} to General[1].OnionErrorMessage
  17 Dec 2007 18:43:13,390 [WARN ] NABLDAP: Transmission will be over an unencrypted connection. Consider replacing the LDAP protocol with LDAPS (SSL).
  17 Dec 2007 18:43:13,390 [DEBUG] NABLDAP: Establishing a new anonymous connection to [ldap://gpat.bsdev.com]
  17 Dec 2007 18:43:13,390 [DEBUG] NABLDAP: Connection established.
  17 Dec 2007 18:43:13,390 [DEBUG] NABLDAP: Searching remote LDAP directory using the filter of [(&(objectclass=person)(&(cn=NYilmaz)))]

  Hello Vinay,
  when configuring multiple Ldap directories, There are a number of prerequisities that you need to
  consider.
  For example, One prerequisite for Multi domains is that logon IDs must be unique across mutliple LDAP datasources. This will cause issue if duplicate IDs exist.
  Please see the following Documentation and notes for more information on this.
  Examples of Data Source Configuration Files - Identity Management - SAP Library
  Example: Configuration of Multiple LDAP Data Sources - Identity Management - SAP Library
  1618342 - Multiple LDAP Datasources - Active Directories where logon IDs
  are not unique
  762419 - Multi-Domain Logon Using Microsoft Active Directory
  Please have a look at the above notes which documet this and also tells
  you what to do in these situations.
  Regards,
  David

• Jabber for Windows - wildcard search against LDAP directory

  Hi all,
  I have set up an on premise environment with CUCM, CUPS and a 3rd party LDAP Directory. For CUPC everything is working fine. For Jabber for Windows it took me some time to find the correct jabber-config.xml settings to make it working.
  At the moment I am able to search the LDAP Directory, but I have to write the complete Name, i.e. "Miller, John", in the search field. If I try it with "Miller" only, I get no results for my search.
  I played arround with the  <UseWildcards>0</UseWildcards>  tag without any changes in the behaviour.
  Is there anybody who can help?
  Best regards
  Manfred

  Hi Manfred,
  Jabber for Windows has been tested with following directory services:
  Supported Directories
  Microsoft Active Directory  2003
  Microsoft Active Directory  2008
  Cisco Unified Communications Manager User Data Service UDS  is supported on Cisco Unified Communications Manager version 8.6.2 or later.
  OpenLDAP
  The behavior you are seeing could be related to interop issues. I suggest to open a TAC case for further assistance.
  Thanks,
  Maqsood

• Can't Authenticate in LDAP directory after upgrade from 10.4.11 to 10.5.1

  Hi, all
  Yesterday I have tried to upgrade my Xserve Intel from 10.4.11 Tiger to 10.5.1 Leopard Server
  In my server there is this service:
  -AFP
  -DNS
  -SMB
  -Open Directory Master
  - XSAN Primary MDC
  All works fine but when I try to acces with worgroup manager to LDAP directory I can't authenticate with "diradmin" this thing appen in local machine and with remote worgroup manager connected to the server.
  I have tried with "root" user and I have been able to authenticate for some time, (5-15 min.) after It's impossible to access with all user.
  The client still authenticate with user and password in all computer with 10.5.1 and 10.4.11 workstation, but now i wan't to add some new users and I can't do That!!!!!
  So for now I have restore my old 10.4.11 Server Tiger, but I wish to know if someone have tried new 10.5.2 server upgrade and maybe there is some kind of fix to this problem.
  Thank's In Advance

  After posting on numerous message boards, and no one having an exact answer, but several making plenty of great suggestions, I think I've finally figured out the cause of this issue or at least part of the cause.
  Within 'Server Admin', select "Open Directory",
  under: Settings > Policy > Binding
  there are six check boxes under "Security"... for testing kerberos, I have been checking the first four boxes, which are:
  1. disable clear text passwords
  2. digitally sign all packets (requires Kerberos)
  3. encrypt all packets (requires ssl or kerberos)
  4. block man-in-the-middle attackes (requires kerberos)
  through troubleshooting this myself, and doing each change, followed by a server reboot, then immediately attempting to authenticate to /LDAPv3/127.0.0.1/, it seems that enabling some, or some combination of these Security settings triggers WordGroup Manager to not accept the diradmin password.
  referring to the numbers above (1 through 4)...
  2 or 4 by themselves fails
  1 and 3 together fails
  I haven't gone beyond that for testing and don't know what other combinations works or fails.
  I don't know if there is something beyond this that is specific to my configuration or environment that plays a part in this failing. All I know is that turning off all Security checkboxes in this section fixes the problem.
  I wonder if anyone who has never seen this problem can try this on their 10.5.2 Server and see if they are still able to authenticate as their diradmin to WGM. Regardless, seems that this is a WGM bug to me, right?
  if you are having this problem, uncheck all of these boxes and then reboot before trying to authenticate.

• LDAP External Authentication Multiple Search Base DNs question

  hi,
  im trying two add two LDAP search DNs to a portal 6.2 organisation.
  with one search base dn it works fine.
  when i add another, all ldap auth for that org stops working.
  the docs confusingly state that if you have multiple search dns (not talking about multiple ldap servers here - just the search base dns) that you should prefix each entry with the local server name. the docs however provide no examples of the syntax.
  can anyone provide an example for multiple search dns? e.g. is it <server:port>:o=<etc> (doesn't seem to work).
  thanks

  hi,
  yes i have.. but when you enter more than one it stop working... with only one entry in the gui it will work for that entry but when you add another it stops working...
  i had to use a manual workaround like this to get the second going... :(
  External ldap authentication
  register the LDAP authentication service in the gui and setup the first DN as normal.
  create the first set of entries for the ldap host and the base dn in the gui as normal etc.
  the gui in the admin console is not working (depending on your point of view), so you need to add the second ldap config manually -
  All commands are run from the /apps/jes/SUNWam/bin directory
  1. Get an encrypted value for the bind dns (cn=Directory Manager) password you want to bind to the ldap directory as by using the ampassword utility shipped with Identity Server.
  ./ampassword -e directory_manager password
  More information on this utility can be found in the Sun ONE Identity Server Administration Guide.
  2. Copy the encrypted password as the value for the iplanet-am-auth-ldap-bind-passwd in the XML file (serviceAddMultipleLDAPConfigurationRequests.xml) created in Step 1. The XML file contains a template for creating the second LDAP DN.
  3. Modify the data XML file accordingly so that the relevant details are provided for the 2nd ldap server (bind dn search base etc) and load this into the portal directory using the amadmin command line tool as follows from the /opt/SUNWam/bin directory
  ./amadmin -u amadmin -w administrator_password -v -t serviceAddMultipleLDAPConfigurationRequests.xml
  If the imported xml values are incorrect delete and reload the imported xml data using amadmin command tool. Alternatively you can modify the ldap data directly on the primary identity server (ldap server) using a client browser though this method is not supported .
  You should be able to see new imported values for the second ldap server at dn:ou=subconfig1,ou=default,ou=OrganizationConfig,ou=1.0,ou=iPlanetAMAuthLDAP
  Service,ou=services,ou=ORG,o=lgaq.qld.gov.au on the primary ldap server (where ORG is the organisation you wanted to add the second DN).

• Integrating Flat File data to LDAP Directory using sunopsis driver

  Hello
  I need to import data from a csv file into a LDAP Directory.
  In order to acheive this, i used Demo physical and logical File data server (called FILE_GENERIC) and set up a new LDAP data server using tutorial "Oracle Data Integrator Driver for LDAP - User's Manual".
  I can manually see and update data on both file and LDAP datastores.
  The fact is that i cannot manage to import/update data from the file to the LDAP directory through a dedicated interface.
  The issue do, i think, come from the PK/FK used by sunopsis relational model to represent the directory.
  LDAP DN is represented by a set of two table representing in my example the organizational units in one hand and the persons in the other hands, linking them through FK in persons to auto-generated PK in organization units. My person table also have a auto generated PK. All the directory datastore tables have been reversed through ODI.
  In my interface, i always use my cn as update key.
  I first tried not to map the person PK in the interface, letting the driver generating it for me (or mapping a null PK). I then catch in operator a message like: " null : java.sql.SQLException: Try to insert null into a non-nullable column".
  Anyway, the first row is created in the directory and a new PK is given into ODI datastore. Curiously, this is not as i would presume the last PK value + 1.
  There are some kinds of gaps in the ID sequences.
  I even tried checking the "tolerated error" into the IKM step called "Insert new row". I'm using IKM shipped with ODI :"IKM SQL Incremental Update". The sequence is finished in operator but due, i guess, to the catched error, the other rows are not processed. (Anyway i shouldn't have to tolerate errors)
  I tried after to put not used custom PK values into my file, then map the PK column to the LDAP datastore PK column without much success: Only one row is processed. Futhermore, the id of the PK in the datastore is different of the one I put in the file.
  I finally tried to generate PK values through SQL instructions by creating new steps in the IKM modul but that did not worked much.
  I really do not see any other ideas to either have the driver construct new PK at insert/update or to make him ignore the null PK problem and process all the rows.
  If anyone do have an idea about it, please share...
  Greetings,
  Adrien

  Hi,
  I am facing an issue who is probably the same.
  using ODI 10.1.3.5, I can't insert new rows into my openLDAP.
  One of the point I see is that the execution take the LDAP server for staging area and want to create I$ table into it, so the data are already imported into the ldap Server.
  thanks for any help.

• Problem with Sun Outlook connector Microsoft LDAP Directory MAPI Service Pr

  Dear All
  I have big problem with sun outlook connector and I can find any way to fix the problem,
  I am using sun java system connector deployment to create installation script for my clients.
  in the tool I have specify the location of Microsoft LDAP services, I am using outlook 2003 and sun say this option is not needed for outlook 2003, if I try to create the script and run the script on target client I will receive below error,
  I tried the office CD-ROM as path for LDAP services but the outlook connector says there is no LDAP services on the CD and I receive same error,
  19:02:29 [5365] Outlook version is 11.0.5608.0.
  19:02:29 [5376] Adding MAPI directory 'C:\Program Files\Common Files\System\MAPI\1033' to PATH.
  19:02:29 [5475] TMP directory is 'C:\DOCUME~1\MMESKA~1\LOCALS~1\Temp'.
  19:02:31 [5362] Checking Windows version.
  19:02:31 [5363] Windows version is 5.1.
  19:02:31 [5364] Checking Outlook version.
  19:02:31 [5509] Checking default mail client.
  19:02:31 [5508] Default mail client is 'Microsoft Outlook'.
  19:02:31 [5178] Verifying that Outlook is not running.
  19:02:31 [5179] Trying to login to shared session.
  19:02:31 [5369] Installing Sun Java System MAPI Service Providers using 'C:\DOCUME~1\MMESKA~1\LOCALS~1\Temp\Sun Outlook Connector\sunone-mapi-services.msi'.
  19:02:32 [5502] Upgrading the Sun Java System MAPI Service Providers.
  19:02:40 [5370] Finished installing Sun Java System MAPI Service Providers.
  19:02:40 [5366] Checking whether Sun Java System MAPI Service Providers are installed.
  19:02:40 [5367] Sun Java System MAPI Service Providers are installed.
  19:02:40 [5416] Checking whether Microsoft LDAP Directory MAPI Service Provider is installed.
  19:02:40 [5418] The Microsoft LDAP Directory MAPI Service Provider is not installed:
  19:02:40 File 'C:\Program Files\Common Files\System\MAPI\1033\EMABLT32.DLL' does not exist.
  19:02:40 [5416] Checking whether Microsoft LDAP Directory MAPI Service Provider is installed.
  19:02:40 [5418] The Microsoft LDAP Directory MAPI Service Provider is not installed:
  19:02:40 File 'C:\Program Files\Common Files\System\MAPI\1033\EMABLT32.DLL' does not exist.
  19:02:41 ERROR: Microsoft LDAP Directory MAPI Service Provider must first be installed.
  Best regards
  Mo

  Hi,
  Have a look at:
  http://forum.java.sun.com/thread.jspa?messageID=9320116
  Directions on the installation/configuration and requirements of the outlook connector (for 2005Q4 since you haven't told us what version of the comm suite you are using) are available at docs.sun.com e.g.
  http://docs.sun.com/app/docs/prod/2783#hic
  Outlook connector requires that you have UWC (a.k.a communication express) installed and configured, which has it's own requirements. UWC provides the single web-interface to mail & calendar & address-book. Outlook uses the address-book functionality via UWC, IMAP and SMTP for messaging/email, plus WCAP for calendar.
  Regards,
  Shane.

• LDAP security authentication in weblogic sp4 (URGENT)

  We have a web application which interacts to the D/B to authenticate a user during our login process. Now we are trying to change the login to LDAP authentication. Here is the List I did on weblogic configuration correct me if this is correct or if am missing any thing.
  1. Created a Realm
  2. Created a NOVELL LDAP Authenticator (configured user, groups, members, Novell LDAP, Details)
  3. Created a X.509 certificates ????? Do I need to create this one for authentication. The only question is I am confused by these parameters and help me out in figuring out these:
  a. filter attributes = cn=$subj.cn
  b. username attribute = cn
  c. userCertificate;binary ??? ( I have a certificate idmtree.der where do I add configuration about this certificate in the console)>>>>>>>>
  d. certificate mapping : ou=user,ou=$subj.ou,o=$subj.o,c=$subj.c (IS THIS CORRECT)
  4. created a new Weblogic Default Authorizer...
  5. created a new Weblogic Default Role Mapper...
  6. created a new Weblogic Default Credential Mapper ...(Do I need to setup my certificate inside this credential mapper or not.)
  7. I made this realm as the DEFAULT realm and started the server
  I get the following exception.
  Initializing RoleMapper provider using LDIF template file C:\bea\user_projects\domains\mydomain\.\DefaultRoleMapperInit.ldift.>
  The RoleMapper provider has had its LDIF information loaded from: C:\bea\user_projects\domains\mydomain\.\DefaultRoleMapperInit.ldift>
  Initializing Authorizer provider using LDIF template file C:\bea\user_projects\domains\mydomain\.\DefaultAuthorizerInit.ldift.>
  The Authorizer provider has had its LDIF information loaded from: C:\bea\user_projects\domains\mydomain\.\DefaultAuthorizerInit.ldift>
  Loading trusted certificates from the jks keystore file C:\bea\weblogic81\server\lib\DemoTrust.jks.>
  Loading trusted certificates from the jks keystore file C:\bea\JDK142~1\jre\lib\security\cacerts.>
  Loading trusted certificates from the jks keystore file C:\bea\weblogic81\server\lib\DemoTrust.jks.>
  Loading trusted certificates from the jks keystore file C:\bea\JDK142~1\jre\lib\security\cacerts.>
  Certificate chain received from ldapidv.merc.chicago.cme.com - 10.5.19.190 was not trusted causing SSL handshake failure.>
  Server failed during initialization. Exception:weblogic.security.service.SecurityServiceRuntimeException: [Security:090371]Problem instantiating Authentication Provider weblogic.security.providers.authentication.LDAPAtnDelegateException: [Security:090294]could not get connection - with nested exception:
  [java.lang.reflect.InvocationTargetException - with target exception:
  [netscape.ldap.LDAPException: [Security:090477]Certificate chain received from ldapidv.merc.chicago.cme.com - 10.5.19.190 was not trusted causing SSL handshake failure. (91)]]
  weblogic.security.service.SecurityServiceRuntimeException: [Security:090371]Problem instantiating Authentication Provider weblogic.security.providers.authentication.LDAPAtnDelegateException: [Security:090294]could not get connection - with nested exception:
  [java.lang.reflect.InvocationTargetException - with target exception:
  [netscape.ldap.LDAPException: [Security:090477]Certificate chain received from ldapidv.merc.chicago.cme.com - 10.5.19.190 was not trusted causing SSL handshake failure. (91)]]
  at weblogic.security.service.PrincipalAuthenticator.initialize(PrincipalAuthenticator.java:205)
  at weblogic.security.service.PrincipalAuthenticator.<init>(PrincipalAuthenticator.java:262)
  at weblogic.security.service.SecurityServiceManagerDelegateImpl.doATN(SecurityServiceManagerDelegateImpl.java:581)
  at weblogic.security.service.SecurityServiceManagerDelegateImpl.initializeRealm(SecurityServiceManagerDelegateImpl.java:420)
  at weblogic.security.service.SecurityServiceManagerDelegateImpl.loadRealm(SecurityServiceManagerDelegateImpl.java:700)
  at weblogic.security.service.SecurityServiceManagerDelegateImpl.initializeRealms(SecurityServiceManagerDelegateImpl.java:733)
  at weblogic.security.service.SecurityServiceManagerDelegateImpl.initialize(SecurityServiceManagerDelegateImpl.java:876)
  at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:734)
  at weblogic.t3.srvr.T3Srvr.initializeHere(T3Srvr.java:822)
  at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:670)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:344)
  at weblogic.Server.main(Server.java:32)
  >
  ####<Apr 6, 2006 10:42:55 AM CDT> <Emergency> <WebLogicServer> <DXPCHI029398> <myserver> <main> <<WLS Kernel>> <> <BEA-000342> <Unable to initialize the server: weblogic.security.service.SecurityServiceRuntimeException: [Security:090371]Problem instantiating Authentication Provider weblogic.security.providers.authentication.LDAPAtnDelegateException: [Security:090294]could not get connection - with nested exception:
  [java.lang.reflect.InvocationTargetException - with target exception:
  [netscape.ldap.LDAPException: [Security:090477]Certificate chain received from ldapidv.merc.chicago.cme.com - 10.5.19.190 was not trusted causing SSL handshake failure. (91)]]>
  ANY HELP on this would be greatly appreciated am totally exhausted seeing these error messages from morning.
  I would like to know if I need a client for connecting to this LDAP authenticator. As am using the Novell API to access the LDAP directory. Let me know, and if so can some one provide me a snippet code.\
  Waiting for response.
  thanks in advance
  kiran

  Hi Christoper,
  Based on your description, this seems to be more of a security related question than a workshop one.
  Please post to the security newsgroup at http://forums.bea.com/bea/category.jspa?categoryID=2011
  with information on service pack installed
  Thanks
  Raj

• Server 2012 errors for timeout -- LDAP error number: 55 -- LDAP error string: Timeout Failed to get server error string from LDAP connection

  Hello, currently getting below error msg's utilizing software thru which LDAP is queried for discovering AD objects/path and resource enumeration and tracking.
  Have ensured firewalls and port (389 ) relational to LDAP are not closed, thus causing hanging.
  I see there was a write up on Svr 2003 ( https://support.microsoft.com/en-us/kb/315071 ) not sure if this is applicable, of if the "Ntdsutil.exe" arcitecture has changed much from Svr 03. Please advise. 
  -----------error msg  ----------------
  -- LDAP error number: 55
  -- LDAP error string: Timeout Failed to get server error string from LDAP connection

  The link you shared is still applicable. You can adjust your LDAP policy depending on your software requirements.
  I would also recommend that you in touch with your software vendor to get more details about the software requirements.
  This posting is provided AS IS with no warranties or guarantees , and confers no rights.
  Ahmed MALEK
  My Website Link
  My Linkedin Profile
  My MVP Profile

• How to fill a LDAP directory

  Hi;
  I have realize a application which authenticates from LDAP directory, the users and affect profils to them.
  Q: which is the best means to feed this directory LDAP (its possible from my web application to modify the LDAP password) in using another application or another LDAP directory, or another solution ?
  Regards;

  Q: which is the best means to feed this directory
  LDAP (its possible from my web application to modify
  the LDAP password) in using another application or
  another LDAP directory, or another solution ?Are you looking to manually update this information or are you looking for a way for users to be able to interactively maintain passwords and admin to maintain roles in real time? Another possibility is keeping seperate corporate ldap and an application ldap instances in sync (ie - user has 1 password for all network apps maintained in corporate ldap, but application ldap has application specific roles and such which cannot be stored in corporate ldap). Clearer definition of exactly what you need here would be useful.
  If the first case, there are ldap utilities which work with ldif files to handle this - should be able to google it to come up with what you need - ldapmodify I think.
  If you are looking to be able to maintain the data from the application, likely you'll need to figure out your security model and build the interface to update this information. It can be done from the web app, from a standalone utility, or whatever works best for your situation.

• LDAP user authentication on EP6 built on NW04 abap+java

  Hello,
  Our customer insisted we install is EP6 system as a ABAPJAVA system. He asked that users login to the portal will be authenticated (username password) from their directory service via LDAP. Because the EP6 is built on a ABAPJAVA, and not only JAVA, I cannot use the portal or visual adiministrator tools to make the LDAP be the source User Management system.
  I have been looking all day in the sap online help and I do not see any instructions on how to configure user+password logon authentication via LDAP on an ABAP based UME system. The most I have managed was to setup the connection from the EP6 system to ldap via transaction LDAP and bring up the ldap connector.
  I need to know how to proceed from here.
  Thanks
  Boaz

  Hello,
  I add a notion that this configuration is not supported.
  However, please look at the following link, which relates to an ABAP system, I refer to the bolded section.
  http://help.sap.com/saphelp_nw2004s/helpdata/en/aa/a17941601b050de10000000a1550b0/frameset.htm
  The following is mentioned in this link:
  The user password is not transferred from the SAP Web AS to the LDAP directory during the synchronization of the user data. You must therefore maintain the user password with one of the following options:
  You specify the passwords centrally in the LDAP server. The users must log on using the UME, are authenticated with the LDAP server, receive a logon ticket and can then access all systems with Single Sign-On. In this case, all systems must be configured so that they accept logon tickets.
  ·        You specify the passwords in a decentralized way, both in the CUA and in the LDAP directory (or in the UME). In this case, the CUA systems do not need to accept logon tickets.
  What is the meaning behind this?
  Thanks
  Boaz

• Ldap server authentication for EAI domain

  Hi everybody,
  I have configured a new realm fot the security of the created EAI Domain and
  made it default. In this realm, the authentication provider is the iPlanet LDAP
  Server.
  Now the booting is fine but then when I am starting the Weblogic Studio, it is
  not getting authenticated and I keep getting the error :
  <Nov 26, 2002 10:00:27 AM IST> <Error> <B2B> <000000> <<WLI-Security> ERROR: No
  realm found.>
  <Nov 26, 2002 10:00:27 AM IST> <Error> <B2B> <000000> <<WLI-Security> ERROR: Ini
  tialization of WLI Authentication Service failed with exception java.lang.Runtim
  eException: ERROR: No realm found..>
  The error page obtained at studio is what is given as attachment.
  Anybody having any info regarding the same - pl. do pass on.
  Thanks and regards,
  Ritwik
  [wli-error.doc]

  Hello Ritwik,
  it should for sure, but with this release WLI depends on the
  compatibility realm.
  Christian Plenagl
  Developer Relations Engineer
  BEA Support
  "Ritwik" <[email protected]> wrote:
  >
  Conceptually if I create respective groups (similar to the groups and
  users of
  the compatability realm) in the ldap server and do the authentication
  from there
  - it should work - shouldn't it???
  Any pointer !!!
  Regds,
  Ritwik
  "Christian Plenagl" <[email protected]> wrote:
  Hi Ritwik,
  you can read in the WLI documentation, that WLI7 currently supportsthe
  compatibility
  realm only.
  Please have a look at:
  http://e-docs.bea.com/wli/docs70/deploy/secure.htm#1365621
  Christian Plenagl
  Developer Relations Engineer
  BEA Support
  "Ritwik" <[email protected]> wrote:
  Hi everybody,
  I have configured a new realm fot the security of the created EAI
  Domain
  and
  made it default. In this realm, the authentication provider is theiPlanet
  LDAP
  Server.
  Now the booting is fine but then when I am starting the Weblogic Studio,
  it is
  not getting authenticated and I keep getting the error :
  <Nov 26, 2002 10:00:27 AM IST> <Error> <B2B> <000000> <<WLI-Security>
  ERROR: No
  realm found.>
  <Nov 26, 2002 10:00:27 AM IST> <Error> <B2B> <000000> <<WLI-Security>
  ERROR: Ini
  tialization of WLI Authentication Service failed with exception java.lang.Runtim
  eException: ERROR: No realm found..>
  The error page obtained at studio is what is given as attachment.
  Anybody having any info regarding the same - pl. do pass on.
  Thanks and regards,
  Ritwik

• How do I export existing Siebel employees to my LDAP directory?

  All;
  I have a fully-functional Siebel implementation using an LDAP directory server; I can create new employees, and they are migrated to the LDAP server without any problem.
  Unfortunately, I'm using a pre-populated Siebel database with roughly 250 employees, none of whom are in the LDAP directory. I can enter them on the LDAP server one-by-one, but this is painful, to say the least.
  If I try to add a password to them using the Siebel application to get them moved to the LDAP directory, I am told that "the user does not exist in the authentication system".
  So the problem is clear: In Siebel CRM, on a "create", an LDAP record is created. On an "update", it looks for an existing LDAP record, which I don't have.
  Is there any easy way around this, so I can populate my LDAP directory with my existing employees and their passwords?
  Thanks!
  Joe

  What about using a DB client and export the user data that you have in the Siebel DB?
  Then use this data to load the users into the LDAP server?
  Axel

• External LDAP for authentication

  Hi All,
  I want to use external ldap for authentication purpose with Access Manager.
  I tried adding this external ldap as a secondary ldap but couldn�t succeed.
  If I add this ldap in the primary ldap along with the AM�s own ldap, this also fails to authenticate users from the external ldap.
  How can I achieve this?
  I read many topics in this forum regarding this but none of them explain how it can be achieved.
  Please suggest.
  Thanks in advance.

  This is what the amconsole log says:
  ERROR: ConsoleServletBase.onUncaughtException
  java.lang.NullPointerException
       at com.sun.identity.idm.plugins.ldapv3.LDAPv3Repo.constructFilter(LDAPv3Repo.java:3126)
       at com.sun.identity.idm.plugins.ldapv3.LDAPv3Repo.search(LDAPv3Repo.java:1996)
       at com.iplanet.am.sdk.AMDirectoryManager.search(AMDirectoryManager.java:1938)
       at com.sun.identity.idm.AMIdentityRepository.searchIdentities(AMIdentityRepository.java:221)
       at com.sun.identity.console.idm.model.EntitiesModelImpl.getEntityNames(EntitiesModelImpl.java:139)
       at com.sun.identity.console.idm.EntitiesViewBean.getEntityNames(EntitiesViewBean.java:222)
       at com.sun.identity.console.idm.EntitiesViewBean.beginDisplay(EntitiesViewBean.java:177)
       at com.iplanet.jato.taglib.UseViewBeanTag.doStartTag(UseViewBeanTag.java:149)
       at jsps.console._idm._Entities_jsp._jspService(_Entities_jsp.java:86)
       at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:107)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
       at com.iplanet.ias.web.jsp.JspServlet$JspServletWrapper.service(JspServlet.java:687)
       at com.iplanet.ias.web.jsp.JspServlet.serviceJspFile(JspServlet.java:459)
       at com.iplanet.ias.web.jsp.JspServlet.service(JspServlet.java:375)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
       at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:772)
       at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:471)
       at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:382)
       at com.iplanet.jato.view.ViewBeanBase.forward(ViewBeanBase.java:340)
       at com.iplanet.jato.view.ViewBeanBase.forwardTo(ViewBeanBase.java:261)
       at com.sun.identity.console.base.AMViewBeanBase.forwardTo(AMViewBeanBase.java:133)
       at com.sun.identity.console.base.AMPrimaryMastHeadViewBean.forwardTo(AMPrimaryMastHeadViewBean.java:149)
       at com.sun.identity.console.idm.HomeViewBean.forwardTo(HomeViewBean.java:109)
       at com.sun.identity.console.realm.RealmPropertiesBase.nodeClicked(RealmPropertiesBase.java:90)
       at com.sun.web.ui.view.tabs.CCTabs.handleTabHrefRequest(CCTabs.java:129)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:585)
       at com.iplanet.jato.view.command.DefaultRequestHandlingCommand.execute(DefaultRequestHandlingCommand.java:183)
       at com.iplanet.jato.view.RequestHandlingViewBase.handleRequest(RequestHandlingViewBase.java:308)
       at com.iplanet.jato.view.ViewBeanBase.dispatchInvocation(ViewBeanBase.java:802)
       at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandlerInternal(ViewBeanBase.java:740)
       at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandlerInternal(ViewBeanBase.java:760)
       at com.iplanet.jato.view.ViewBeanBase.invokeRequestHandler(ViewBeanBase.java:571)
       at com.iplanet.jato.ApplicationServletBase.dispatchRequest(ApplicationServletBase.java:957)
       at com.iplanet.jato.ApplicationServletBase.processRequest(ApplicationServletBase.java:615)
       at com.iplanet.jato.ApplicationServletBase.doGet(ApplicationServletBase.java:459)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:787)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:908)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
       at com.sun.mobile.filter.AMLController.doFilter(AMLController.java:163)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:213)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
       at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:280)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
       at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:212)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:209)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:509)
       at com.iplanet.ias.web.connector.nsapi.NSAPIProcessor.process(NSAPIProcessor.java:161)
       at com.iplanet.ias.web.WebContainer.service(WebContainer.java:580)

• Problem with outlook connector LDAP Directory MAPI Service Provider is not

  Hi,
  I have very basic problem with sun outlook connector client.
  I am using sun java system connector deployment tools to create client installation script, on first page I have to supply the location for web publisher and Microsoft LDAP service, I can find web publisher and I don't have any clue about location of LDAP services and without this my client instaltion script keep failing with following error.
  The Microsoft LDAP Directory MAPI Service Provider is not installed.
  --- 2006/09/25 14:14 ---
  14:14:25 [5365] Outlook version is 11.0.5608.0.
  14:14:25 [5376] Adding MAPI directory 'C:\Program Files\Common Files\System\MAPI\1033' to PATH.
  14:14:25 [5475] TMP directory is 'C:\DOCUME~1\MMESKA~1\LOCALS~1\Temp'.
  14:14:26 [5362] Checking Windows version.
  14:14:26 [5363] Windows version is 5.1.
  14:14:26 [5364] Checking Outlook version.
  14:14:26 [5509] Checking default mail client.
  14:14:26 [5508] Default mail client is 'Microsoft Outlook'.
  14:14:26 [5178] Verifying that Outlook is not running.
  14:14:26 [5179] Trying to login to shared session.
  14:14:26 [5369] Installing Sun Java System MAPI Service Providers using 'C:\DOCUME~1\MMESKA~1\LOCALS~1\Temp\Sun Outlook Connector\sunone-mapi-services.msi'.
  14:14:28 [5502] Upgrading the Sun Java System MAPI Service Providers.
  14:14:38 [5370] Finished installing Sun Java System MAPI Service Providers.
  14:14:38 [5366] Checking whether Sun Java System MAPI Service Providers are installed.
  14:14:38 [5367] Sun Java System MAPI Service Providers are installed.
  14:14:38 [5416] Checking whether Microsoft LDAP Directory MAPI Service Provider is installed.
  14:14:38 [5418] The Microsoft LDAP Directory MAPI Service Provider is not installed:
  14:14:38 File 'C:\Program Files\Common Files\System\MAPI\1033\EMABLT32.DLL' does not exist.
  14:14:38 [5416] Checking whether Microsoft LDAP Directory MAPI Service Provider is installed.
  14:14:38 [5418] The Microsoft LDAP Directory MAPI Service Provider is not installed:
  14:14:38 File 'C:\Program Files\Common Files\System\MAPI\1033\EMABLT32.DLL' does not exist.
  14:14:38 ERROR: Microsoft LDAP Directory MAPI Service Provider must first be installed.
  Thank you for your help.
  Best regards
  Mo

  Hi,
  If memory serves, Outlook XP offered the ability to set what address-book connectors were installed, one of which was LDAP (by default enabled). It may be a similar situation with Outlook 2003 (which I assume you are using based on the version number in the debug logs). Try using the Office '03 install CD and see if you can find the LDAP addressbook option and install it.
  Regards,
  Shane.