ActiveDirectory/LDAPRealm Problem

I'm trying to authenticate users of my Web Application against users in an
ActiveDirectory LDAP Server.
When the admin console lists all of the users in the ActiveDirectory server
it lists then by their full name which is stored in the 'cn' attribute. It
does not allow users to log into the application with either their username
or their full name as contained in the 'cn' attribute. I have tried both
'local' and 'bind' UserAuthentication.
When I try to access their login name or email address, using
'sAMAccountName' or 'userPrincipalName' in the UserNameAttribute field, I
get a RuntimeOperationsException when accessing either my application or the
admin console. Abbreviated exception folloed by LDAPRealm config...
javax.management.RuntimeOperationsException: RuntimeException thrown by the
getAttribute method of t
he DynamicMBean for the attribute FileTimeSpan
at
com.sun.management.jmx.MBeanServerImpl.getAttribute(MBeanServerImpl.java:118
3)
at
com.sun.management.jmx.MBeanServerImpl.getAttribute(MBeanServerImpl.java:115
1)
at
weblogic.management.internal.MBeanProxy.getAttribute(MBeanProxy.java:223)
at
weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:156)
at $Proxy3.getFileTimeSpan(Unknown Source)
at weblogic.logging.FileStreamLogger.log(FileStreamLogger.java:169)
My LDAPRealm looks like this
<LDAPRealm
Name="ActiveDirectoryRealm"
LDAPURL="ldap://server:389"
AuthProtocol="simple"
Principal="[email protected]"
Credential="credential"
GroupDN="DC=com,DC=xxx,DC=server,CN=Users"
GroupIsContext="false"
GroupNameAttribute="cn"
GroupUsernameAttribute="member"
UserAuthentication="local"
UserDN="DC=com,DC=xxx,DC=server,CN=Users"
UserNameAttribute="cn"
UserPasswordAttribute="userPassword"/>

>
My production LDAP environment returns referrals. Normally this is dealt
with by setting the Context.Referral parameter to "follow" rather than the
default JNDI "ignore" value. I can't seem to find any documentation on the
"configuration data" field of weblogic.security.ldaprealmv2.LDAPRealm or
even get at any API docs for this class.
Can somebody tell me if there is a configuration parameter I can pass to
this class which accomplishes this? If not, can BEA provide someassistance
(source code or API documentation) so that we can modify this class? (I'm
not excited about writing my own CustomAuthentication class this week..)
The ldap realm v2 uses the netscape sdk. By default, a netscape sdk client
follows
referrals automatically.However, the client binds anonymously to the server.
There is currently no method for the ldap realm v2 to follow referrals and
bind
as a specific user.
Does your production system have the same principal and credentials for
both the original and referral directory server?
Peter

Similar Messages

Weblogic.security.ldaprealmv2.LDAPRealm problem..

Hi All,
I'm running WLS6.1sp1 and I have a bit of a snag. I've been able to
successfully configure WLS6.1 to authenticate against a single development
LDAP server, but I'm running into problems with my production LDAP
environment.
My production LDAP environment returns referrals. Normally this is dealt
with by setting the Context.Referral parameter to "follow" rather than the
default JNDI "ignore" value. I can't seem to find any documentation on the
"configuration data" field of weblogic.security.ldaprealmv2.LDAPRealm or
even get at any API docs for this class.
Can somebody tell me if there is a configuration parameter I can pass to
this class which accomplishes this? If not, can BEA provide some assistance
(source code or API documentation) so that we can modify this class? (I'm
not excited about writing my own CustomAuthentication class this week..)
Jason Hanna
Lead Technical Architect - EMC.com

>
My production LDAP environment returns referrals. Normally this is dealt
with by setting the Context.Referral parameter to "follow" rather than the
default JNDI "ignore" value. I can't seem to find any documentation on the
"configuration data" field of weblogic.security.ldaprealmv2.LDAPRealm or
even get at any API docs for this class.
Can somebody tell me if there is a configuration parameter I can pass to
this class which accomplishes this? If not, can BEA provide someassistance
(source code or API documentation) so that we can modify this class? (I'm
not excited about writing my own CustomAuthentication class this week..)
The ldap realm v2 uses the netscape sdk. By default, a netscape sdk client
follows
referrals automatically.However, the client binds anonymously to the server.
There is currently no method for the ldap realm v2 to follow referrals and
bind
as a specific user.
Does your production system have the same principal and credentials for
both the original and referral directory server?
Peter

Search problem with ActiveDirectory - please help

Hi,
I've tried to get a list of the users out of the Active Directory.
But I just can't get my code to work. It returns nothing back.
The problem should be simple. But I can not figure out why.
Please help!
Raymond
import javax.naming.*;
import javax.naming.event.*;
import javax.naming.directory.*;
import javax.naming.ldap.*;
import java.util.Hashtable;
import java.util.Vector;
import java.util.Enumeration;
public class AdClient {
public AdClient() {
getUsers();
public static void main(String args[]) {
Client client = new Client();
private void getUsers() {
// domain = utest
String INITCTX = "com.sun.jndi.ldap.LdapCtxFactory";
String HOST = "ldap://192.168.128.50:389";
String SEARCHBASE = "ou=Users,dc=utest,dc=com";
String FILTER = "cn=*";
try {
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, INITCTX);
env.put(Context.PROVIDER_URL, HOST);
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, "[email protected]");
env.put(Context.SECURITY_CREDENTIALS,"admin");
DirContext ctx = new InitialDirContext(env);
SearchControls constraints = new SearchControls();
constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
NamingEnumeration results;
// now search for the users
results = ctx.search(SEARCHBASE, FILTER, constraints);
while (results.hasMoreElements()) {
SearchResult sr = (SearchResult)results.nextElement();
System.out.println(sr.getName());
ctx.close();
} catch(Exception e) {
e.printStackTrace();
}

I tried your code...
There were two issues I saw, when I changed them it worked!
1) public static void main(String args[]) {
Client client = new Client();
should be
public static void main(String args[]) {
AdClient client = new AdClient();
2) String SEARCHBASE = "ou=Users,dc=utest,dc=com";
env.put(Context.SECURITY_PRINCIPAL, "[email protected]");
Should be
String SEARCHBASE = "ou=Users,dc=utest,dc=newcom,dc=com";
env.put(Context.SECURITY_PRINCIPAL, "[email protected]");

Problem with ActiveDirectory Password Sync in OIM 11gR2

Hi,
I installed active directory password sync connector successfully and i enabled SPML web-service also .but the problem is while changing password in AD it is not reflecting in OIM
log info in 20120930082425511_adsi_debug file is
Debug [09/30/12 08:24:25] CONFIG VALUE LENGTH
Debug [09/30/12 08:24:25] 330
Debug [09/30/12 08:24:25]
Debug [09/30/12 08:24:25]
Debug [09/30/12 08:24:25] Before adding configsync attributes
Debug [09/30/12 08:24:25]
sgslrgac instance
Debug [09/30/12 08:24:25] User Name --->
Debug [09/30/12 08:24:25] padmaja
Debug [09/30/12 08:24:25]
Debug [09/30/12 08:24:25] RelativeId:
Debug [09/30/12 08:24:25] 1152
Debug [09/30/12 08:24:25]
Debug [09/30/12 08:24:25]
sgsladac Instance
Debug [09/30/12 08:24:25]
LDAP Connected
Debug [09/30/12 08:24:25] search string :
Debug [09/30/12 08:24:25] (&(objectCategory=person)(objectClass=user)(sAMAccountName=padmaja))
Debug [09/30/12 08:24:25]
Debug [09/30/12 08:24:25] Connected to ADSI
Debug [09/30/12 08:24:25] After Search
Debug [09/30/12 08:24:25] SID::
Debug [09/30/12 08:24:25] S-1-5-21-2856378657-228540474-388709823-1152
Debug [09/30/12 08:24:25]
Debug [09/30/12 08:24:25] DN::
Debug [09/30/12 08:24:25] CN=padmaja,OU=Users1,DC=odc,DC=com
Debug [09/30/12 08:24:25]
Debug [09/30/12 08:24:25] GUID:::
Debug [09/30/12 08:24:25] YzyFkltH9UqYuk/zbJiSuQ==
Debug [09/30/12 08:24:25]
Debug [09/30/12 08:24:25] after ladp search
Debug [09/30/12 08:24:25] Success sgsldpap
Debug [09/30/12 08:24:25]
Passlen populated :
Debug [09/30/12 08:24:25] 266
Debug [09/30/12 08:24:25]
Debug [09/30/12 08:24:25]
Moving sgsloidi from asynchSystem
Debug [09/30/12 08:24:25] Store Object populated
Debug [09/30/12 08:24:25] [getObjectGuid=YzyFkltH9UqYuk/zbJiSuQ==
getPasswordLen=266
getUserDn=CN=padmaja,OU=Users1,DC=odc,DC=com
getUserId=padmaja
Debug [09/30/12 08:24:25]
***end of status
Debug [09/30/12 08:24:25]
Out of sgsloidi from asynchSystem
Debug [09/30/12 08:24:25]
Before Free
Debug [09/30/12 08:24:25]
After Free
Thanks,

Hi,
This is my Error in OIM Log file :
Debug [10/01/12 02:11:17] Search result fetched
Debug [10/01/12 02:11:17] 2:430 7 314 420 AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAShm+mp7fKU2Dv/gbeNNOrgAAAAAmAAAAUABhAHMAcwB3AG8AcgBkACAARQBuAGMAcgBwAHQAaQBvAG4AAAAQZgAAAAEAACAAAAB7L8K4A9Eylj2yszNBI3x8VxQPEE7sA4HxLJehzytXBgAAAAAOgAAAAAIAACAAAACNbZQoSKuTFqSE6kbzrRONowt74kZX2/BoFbZ8249xTUAAAAAVM3ikVDndtYiDqBaZL1t9K17ptPUm7XrpFMRiF0OiyR1cPGq/n/CIElmHiwH43eHRNVGv0jI5vPYveKudnkWBQAAAAIn4+NxxMGHP3SBAngDcKLDAhoMfzJpsfteiAIjPePW2mWodSRWOUZvmjRKmbv+A/Pa2Dzce5UNkjaVlvBz41lQ=
Debug [10/01/12 02:11:17] --------------------&&&----------------
Debug [10/01/12 02:11:17] Inside sgsladds::sgsladdsgetData NEW Look
Debug [10/01/12 02:11:17] 2:430 7 314 420 AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAShm+mp7fKU2Dv/gbeNNOrgAAAAAmAAAAUABhAHMAcwB3AG8AcgBkACAARQBuAGMAcgBwAHQAaQBvAG4AAAAQZgAAAAEAACAAAAB7L8K4A9Eylj2yszNBI3x8VxQPEE7sA4HxLJehzytXBgAAAAAOgAAAAAIAACAAAACNbZQoSKuTFqSE6kbzrRONowt74kZX2/BoFbZ8249xTUAAAAAVM3ikVDndtYiDqBaZL1t9K17ptPUm7XrpFMRiF0OiyR1cPGq/n/CIElmHiwH43eHRNVGv0jI5vPYveKudnkWBQAAAAIn4+NxxMGHP3SBAngDcKLDAhoMfzJpsfteiAIjPePW2mWodSRWOUZvmjRKmbv+A/Pa2Dzce5UNkjaVlvBz41lQ=
Debug [10/01/12 02:11:17] Encoded Data Extracted in sgsladdsgetData
Debug [10/01/12 02:11:17] 430 7 314 420 AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAShm+mp7fKU2Dv/gbeNNOrgAAAAAmAAAAUABhAHMAcwB3AG8AcgBkACAARQBuAGMAcgBwAHQAaQBvAG4AAAAQZgAAAAEAACAAAAB7L8K4A9Eylj2yszNBI3x8VxQPEE7sA4HxLJehzytXBgAAAAAOgAAAAAIAACAAAACNbZQoSKuTFqSE6kbzrRONowt74kZX2/BoFbZ8249xTUAAAAAVM3ikVDndtYiDqBaZL1t9K17ptPUm7XrpFMRiF0OiyR1cPGq/n/CIElmHiwH43eHRNVGv0jI5vPYveKudnkWBQAAAAIn4+NxxMGHP3SBAngDcKLDAhoMfzJpsfteiAIjPePW2mWodSRWOUZvmjRKmbv+A/Pa2Dzce5UNkjaVlvBz41lQ=
Debug [10/01/12 02:11:17] Moving out sgsladdsgetData
Debug [10/01/12 02:11:17] Encoded Data Extracted
Debug [10/01/12 02:11:17] 430 7 314 420 AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAShm+mp7fKU2Dv/gbeNNOrgAAAAAmAAAAUABhAHMAcwB3AG8AcgBkACAARQBuAGMAcgBwAHQAaQBvAG4AAAAQZgAAAAEAACAAAAB7L8K4A9Eylj2yszNBI3x8VxQPEE7sA4HxLJehzytXBgAAAAAOgAAAAAIAACAAAACNbZQoSKuTFqSE6kbzrRONowt74kZX2/BoFbZ8249xTUAAAAAVM3ikVDndtYiDqBaZL1t9K17ptPUm7XrpFMRiF0OiyR1cPGq/n/CIElmHiwH43eHRNVGv0jI5vPYveKudnkWBQAAAAIn4+NxxMGHP3SBAngDcKLDAhoMfzJpsfteiAIjPePW2mWodSRWOUZvmjRKmbv+A/Pa2Dzce5UNkjaVlvBz41lQ=
Debug [10/01/12 02:11:17] Incrementing the MAX_RETRY LIMIT:
Debug [10/01/12 02:11:17] 3
Debug [10/01/12 02:11:17] numretries ======
Debug [10/01/12 02:11:17] 3
Debug [10/01/12 02:11:17] Inside sgslcodsupdateChild
Debug [10/01/12 02:11:17] 3:430 7 314 420 AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAShm+mp7fKU2Dv/gbeNNOrgAAAAAmAAAAUABhAHMAcwB3AG8AcgBkACAARQBuAGMAcgBwAHQAaQBvAG4AAAAQZgAAAAEAACAAAAB7L8K4A9Eylj2yszNBI3x8VxQPEE7sA4HxLJehzytXBgAAAAAOgAAAAAIAACAAAACNbZQoSKuTFqSE6kbzrRONowt74kZX2/BoFbZ8249xTUAAAAAVM3ikVDndtYiDqBaZL1t9K17ptPUm7XrpFMRiF0OiyR1cPGq/n/CIElmHiwH43eHRNVGv0jI5vPYveKudnkWBQAAAAIn4+NxxMGHP3SBAngDcKLDAhoMfzJpsfteiAIjPePW2mWodSRWOUZvmjRKmbv+A/Pa2Dzce5UNkjaVlvBz41lQ=
Debug [10/01/12 02:11:17]
Encrypted record data updated successfully
Debug [10/01/12 02:11:17] Inside sgsladac destructor
Debug [10/01/12 02:11:17] End of sgsloidiOIMGeneralErrorHandler
Debug [10/01/12 02:11:17] Password updation failed in child process
Debug [10/01/12 02:11:17]
Relaxing while processing records from datastore

Problems configuration ldapRealm

Hello,
I am trying to configure BEA Portal with our LDAP server which is Windows
Active Directory.
Here is the info on my environment:
BEA Portal 7.0, sp2
OS for LDAP server is Windows 2000
Here is the entry in my config.xml file for the ldap configuration:
<CustomRealm
ConfigurationData="user.filter=(&(cn=%u)(objectclass=Users));user.dn=ou=
Users,dc=weblogic,dc=local;server.port=389;server.principal=cn=weblogic,dc=w
eblogic,dc=local;group.filter==(&(cn=%g)(objectclass=Groups));server.hos
t=server1.weblogic.local;group.dn=ou=Groups,dc=weblogic,dc=local;membership.
scope.depth=1;microsoft.membership.scope=sub;membership.filter=(|(&(memb
erobject=%M)(objectclass=memberof))(&(groupobject=%M)(objectclass=groupm
emberof)));"
Name="ldapRealm" Password="<some encrypted password>"
RealmClassName="weblogic.security.ldaprealmv2.LDAPRealm"/>
I am using ldap v2 so I had to create a Custom Realm. When I switch my
caching realm to my ldapRealm and restart the server, I get the following
error:
####<May 2, 2003 11:30:11 AM PDT> <Info> <Logging> <WINKI> <portalServer>
<main> <kernel identity> <> <000000> <FileLogger Opened at
C:\workarea\portalDomain\.\logs\weblogic.log>
####<May 2, 2003 11:30:14 AM PDT> <Info> <Security> <WINKI> <portalServer>
<main> <kernel identity> <> <090516> <The RoleMapper provider has
preexisting LDAP data.>
####<May 2, 2003 11:30:14 AM PDT> <Critical> <WebLogicServer> <WINKI>
<portalServer> <main> <kernel identity> <> <000364> <Server failed during
initialization. Exception:weblogic.security.ldaprealmv2.LDAPRealmException:
could not get connection - with nested exception:
[java.lang.reflect.InvocationTargetException - with target exception:
[netscape.ldap.LDAPException: error result (49); 80090308: LdapErr:
DSID-0C09030B, comment: AcceptSecurityContext error, data 525, v893 ;
Invalid credentials]]>
java.lang.reflect.InvocationTargetException: netscape.ldap.LDAPException:
error result (49); 80090308: LdapErr: DSID-0C09030B, comment:
AcceptSecurityContext error, data 525, v893 ; Invalid credentials
at netscape.ldap.LDAPConnection.checkMsg(LDAPConnection.java:4852)
at netscape.ldap.LDAPConnection.internalBind(LDAPConnection.java:1757)
at netscape.ldap.LDAPConnection.authenticate(LDAPConnection.java:1294)
at netscape.ldap.LDAPConnection.authenticate(LDAPConnection.java:1303)
at netscape.ldap.LDAPConnection.bind(LDAPConnection.java:1613)
at
weblogic.security.ldaprealmv2.LDAPDelegate$LDAPFactory.newInstance(LDAPDeleg
ate.java:1885)
at weblogic.security.utils.Pool.getInstance(Pool.java:57)
at
weblogic.security.ldaprealmv2.LDAPDelegate.getConnection(LDAPDelegate.java:7
89)
at
weblogic.security.ldaprealmv2.LDAPDelegate.getUser(LDAPDelegate.java:871)
at weblogic.security.ldaprealmv2.LDAPRealm.getUser(LDAPRealm.java:57)
at weblogic.security.acl.CachingRealm.getUserEntry(CachingRealm.java:812)
at weblogic.security.acl.CachingRealm.getUser(CachingRealm.java:668)
at
weblogic.security.acl.internal.FileRealm.getPrincipalFromAnyRealm(FileRealm.
java:1009)
at
weblogic.security.acl.internal.FileRealm.ensureRequiredObjectsExist(FileReal
m.java:958)
at
weblogic.security.acl.internal.FileRealm.loadMembers(FileRealm.java:1209)
at
weblogic.security.SecurityService.initializeRealm(SecurityService.java:370)
at
weblogic.security.providers.realmadapter.AuthorizationProviderImpl.initializ
e(AuthorizationProviderImpl.java:72)
at
weblogic.security.service.SecurityServiceManager.createSecurityProvider(Secu
rityServiceManager.java:1875)
at
weblogic.security.service.AuthorizationManager.initialize(AuthorizationManag
er.java:206)
at
weblogic.security.service.AuthorizationManager.<init>(AuthorizationManager.j
ava:127)
at
weblogic.security.service.SecurityServiceManager.doATZ(SecurityServiceManage
r.java:1613)
at
weblogic.security.service.SecurityServiceManager.initializeRealm(SecuritySer
viceManager.java:1426)
at
weblogic.security.service.SecurityServiceManager.loadRealm(SecurityServiceMa
nager.java:1365)
at
weblogic.security.service.SecurityServiceManager.initializeRealms(SecuritySe
rviceManager.java:1487)
at
weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceM
anager.java:1207)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:723)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:594)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:282)
at weblogic.Server.main(Server.java:32)
Any information is greatly appreciated.
thanks,
Dominic
Dominic Nagar Release Engineer
p 415.875.7123 f 415.875.7001 [email protected]
Semaphore Partners www.semaphorepartners.com

Dominic Nagar <[email protected]> wrote:
I am trying to configure BEA Portal with our LDAP server which is
Windows Active Directory.Dominic and others:
Here's what I've found concerning BEA Portal 7 and Active Directory
2000. By the way, this is current as of BEA Platform 7.0.2.0. This
could change with version 8.1 and beyond.
- Active Directory does not currently work with Portal's
"compatibilityRealm"
- A future patch will be released by BEA (date unknown)
Instead, I would investigate and use either the Sun ONE Directory
Server (also known as, "iPlanet Directory"), Novell's eDirectory (also
known as, "NDS"), or OpenLDAP.
Give me a call if you need specifics.
Brian J. Mitchell
Systems Administrator, MIS
TRX
6 West Druid Hills Drive
Atlanta, GA 30329 USA
http://www.trx.com
email: [email protected]
office: +1 404 327 7238
mobile: +1 678 283 6530

Problem adding some user or active directory group to sharepoint 2010 group

Hi All
I have a problem in a specific site collection in a web Application (but not on other site collection in that webApp).
whenever I add a user like some system account to a sharepoint group or create a new sharepoint group or add an ActiveDirectory group to a sharepoint group I get an error and the user / group are not added :
System.Runtime.InteropServices.COMException: [Work Email Address] - [Wrong Email Format] at Microsoft.SharePoint.Library.SPRequestInternalClass.EnsureUserExists(String bstrUrl, String bstrLogin, String bstrEmail, String bstrName, String
bstrNotes, String bstrMobilePhone, Int32 lFlags, Boolean bIsRole, Boolean bSendEmail, Boolean bForceAdd, Byte[]& ppsaSystemId, Boolean bImportDeleted, Int32& plUserId) at Microsoft.SharePoint.Library.SPRequest.EnsureUserExists(String
bstrUrl, String bstrLogin, String bstrEmail, String bstrName, String bstrNotes, String bstrMobilePhone, Int32 lFlags, Boolean bIsRole, Boolean bSendEmail, Boolean bForceAdd, Byte[]& ppsaSystemId, Boolean bImportDeleted, Int32& plUserId)
when I add a regular user - all goes well.
10x for any help
Shlomy

Hi Shlomy,
i was thinking, perhaps there is an application that use this checking method on your specific site collection, and perhaps it is using a hard-coded command to request it, but seems it got some issue.
as the other site collections, may not have the issue, so perhaps other site collections don't have this application, and you may check that as lead investigation process.
you may try to capture fiddler tool, it may come in handy on tracing the http requests.
http://fiddler2.com/
usually when i trace the application, i would like to create new site, and add the webpart or application one by one, then i may know which application/webpart that have the issue.
as other regular user may not have the issue, perhaps its because system account is by design to not have an email address properties, so when the application/webpart request for it, it become failure.
Regards,
Aries
Microsoft Online Community Support
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Having multiple problems with script - NTFS Permissions and AD Groups

Hi, all! I'm having multiple problems with my first script I've written with Powershell. The script below does the following:
1. Prompts the user for a corporate division under which a shared folder will be created, and adjusts variables accordingly.
2. Prompts if the folder will be a global folder or an office/location-specific folder, and makes appropriate adjustments to variables.
3. If a global folder, prompts for the name. If an office/location-specific folder, prompts for each component of the street address, city and state and an optional modifier. I've prompted for this information in this way because the information
is used differently later on in the script.
4. Verifies the entered information and requests confirmation to proceed.
5. Creates the folder.
6. Creates an AD OU and/or security group(s).
7. Applies appropriate security groups to the new folder and removes undesired permissions.
Import-Module ActiveDirectory
$Division = ""
$DivAbbr = ""
$OU = ""
$OUDrive = "AD:\"
$FolderName = ""
$OUName = ""
$GroupName = ""
$OURoot = "ou=DFS Restructure Testing OU,ou=Pennsylvania Camp Hill 4410 Industrial Park Rd,ou=Locations,ou=Camp Hill,dc=jacobsonco,DC=com"
$FSRoot = "E:\"
$FolderPath = ""
$DefaultFolders = "Archive","Customer Service","Equipment","Inbounds","Management","Outbounds","Processes","Projects","Quality","Reports","Returns","Safety","Schedules","Time Keeping","Training"
[bool]$Location = 0
do {
$userInput = Read-Host "Enter CLS Division: (W)arehousing, (S)taffing, or (P)ackaging"
Switch ($userInput)
W {$Division = "Warehousing"; $DivAbbr = "WHSE"; $OU = "ou=Warehousing,"; break}
S {"Staffing is not yet implemented."; break}
P {"Packaging is not yet implemented."; break}
default {"Invalid choice. Please re-enter."; break}
while ($DivAbbr -eq "")
write-host ""
write-host ($Division + " was selected.")
$FolderPath = $Division + "\"
write-host ""
$choice = ""
do {
$choice = Read-Host "Will this be a (G)lobal folder or (L)ocation folder?"
Switch ($choice)
G {$Location = $false; break}
L {$Location = $true; $FolderPath = $FolderPath + "Locations\"; $OU = "ou=Locations," + $OU; break}
default {"Invalid choice. Please re-enter."; $choice = ""; break}
while ($choice -eq "")
write-host ""
write-host ("Location is set to: " + $Location)
write-host ""
if ($Location -eq $false) {
$FolderName = Read-Host "Please enter folder name:"
$GroupName = $DivAbbr + " " + $FolderName
} else {
$input = Read-Host "Please enter two-letter state abbreviation:"
$FolderName = $FolderName + $input + " "
$input = Read-Host "Please enter city:"
$FolderName = $FolderName + $input + " "
$input = Read-Host "Please enter street address number only:"
$FolderName = $FolderName + $input
$GroupName = $DivAbbr + " " + $FolderName
$FolderName = $FolderName + " "
$input = Read-Host "Please enter street name:"
$FolderName = $FolderName + $input
$input = Read-Host "Please enter any optional information to appear in folder name:"
if ($input -ne "") {
$FolderName = $FolderName + " " + $input
$OUName = $FolderName
write-host
write-host "Path for folder: "$FSRoot$FolderPath$FolderName
write-host "AD Path: "$OUDrive$OU$OURoot
write-host "New OU Name: "$OUName
write-host -NoNewLine "New Security Group names: "$GroupName
if ($Location -eq $true) { write-host " and "$GroupName" MGMT" }
write-host
$input = Read-Host "Please confirm creation of new site/folder: (Y/N) "
if ($input -ne "Y") { Exit }
write-host
write-host -NoNewLine "Folder exists: "; Test-Path ($FSRoot + $FolderPath + $FolderName)
if (Test-Path ($FSRoot + $FolderPath + $FolderName)) {
Write-Host "Folder already exists! Skipping folder creation..."
} else {
write-host "Folder does not exist. Creating..."
new-item -path ($FSRoot + $FolderPath) -name $FolderName -itemtype directory
Set-Location ($FSRoot + $FolderPath + $FolderName)
if ($Location -eq $true) {
$tempOUName = "ou=" + $OUName + ","
write-host
write-host $OUDrive$tempOUName$OU$OURoot
write-host
write-host -NoNewLine "OU exists: "; Test-Path ($OUDrive + $tempOUName + $OU + $OURoot)
if (Test-Path ($OUDrive + $tempOUName + $OU + $OURoot)) {
Write-Host "OU already exists! Skipping OU creation..."
} else {
write-host "OU does not exist. Creating..."
New-ADOrganizationalUnit -Name $OUName -Path ($OU + $OURoot) -ProtectedFromAccidentalDeletion $false
$GroupNameMGMT = $GroupName + " MGMT"
if (!(Test-Path ($OUDrive + "CN=" + $GroupName + "," + $tempOUName + $OU + $OURoot))) { write-host "Normal user group does not exist. Creating..."; New-ADGroup -Name $GroupName -GroupCategory Security -GroupScope Global -Path ("OU=" + $OUName + "," + $OU + $OURoot)}
if (!(Test-Path ($OUDrive + "CN=" + $GroupNameMGMT + "," + $tempOUName + $OU + $OURoot))) { write-host "Management user group does not exist. Creating..."; New-ADGroup -Name $GroupNameMGMT -GroupCategory Security -GroupScope Global -Path ("OU=" + $OUName + "," + $OU + $OURoot)}
$FolderACL = get-acl ($FSRoot + $FolderPath + $FolderName)
$FolderACL.SetAccessRuleProtection($True,$True)
# $FolderACL.Access | where {$_.IdentityReference -eq "BUILTIN\Users"} | %{$FolderACL.RemoveAccessRuleAll($_)}
$BIUsers = New-Object System.Security.Principal.NTAccount("BUILTIN\Users")
$BIUsersSID = $BIUsers.Translate([System.Security.Principal.SecurityIdentifier])
write-host $BIUsersSID.Value
# out-string -inputObject $BIUsers
$Ar = New-Object System.Security.AccessControl.FileSystemAccessRule($BIUsersSID.Value,"ReadAndExecute,AppendData,CreateFiles,Synchronize","ContainerInherit, ObjectInherit", "None", "Allow")
$FolderACL.RemoveAccessRuleAll($Ar)
Set-ACL ($FSRoot + $FolderPath + $FolderName) $FolderACL
get-acl ($FSRoot + $FolderPath + $FolderName) | fl
$FolderACL = get-acl ($FSRoot + $FolderPath + $FolderName)
$ADGroupName = "JACOBSON\" + $GroupName
$objUser = New-Object System.Security.Principal.NTAccount($ADGroupName)
$objUser.Translate([System.Security.Principal.SecurityIdentifier]).Value
write-host $ADGroupName
write-host $objUser.Value
$Ar = New-Object System.Security.AccessControl.FileSystemAccessRule($ADGroupName,"ReadAndExecute","ContainerInherit, ObjectInherit", "None", "Allow")
Out-String -InputObject $ar
$FolderACL.AddAccessRule($Ar)
$ADGroupName = "JACOBSON\" + $GroupNameMGMT
$Ar = New-Object System.Security.AccessControl.FileSystemAccessRule($ADGroupName, "Modify", "ContainerInherit, ObjectInherit", "None", "Allow")
Out-String -InputObject $ar
$FolderACL.AddAccessRule($Ar)
Set-ACL ($FSRoot + $FolderPath + $FolderName) $FolderACL
} else {
$tempOUName = "cn=" + $GroupName + ","
write-host
write-host $OUDrive$tempOUName$OU$OURoot
write-host
write-host -NoNewLine "Group exists: "; Test-Path ($OUDrive + $tempOUName + $OU + $OURoot)
if (Test-Path ($OUDrive + $tempOUName + $OU + $OURoot)) {
Write-Host "Security group already exists! Skipping new security group creation..."
} else {
write-host "Security group does not exist. Creating..."
New-ADGroup -Name $GroupName -GroupCategory Security -GroupScope Global -Path ($OU + $OURoot)
$FolderACL = get-acl ($FSRoot + $FolderPath + $FolderName)
$ADGroupName = "JACOBSON\" + $GroupName
$FolderACL.SetAccessRuleProtection($True,$True)
$Ar = New-Object System.Security.AccessControl.FileSystemAccessRule($ADGroupName,"Modify","ContainerInherit, ObjectInherit", "None", "Allow")
$FolderACL.AddAccessRule($Ar)
$FolderACL.Access | where {$_.IdentityReference -eq "BUILTIN\Users"} | %{$FolderACL.RemoveAccessRuleAll($_)}
Set-ACL ($FSRoot + $FolderPath + $FolderName) $FolderACL
My problems right now are in the assignment/removal of security groups on the newly-created folder, and the problems are two-fold. Yes, I am running this script as an Administrator.
First, I am unable to remove the BUILTIN\Users group from the folder when this is an office/location-specific folder. I've tried to remove the group in several different ways, and none are having any effect. Oddly, if I type in the lines directly
into Powershell, they work as expected. I've tried the following methods:
$FolderACL = get-acl ($FSRoot + $FolderPath + $FolderName)
$FolderACL.SetAccessRuleProtection($True,$True)
$FolderACL.Access | where {$_.IdentityReference -eq "BUILTIN\Users"} | %{$FolderACL.RemoveAccessRuleAll($_)}
Set-ACL ($FSRoot + $FolderPath + $FolderName) $FolderACL
$FolderACL = get-acl ($FSRoot + $FolderPath + $FolderName)
$FolderACL.SetAccessRuleProtection($True,$True)
$BIUsers = New-Object System.Security.Principal.NTAccount("BUILTIN\Users")
$BIUsersSID = $BIUsers.Translate([System.Security.Principal.SecurityIdentifier])
$Ar = New-Object System.Security.AccessControl.FileSystemAccessRule($BIUsersSID.Value,"ReadAndExecute,AppendData,CreateFiles,Synchronize","ContainerInherit, ObjectInherit", "None", "Allow")
$FolderACL.RemoveAccessRuleAll($Ar)
Set-ACL ($FSRoot + $FolderPath + $FolderName) $FolderACL
In the first case, the script goes through and has no apparent effect because afterwards, I do a get-acl and the BUILTIN\Users group is still there, although when looking through the GUI, inheritance appears to have been broken from the parent folder.
In the second case, I get the following error message:
Exception calling "RemoveAccessRuleAll" with "1" argument(s): "Some or all identity references could not be translated."
At C:\Users\tesdallb\Documents\FileServerBuild.ps1:110 char:5
+ $FolderACL.RemoveAccessRuleAll($Ar)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : IdentityNotMappedException
This seems strange that the local server is unable to translate the SID of a BUILTIN account. I've also tried explicitly putting in the BUILTIN\Users SID in place of the variable in the New-Object line, but that gives me the same error. I've
also tried the solutions given in this thread:
http://social.technet.microsoft.com/Forums/windowsserver/en-US/ad59dc58-1360-4652-ae09-2cd4273cbd4f/remove-acl-issue?forum=winserverpowershell and at this URL:
http://technet.microsoft.com/en-us/library/ff730951.aspx but these solutions also failed to have any effect.
My second problem is when I try to apply the newly-created security groups, I also will get the "Some or all identity references could not be translated." I thought I had found a workaround to the problem by adding the -PassThru option to
the New-ADGroup commands, because it would output the SID of the group after creation, however a few lines later, the server is unable to translate the account to apply the security groups to the folder.
My first Powershell script has been working well up to this point and now I seem to have hit a showstopper. Any help is appreciated.
Thanks!

I was hoping to stay with strictly Powershell, but unless I can find a Powershell solution, I may resort to ICACLS.
As for the problems with my groups not being translatable right after creating them, I think I have solved this problem by using the -Server parameter on all my New-ADGroup commands and this example code seems to have gotten around the translation problem,
again utilizing the -Server parameter on the Get-ADGroup command:
get-acl ($FSRoot + $FolderPath + $FolderName) | fl
$FolderACL = get-acl ($FSRoot + $FolderPath + $FolderName)
# Add the new normal users group to the folder with Read and Execute permissions
$GroupSID = Get-ADGroup -Identity $GroupName -Server chadc01.jacobsonco.com | Select-Object -ExpandProperty SID
$SIDIdentity = New-Object System.Security.Principal.SecurityIdentifier($GroupSID)
$Ar = New-Object System.Security.AccessControl.FileSystemAccessRule($SIDIdentity,"ReadAndExecute","ContainerInherit, ObjectInherit", "None", "Allow")
$FolderACL.AddAccessRule($Ar)
# Add the management users group to the folder with Modify permissions
$GroupMGMTSID = Get-ADGroup -Identity $GroupNameMGMT -Server chadc01.jacobsonco.com | Select-Object -ExpandProperty SID
$SIDIdentity = New-Object System.Security.Principal.SecurityIdentifier($GroupMGMTSID)
$Ar = New-Object System.Security.AccessControl.FileSystemAccessRule($SIDIdentity, "Modify", "ContainerInherit, ObjectInherit", "None", "Allow")
$FolderACL.AddAccessRule($Ar)
Set-ACL ($FSRoot + $FolderPath + $FolderName) $FolderACL
Going this route seems to ensure that the Domain Controller I'm creating my groups on is the same one that I'm querying for the group's SID to use in the FileSystemAccessRule. It's been working fairly consistently.
Still having issues with the translation of the BUILTIN\Users group, though.

Problem in provisioning user from oim to active directory using ssl

hi,
problem in provisioning user from oim to active directory using ssl i am getting following error while provisioning user to AD.
15:18:12,984 ERROR [ADCS] Communication Errorsimple bind failed: 172.16.30.35:636
15:18:12,984 ERROR [ADCS] The error occured in tcADUtilLDAPController::connectTo
AvailableAD():simple bind failed: 172.16.30.35:636
15:18:13,015 ERROR [SERVER] Class/Method: tcProperties/tcProperties encounter so
me problems: Must set a query before executing
com.thortech.xl.dataaccess.tcDataSetException: Must set a query before executing
at com.thortech.xl.dataaccess.tcDataSet.checkExecute(Unknown Source)
at com.thortech.xl.dataaccess.tcDataSet.executeQuery(Unknown Source)
at com.thortech.xl.dataobj.tcDataSet.executeQuery(Unknown Source)
at com.thortech.xl.dataaccess.tcDataSet.executeQuery(Unknown Source)
at com.thortech.xl.dataobj.tcDataSet.executeQuery(Unknown Source)
at com.thortech.xl.dataobj.util.tcProperties.<init>(Unknown Source)
at com.thortech.xl.dataobj.util.tcProperties.initialize(Unknown Source)
at Thor.API.tcUtilityFactory.getLocalUtility(Unknown Source)
at Thor.API.tcUtilityFactory.getUtility(Unknown Source)
at com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController.co
nnectToAvailableNextAD(Unknown Source)
at com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController.se
archResultPageEnum(Unknown Source)
at com.thortech.xl.schedule.tasks.ADLookupRecon.performReconciliation(Un
known Source)
at com.thortech.xl.schedule.tasks.ADLookupReconTask.execute(Unknown Sour
ce)
at com.thortech.xl.scheduler.tasks.SchedulerBaseTask.run(Unknown Source)
at com.thortech.xl.scheduler.core.quartz.QuartzWrapper$TaskExecutionActi
on.run(Unknown Source)
at Thor.API.Security.LoginHandler.jbossLoginSession.runAs(Unknown Source
at com.thortech.xl.scheduler.core.quartz.QuartzWrapper.execute(Unknown S
ource)
at org.quartz.core.JobRunShell.run(JobRunShell.java:203)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.j
ava:520)
can any one help.
Thanks and Regards,
praveen,

Are you able to connect to AD over SSL through some LDAP Browser ?
Check the validity of Certificate ?
Does your certificate appear in the list ?

Oracle iplanet configuration problem

I am trying to run a batch script through the web server. But I get this error. The same configuration runs on Sun one 6.1 , but did not work since I migrated to 7 Update 9.
[14/Dec/2010:17:39:31] info ( 9240): CORE3274: successful server startup
[14/Dec/2010:17:39:54] failure ( 9240): for host 127.0.0.1 trying to GET /se/restart-81.bat, cgi_scan_headers reports: HTTP4044: the CGI program E:\path\RESTAR~4.BAT did not produce a valid header (program terminated without a valid CGI header. Check for core dump or other abnormal termination)
[14/Dec/2010:17:39:54] warning ( 9240): for host 127.0.0.1 trying to GET /se/restart-81.bat, E:\path\RESTAR~4.BAT reports: CORE4385: stderr: The filename, directory name, or volume label syntax is incorrect.
obj.conf:
# Use only forward slashes in pathnames--backslashes can cause
# problems. See the documentation for more information.
<Object name="default">
#AuthTrans fn="match-browser" browser="*MSIE*" ssl-unclean-shutdown="true"
#NameTrans fn="ntrans-j2ee" name="j2ee"
NameTrans fn="pfx2dir" from="/mc-icons" dir="E:/Sun/WebServer7/lib/icons" name="es-internal"
NameTrans from="/se" fn="pfx2dir" dir="e:/path" name="shellcgi"
NameTrans fn=document-root root="e:/admin"
PathCheck fn="uri-clean"
PathCheck fn="check-acl" acl="default"
PathCheck fn=find-pathinfo
PathCheck fn=find-index index-names="index.html,home.html,index.jsp"
ObjectType fn=type-by-extension
ObjectType fn=force-type type=text/plain
Service method=(GET|HEAD) type=magnus-internal/imagemap fn=imagemap
#Service method=(GET|HEAD) type=magnus-internal/directory fn=index-common
Service fn="send-shellcgi" type="magnus-internal/shellcgi"
Service method=(GET|HEAD|POST) type=*~magnus-internal/* fn=send-file
Service method=TRACE fn=service-trace
#Error fn="error-j2ee"
AddLog fn="flex-log"
</Object>
<Object name="cgi">
ObjectType fn=force-type type=magnus-internal/cgi
Service fn=send-cgi
</Object>
<Object name="shellcgi">
ObjectType fn="force-type" type="magnus-internal/shellcgi"
Service fn="send-shellcgi"
</Object>
server.xml :
<?xml version="1.0" encoding="UTF-8"?>

<server>
<temp-path>C:/Windows/TEMP/httpd-se-809-fda731df</temp-path>
<access-log>
<file>E:/netscape_logs/access_hb809</file>
<format>%Ses->client.ip% - %Req->vars.auth-user% [%SYSDATE%] "%Req->reqpb.clf-request%" %Req->srvhdrs.clf-status% %Req->srvhdrs.content-length% "%Req->headers.referer%" "%Req->headers.user-agent%" %Req->reqpb.method% %Req->reqpb.uri% %Req->reqpb.query% "%Req->reqpb.protocol%"</format>
</access-log>
<http-listener>
<name>ls1</name>
<port>811</port>
<server-name>https-httpd-se-809</server-name>
<default-virtual-server-name>https-httpd-se-809</default-virtual-server-name>
</http-listener>
<dns-cache>
<enabled>false</enabled>
</dns-cache>
<stats>
<enabled>false</enabled>
</stats>
<file-cache>
<enabled>false</enabled>
<max-age>30</max-age>
<max-entries>1024</max-entries>
<sendfile>false</sendfile>
<copy-files>true</copy-files>
<copy-path>C:/Windows/TEMP/httpd-se-809-file-cache</copy-path>
<cache-content>false</cache-content>
</file-cache>
<http>
<server-header>""</server-header>
</http>
<dns>
<enabled>false</enabled>
</dns>
<thread-pool>
<max-threads>128</max-threads>
</thread-pool>
<event>
<time>
<time-of-day>00:00</time-of-day>
</time>
<interval>86400</interval>
<rotate-access-log>true</rotate-access-log>
<rotate-log>true</rotate-log>
</event>
<virtual-server>
<name>https-httpd-se-809</name>
<host>httpd-se-809</host>
<http-listener-name>ls1</http-listener-name>
<object-file>obj.conf</object-file>
<search-app>
<uri>/search</uri>
</search-app>
<document-root>e:/admin</document-root>
</virtual-server>
<mime-file>mime.types</mime-file>
<auth-db>
<name>default</name>
<url>null:///none</url>
</auth-db>
<jvm>
<java-home>E:/Sun/WebServer7/jdk</java-home>
<server-class-path>E:/Sun/WebServer7/lib/webserv-rt.jar;E:/Sun/WebServer7/lib/pwc.jar;E:/Sun/WebServer7/lib/ant.jar;${java.home}/lib/tools.jar;E:/Sun/WebServer7/lib/ktsearch.jar;E:/Sun/WebServer7/lib/webserv-jstl.jar;E:/Sun/WebServer7/lib/jsf-impl.jar;E:/Sun/WebServer7/lib/jsf-api.jar;E:/Sun/WebServer7/lib/webserv-jwsdp.jar;E:/Sun/WebServer7/lib/container-auth.jar;E:/Sun/WebServer7/lib/mail.jar;E:/Sun/WebServer7/lib/activation.jar</server-class-path>
<debug>false</debug>
<debug-jvm-options>-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=7896</debug-jvm-options>
<jvm-options>-Djava.security.auth.login.config=login.conf</jvm-options>
<jvm-options>-Xms128m -Xmx256m</jvm-options>
</jvm>
<servlet-container>
<dynamic-reload-interval>-1</dynamic-reload-interval>
<anonymous-role>ANYONE</anonymous-role>
</servlet-container>
<cluster>
<local-host>cafrfd1attplw01.itservices.sbc.com</local-host>
<instance>
<host>cafrfd1attplw01.itservices.sbc.com</host>
</instance>
</cluster>
<log>
<log-level>info</log-level>
<log-file>E:/NetScape_Logs/errors-se-809</log-file>
</log>
<variable>
<name>dir</name>
<value/>
</variable>
<variable>
<name>nice</name>
<value/>
</variable>
<variable>
<name>group</name>
<value/>
</variable>
<variable>
<name>chroot</name>
<value/>
</variable>
<variable>
<name>accesslog</name>
<value>E:/Netscape_Logs/access_se809</value>
</variable>
<variable>
<name>user</name>
<value/>
</variable>
<auth-realm>
<name>file</name>
<class>com.iplanet.ias.security.auth.realm.file.FileRealm</class>
<property>
<name>file</name>
<value>E:/Sun/WebServer7/https-httpd-se-809/config/keyfile</value>
</property>
<property>
<name>jaas-context</name>
<value>fileRealm</value>
</property>
</auth-realm>
<auth-realm>
<name>native</name>
<class>com.iplanet.ias.security.auth.realm.webcore.NativeRealm</class>
<property>
<name>jaas-context</name>
<value>nativeRealm</value>
</property>
</auth-realm>
<auth-realm>
<name>ldap</name>
<class>com.iplanet.ias.security.auth.realm.ldap.LDAPRealm</class>
<property>
<name>directory</name>
<value>ldap://localhost:389</value>
</property>
<property>
<name>base-dn</name>
<value>o=isp</value>
</property>
<property>
<name>jaas-context</name>
<value>ldapRealm</value>
</property>
</auth-realm>
<default-auth-realm-name>native</default-auth-realm-name>
<audit-accesses>false</audit-accesses>
</server>

you could look to see if the server returned any useful information within the log file . also, you could increase the server log level to fine to get more information.

WLS 8.1.5 console doesn't show ActiveDirectory (or custom) Users/Groups

We currently have numerous apps running on a weblogic 8.1.4 portal domain. I am attempting to replicate this domain on 8.1.5. There are four authenticators on our old domain: a DefaultAuthenticator, an ActiveDirectoryAuthenticator, and two Custom Authenticators (based on the sample database authenticator), with JAAS flags set to OPTIONAL for all. Everything was working properly under sp4, including user/group/membership listings in console and authentication. Under sp5, while simple authentication seems to work with all providers, the user/group/membership listings in weblogic console have bad HTML (empty rows under any default authenticator users/groups). The active directory settings were migrated wholesale and I verified that authentication works against this provider. Just no usernames or groupnames. I tested with just ActiveDirectory and DefaultAuthenticator, DefaultIdentityAsserter.
<p>
I was able to debug a bit more using our custom authenticators. I have verified that the user and group lists are being requested and returned properly when you click on Manage Users or Manage Groups in weblogic 8.1.5 console. It just seems like somewhere in the console there is a problem and the HTML output is garbled. Here is a sample of my debug text, the method names and classes should be immediately familiar from the sample authenticator:
<p>
getUserLoginNamesMatching(*,50)<br>
loginNames=[BF, DAD, NA, OTN, P1Adm1, P1User1, P2Adm1, P2User1, S, ab, admtest, gw, jb, joeschmo, kw, mf, mh, pa, rn, rt, super, test1, wf]<br>
Success: listUsers(userNameWildcard = *, maximumToReturn = 2147483647) = Cursor0<br>
Success: haveCurrent(Cursor = Cursor0) = true<br>
Success: getCurrentName(Cursor = Cursor0) = BF<br>
Success: advance(Cursor = Cursor0)<br>
Success: haveCurrent(Cursor = Cursor0) = true<br>
Success: getCurrentName(Cursor = Cursor0) = DAD<br>
Success: advance(Cursor = Cursor0)<br>
Success: close(Cursor = Cursor0)<br>
getExistingUser(BF)<br>
user=new UserEntry( BF, BF , BF, [PDA, ADM], com.otn.mobilelynx2.security.providers.authentication.UserGroupDatabase@7f5e61 )<br>
Success: getUserDescription(user = BF) = BF<br>
getExistingUser(DAD)<br>
Success: haveCurrent(Cursor = Cursor0) = false<br>
Success: close(Cursor = Cursor0)<br>
getExistingUser(BF)<br>
user=new UserEntry( BF, BF , BF, [PDA, ADM], com.otn.mobilelynx2.security.providers.authentication.UserGroupDatabase@7f5e61 )<br>
Success: getUserDescription(user = BF) = BF<br>
getExistingUser(DAD)<br>
user=new UserEntry( DAD, Dummy Alcanto Demoer, LYNX, [PDA], com.otn.mobilelynx2.security.providers.authentication.UserGroupDatabase@7f5e61 )<br>
Success: getUserDescription(user = DAD) = Dummy Alcanto Demoer<br>
getExistingUser(NA)<br>
user=new UserEntry( NA, Nancy Aarons, 1234, [PDA, ADM], com.otn.mobilelynx2.security.providers.authentication.UserGroupDatabase@7f5e61 )<br>
Success: getUserDescription(user = NA) = Nancy Aarons<br>
---- weblogic console output sp4, Manage Users ----
User Description Provider <br>
portaladmin Admin for portal domain DefaultAuthenticator <br>
weblogic This user is the default administrator. DefaultAuthenticator <br>
yahooadmin Admin for yahoo content DefaultAuthenticator <br>
john John Smith DefaultAuthenticator <br>
qamean ActiveDirectoryAuthenticator <br>
qamin ActiveDirectoryAuthenticator <br>
---- weblogic console output sp5, Manage Users ----
User Description Provider <br>
portaladmin Admin for portal domain DefaultAuthenticator
weblogic This user is the default administrator. DefaultAuthenticator <br>
yahooadmin Admin for yahoo content DefaultAuthenticator <br>
--- html for above (with weird empty rows) ---
<FORM NAME=FilterUsers METHOD=POST ACTION=><P>Filter By:Â <INPUT TYPE=text NAME=filter SIZE=10>Â <INPUT CLASS='buttons' TYPE=submit VALUE=Filter></FORM><b>Displayed 68 of 357 Total, use filter to narrow your search results.<b><table border='1' cellpadding='4' cellspacing='0' height='20'><tr bgcolor='#b8cece'><th>User</th><th>Description</th><th>Provider</th><th>Â </th></tr><tr bgcolor='#FFFFFF'><td>portaladmin</td><td>Admin for portal domain</td><td>DefaultAuthenticator</td><td><img border='0' src='http://localhost:7001/console/images/delete.gif' title='Delete'/></td></tr><tr bgcolor='#FFFFFF'><td>weblogic</td><td>This user is the default administrator.</td><td>DefaultAuthenticator</td><td><img border='0' src='http://localhost:7001/console/images/delete.gif' title='Delete'/></td></tr><tr bgcolor='#FFFFFF'><td>yahooadmin</td><td>Admin for yahoo content</td><td>DefaultAuthenticator</td><td><img border='0' src='http://localhost:7001/console/images/delete.gif' title='Delete'/></td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr><tr bgcolor='#FFFFFF'><td><td><td></tr></table>
Message was edited by:
srhutch444

i have reinstalled solaris and the problem continues.
Under Solaris Management Console groups and users doesn't run ok. Editing an user i can't see groups and editing groups i can't see its users...very very extrange.
A bug?
I don't know what is happening :(

Problem starting the sunone webserver 6.1 sp4

Hi,
I am facing problem with starting sunone webserver 6.1 sp4.
Server is starting fine on one of the IPs configured on the box but not starting on other IPs although these IPs are pingable.I assign port nos.
I am getting following logs.
Server Start Up
Status:
*[https-test]: start failed. (0: SSL_ERROR_NO_CERTIFICATE: unable to find the certificate or key necessary for authentication)*
*[https-test]: Sun ONE Web Server 6.1SP4 B01/20/2005 17:43*
*[https-test]: fine: Emulating writev for filter http-compression*
*[https-test]: fine: Emulating sendfile for filter http-compression*
*[https-test]: fine: HTTP3063: KeepAliveTimeout is 30 seconds (default value)*
*[https-test]: fine: HTTP3067: PostThreadsEarly set to off*
*[https-test]: fine: createAdminChannel()*
*[https-test]: fine: CORE3047: Server spawned worker process 25518*
*[https-test]: fine: HTTP5169: User authentication cache entries expire in 120 seconds.*
*[https-test]: fine: HTTP5170: User authentication cache holds 200 users*
*[https-test]: fine: HTTP5171: Up to 4 groups are cached for each cached user.*
*[https-test]: info: CORE3016: daemon is running as super-user*
*[https-test]: fine: HTTP4207: file cache module initialized (API versions 1 through 1)*
*[https-test]: fine: HTTP4302: file cache has been initialized*
*[https-test]: fine: HTTP3066: MaxKeepAliveConnections set to 256*
*[https-test]: warning: CORE1251: On group ls1, servername test does not match subject "login.secure.com" of certificate Server-Cert.*
*[https-test]: warning: CORE1250: In secure virtual server https-test, urlhost test does not match subject "login.secure.com" of certificate Server-Cert.*
*[https-test]: fine: Installed configuration 1*
*[https-test]: fine: jvm stickyAttach: 1*
*[https-test]: fine: jvm option: -DJAVA_HOME=/opt/software/sunone/bin/https/jdk*
*[https-test]: fine: jvm option: -Dcom.sun.web.installRoot=/opt/software/sunone*
*[https-test]: fine: jvm option: -Dcom.sun.web.instanceRoot=/opt/software/sunone*
*[https-test]: fine: jvm option: exit*
*[https-test]: fine: jvm option: vfprintf*
*[https-test]: fine: jvm option: -Djava.security.auth.login.config=/opt/software/sunone/https-test/config/login.conf*
*[https-test]: fine: jvm option: -Djava.util.logging.manager=com.iplanet.ias.server.logging.ServerLogManager*
*[https-test]: fine: jvm option: -Xmx256m*
*[https-test]: fine: jvm option: -Djava.class.path=/opt/software/sunone/bin/https/jar/webserv-rt.jar:/opt/software/sunone/bin/https/jdk/lib/tools.jar:/opt/software/sunone/bin/https/jar/webserv-ext.jar:/opt/software/sunone/bin/https/jar/webserv-jstl.jar:/opt/software/sunone/bin/https/jar/ktsearch.jar::*
*[https-test]: fine: Emulating writev for filter j2ee-filter*
*[https-test]: fine: Emulating sendfile for filter j2ee-filter*
*[https-test]: fine: reinitializeLogger: javax.enterprise.system.core com.sun.logging.enterprise.system.core.LogStrings FINEST*
*[https-test]: fine: reinitializeLogger: null FINEST*
*[https-test]: fine: reinitializeLogger: global null FINEST*
*[https-test]: fine: reinitializeLogger: javax.enterprise.system.util com.sun.logging.enterprise.system.util.LogStrings FINEST*
*[https-test]: fine: reinitializeLogger: javax.enterprise.system.core.config com.sun.logging.enterprise.system.core.config.LogStrings FINEST*
*[https-test]: info: CORE5076: Using [Java HotSpot(TM) Server VM, Version 1.4.2_04] from [Sun Microsystems Inc.]*
*[https-test]: fine: initializeServerLogger: javax.enterprise.system.core.classloading com.sun.logging.enterprise.system.core.classloading.LogStrings FINEST*
*[https-test]: fine: initializeServerLogger: javax.enterprise.system.container.web com.sun.logging.enterprise.system.container.web.LogStrings FINEST*
*[https-test]: fine: WEB7101: Naming Service has been successfully initialized.*
*[https-test]: fine: initializeServerLogger: javax.enterprise.resource com.sun.logging.enterprise.resource.LogStrings FINEST*
*[https-test]: fine: WEB7010: Resource Manager has been successfully initialized.*
*[https-test]: fine: initializeServerLogger: javax.enterprise.system.core.security com.sun.logging.enterprise.system.core.security.LogStrings FINEST*
*[https-test]: fine: Initializing configured realms.*
*[https-test]: fine: FileRealm : file=/opt/software/sunone/https-test/config/keyfile*
*[https-test]: fine: FileRealm : jaas-context=fileRealm*
*[https-test]: fine: Reading file realm: /opt/software/sunone/https-test/config/keyfile*
*[https-test]: fine: Configured realm: file*
*[https-test]: fine: NativeRealm: auth-db= null (will use default)*
*[https-test]: fine: NativeRealm : jaas-context=nativeRealm*
*[https-test]: fine: Configured realm: native*
*[https-test]: fine: LDAPRealm : directory=ldap://localhost:389*
*[https-test]: fine: LDAPRealm : base-dn=o=isp*
*[https-test]: fine: LDAPRealm : jndiCtxFactory=com.sun.jndi.ldap.LdapCtxFactory*
*[https-test]: fine: LDAPRealm : jaas-context=ldapRealm*
*[https-test]: fine: LDAPRealm : mode=find-bind*
*[https-test]: fine: LDAPRealm : search-filter=uid=%s*
*[https-test]: fine: LDAPRealm : group-base-dn=o=isp*
*[https-test]: fine: LDAPRealm : group-search-filter=uniquemember=%d*
*[https-test]: fine: LDAPRealm : group-target=cn*
*[https-test]: fine: LDAPRealm : search-bind-dn=null*
*[https-test]: fine: LDAPRealm : search-bind-password=null*
*[https-test]: fine: LDAPRealm : pool-size=5*
*[https-test]: fine: LDAPRealm : authentication=simple*
*[https-test]: fine: Configured realm: ldap*
*[https-test]: finest: Realm: getInstance returning realm :native*
*[https-test]: fine: Default realm is set to: native*
*[https-test]: fine: Application server configuration file: /opt/software/sunone/https-test/config/server.xml*
*[https-test]: fine: Application Server default locale is en*
*[https-test]: fine: Web container log level: FINEST*
*[https-test]: finer: Creating engine*
*[https-test]: finer: Adding engine (org.apache.catalina.core.StandardEngine/1.0)*
*[https-test]: info: WEB0100: Loading web module in virtual server [https-test] at [search]*
*[https-test]: finer: Creating Loader with parent class loader 'sun.misc.Launcher$AppClassLoader@67ac19'*
*[https-test]: fine: WebModule[search]: Setting delegate to false*
*[https-test]: fine: Default role is: ANYONE*
*[https-test]: fine: WEB0100: Loading web module in virtual server [https-test] at []*
*[https-test]: finer: Creating Loader with parent class loader 'sun.misc.Launcher$AppClassLoader@67ac19'*
*[https-test]: fine: WebModule[]: Setting delegate to false*
*[https-test]: fine: Successfully initialized web application environment for virtual server [https-test]*
*[https-test]: finer: Starting embedded server*
*[https-test]: finer: Naming prefixes property is set to: org.apache.naming*
*[https-test]: finer: Naming initial context factory property is set to: org.apache.naming.java.javaURLContextFactory*
*[https-test]: finer: WebModule[search]: Starting*
*[https-test]: finer: WebModule[search]: Processing start(), current available=false*
*[https-test]: finer: WebModule[search]: Configuring default Resources*
*[https-test]: finer: WebModule[search]: Processing standard container startup*
*[https-test]: finer: WebappLoader[search]: WEB3106: Deploying class repositories to work directory /opt/software/sunone/https-test/ClassCache/https-test/search*
*[https-test]: finer: WebappLoader[search]: WEB3107: Deploy JAR /WEB-INF/lib/messages.jar to /opt/software/sunone/bin/https/webapps/search/WEB-INF/lib/messages.jar*
*[https-test]: finer: StandardManager[search]: WEB3421: Seeding random number generator class java.security.SecureRandom*
*[https-test]: finer: StandardManager[search]: WEB3417: Seeding of random number generator has been completed*
*[https-test]: finer: ContextConfig[search]: WEB3539: ContextConfig: Processing START*
*[https-test]: finer: WebModule[search]: Setting deployment descriptor public ID to '-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN'*
*[https-test]: finer: WebModule[search]: Setting deployment descriptor public ID to '-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN'*
*[https-test]: finer: ContextConfig[search]: Scanning web.xml tag libraries*
*[https-test]: finer: ContextConfig[search]: URI='/search', ResourcePath='/WEB-INF/sun-web-search.tld'*
*[https-test]: finer: ContextConfig[search]: tldConfigJar(/WEB-INF/sun-web-search.tld): java.util.zip.ZipException: error in opening zip file*
*[https-test]: finer: ContextConfig[search]: URI='/jstl-fmt', ResourcePath='/WEB-INF/fmt.tld'*
*[https-test]: finer: ContextConfig[search]: tldConfigJar(/WEB-INF/fmt.tld): java.util.zip.ZipException: error in opening zip file*
*[https-test]: finer: ContextConfig[search]: Scanning library JAR files*
*[https-test]: finest: Realm name has been set to: native*
*[https-test]: finest: Realm: getInstance returning realm :native*
*[https-test]: finest: The realm native is a NativeRealm.*
*[https-test]: finer: ContextConfig[search]: Pipeline Configuration:*
*[https-test]: finer: ContextConfig[search]: org.apache.catalina.core.StandardContextValve/1.0*
*[https-test]: finer: ContextConfig[search]: ======================*
*[https-test]: finer: WebModule[search]: Configuring application event listeners*
*[https-test]: finer: WebModule[search]: Sending application start events*
*[https-test]: finer: WebModule[search]: Starting filters*
*[https-test]: finer: WebModule[search]: Posting standard context attributes*
*[https-test]: finer: StandardWrapper[search:invoker]: WEB2770: Loading container servlet invoker*
*[https-test]: info: WEB2798: [search] ServletContext.log(): WEB3946: Parent class loader is: WebappClassLoader*
*[https-test]: available:*
*[https-test]: delegate: false*
*[https-test]: repositories:*
*[https-test]: required:*
*[https-test]: ----------> Parent Classloader:*
*[https-test]: sun.misc.Launcher$AppClassLoader@67ac19*
*[https-test]:*
*[https-test]: info: WEB2798: [search] ServletContext.log(): WEB3945: Scratch dir for the JSP engine is: /opt/software/sunone/https-test/ClassCache/https-test/search*
*[https-test]: info: WEB2798: [search] ServletContext.log(): WEB3947: IMPORTANT: Do not modify the generated servlets*
*[https-test]: finer: WebModule[search]: Starting completed*
*[https-test]: finer: WebModule[]: Starting*
*[https-test]: finer: WebModule[]: Processing start(), current available=false*
*[https-test]: finer: WebModule[]: Configuring default Resources*
*[https-test]: finer: WebModule[]: Processing standard container startup*
*[https-test]: finer: WebappLoader[]: WEB3106: Deploying class repositories to work directory /opt/software/sunone/https-test/ClassCache/https-test/default-webapp*
*[https-test]: finer: StandardManager[]: WEB3421: Seeding random number generator class java.security.SecureRandom*
*[https-test]: finer: StandardManager[]: WEB3417: Seeding of random number generator has been completed*
*[https-test]: finer: ContextConfig[]: WEB3539: ContextConfig: Processing START*
*[https-test]: finer: WebModule[]: Setting deployment descriptor public ID to '-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN'*
*[https-test]: finer: ContextConfig[]: WEB3523: Missing application web.xml, using defaults only*
*[https-test]: finer: ContextConfig[]: Scanning web.xml tag libraries*
*[https-test]: finer: ContextConfig[]: Scanning library JAR files*
*[https-test]: finest: Realm name has been set to: native*
*[https-test]: finest: Realm: getInstance returning realm :native*
*[https-test]: finest: The realm native is a NativeRealm.*
*[https-test]: finer: ContextConfig[]: Pipeline Configuration:*
*[https-test]: finer: ContextConfig[]: org.apache.catalina.core.StandardContextValve/1.0*
*[https-test]: finer: ContextConfig[]: ======================*
*[https-test]: finer: WebModule[]: Configuring application event listeners*
*[https-test]: finer: WebModule[]: Sending application start events*
*[https-test]: finer: WebModule[]: Starting filters*
*[https-test]: finer: WebModule[]: Posting standard context attributes*
*[https-test]: finer: StandardWrapper[:invoker]: WEB2770: Loading container servlet invoker*
*[https-test]: info: WEB2798: [] ServletContext.log(): WEB3946: Parent class loader is: WebappClassLoader*
*[https-test]: available:*
*[https-test]: delegate: false*
*[https-test]: repositories:*
*[https-test]: required:*
*[https-test]: ----------> Parent Classloader:*
*[https-test]: sun.misc.Launcher$AppClassLoader@67ac19*
*[https-test]:*
*[https-test]: finer: WebModule[]: Starting completed*
*[https-test]: fine: Adding web module : context = /search, location = /opt/software/sunone/bin/https/webapps/search*
*[https-test]: fine: adding pattern "/advanced" for resource "AdvSearchServlet"*
*[https-test]: fine: adding pattern "/servlet/*" for resource "invoker"*
*[https-test]: fine: adding pattern "*.jsp" for resource "jsp"*
*[https-test]: fine: Adding web module : context = , location = /opt/software/sunone/docs*
*[https-test]: fine: adding pattern "*.jsp" for resource "jsp"*
*[https-test]: fine: adding pattern "/servlet/*" for resource "invoker"*
*[https-test]: fine: Waiting until the server is ready*
*[https-test]: startup failure: could not bind to 172.26.51.90:443 (Cannot assign requested address)*
*[https-test]: failure: HTTP3127: [LS ls1] https://172.26.51.90:443: Error creating socket (Cannot assign requested address)*
*[https-test]: failure: HTTP3094: 1 listen sockets could not be created*
*[https-test]: failure: CORE3186: Failed to set configuration*
*[https-test]: failure: server initialization failed*
Please suggest/help.
Regards,
Ashfaque

The error message "Cannot assign requested address" means exactly that: Web Server has been configured to listen for requests on an IP address for which your operating system is not configured. You can a) change your Web Server configuration so it listens on 0.0.0.0 (meaning all configured IP addresses), b) change your Web Server configuration so it listens on a specific IP address for which your operating system is configured, or c) configure your operating system for IP address 172.26.51.90.
The problem is not related to certificates or ports.

Urgent : problems in authenticating the client

Hi every one,
Im new to SSL and have a problem in authenticating the client with the server. when i disable
((SSLServerSocket)serversocket).setNeedClientAuth(true);
both the server and client work fine and i get the required output.
if i use -Djavax.net.ssl.truststore=trustStoreName and -Djavax.net.ssl.keyStore=keystoreName in the command line for the client then it works but i want to do it without the commandline options
I tried to debug the clients ssl handshake where it seams that if i dont mention the truststore and keystore in the command line it wont take the ones mentioned in the code.
If anyone has a solution for this or any idea can you please help me out im stuck on it for about a week now. Thanks in advance.
uzi
Message was edited by:
Deo_Zone
Message was edited by:
Deo_Zone

Hi...
i'm new to ssl connection....i implement the code for ssl connection through java program...i use the following code
String keystore = "<java_home>/jre/lib/security/cacerts";
System.setProperty("javax.net.ssl.trustStore",keystore);
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.SECURITY_AUTHENTICATION,"simple");
env.put(Context.SECURITY_PRINCIPAL,adminName);
env.put(Context.SECURITY_CREDENTIALS,adminPassword);
env.put(Context.SECURITY_PROTOCOL,"ssl");
String ldapURL = "ldaps://mydc.speedrock.com:636";
env.put(Context.PROVIDER_URL,ldapURL);
DirContext ctx = new InitialLdapContext(env,null);
i use this code in my web application and using server tomcat 5.5 server...
Steps:
1. Started my tomcat server
2. attempt to change ActiveDirectory user password.
At this time i'm not importing AD server certificate into cacerts file..
In this situation it throws exception.
3. now i import the valid certificate into cacerts file using keytool command
keytool -import -alias xyzADCert -keystore <javahome>/jre/lib/security/cacerts -keypass changeit -storepass changeit -noprompt -file <java_home>/jre/lib/security/ca.cer;
when i run this command from console, import the certificate successfully....
4. now again attempts to change password...
In this situation it gives same previous exception....
But, when i restart the tomcat server and attempts change password, its working fine...
The same thing happens in case of delete certificate...
Steps:
1.Start the tomcat server
2. import valid certificate using keytool command
keytool -import -alias xyzADCert -keystore <javahome>/jre/lib/security/cacerts -keypass changeit -storepass changeit -noprompt -file <java_home>/jre/lib/security/ca.cer;
3. Try to change password....working fine
4. delete the certificate using keytool command
keytool -delete -alias xyzADCert -keystore <javahome>/jre/lib/security/cacerts -keypass changeit -storepass changeit
when i run this command certificate deleted from cacerts file....
for confirmation, once again i run this command...it gives alias does not exit message.
5. Now, i re attempts to change password with out restaring tomcat server...
instead of throwing exception like "simple bind failed", password updated in server for user.
6. But, when i restart the tomcat server, it gives the exception like "simple bind failed" when i try to change password.
my target is with out restarting server ..do change password successfully when i import the certificate and throw exception when i delete the certificate from cacerts file...
please give me some help...

In Windows Server 2008 : Powershell can't import-module ActiveDirectory

Hi,
Thank you in advance for any possible help.
I am using Windows Server 2008 with a x64 machine and I have Powershell 3.0.
After searching for similar problems, I found that I have to install the patches KB969166, KB968934, KB967574, KB968930.
This was done and as a result, the "Web Service Active Directory" appeared in "services".
However, the "ActiveDirectory Module for Windows Powershell" is still not visible in "Windows Features" .
What can I do to make it appear ?
Is there a different way to go so I can have "ActiveDirectory" module in the list of modules I can import in Powershell 3.0 ?
Actually, the command "import-module ActiveDirectory" results in a Not Found error.
I would really appreciate your help.
Thank you !
Bill

Hi Bill,
You can't use the Active Directory module on WS2008, it requires WS2008R2 at a minimum.
Don't retire TechNet! -
(Don't give up yet - 13,085+ strong and growing)

Cisco ISE with AD Problem: "Could not read groups data: Global catalog not found"

Hi all,
When I make the ActiveDirectory integration with Cisco ISE, I have complete with this integration. but when I try to read the Groups from Active Directory, ISE shows the message "Could not read groups data: Global catalog not found".
My Domain has multiple sites and subnets, each contains GC for local logon. I have set ISE to the correct site and subnet. Forward and Reverse DNS are working with no error.
Does anyone get this problem, please help.
I have check into the ISE CLI Reference Guide 1.1.x
You are about to configure Active Directory settings.
Are you sure you want to proceed? y/n [n]: y
Parameter Name: dns.servers
Parameter Value: 10.77.122.135
Active Directory internal setting modification should only be performed if approved by ISE
support. Please confirm this change has been approved y/n [n]: y
What shoud I set in the Parameter Name ? dns.servers or my dns hostname ?
Please suggest for this too.
Thanks and Regards,
Pongsatorn M.

Hi Pongsatorn,
Thanks for the reply!
I've attached the results of the ISE detailed AD test. As you can see, there is a fair number of domain controllers in the AD forest.
It seems everything works correctly until it gets to testing the AD connectivity on port 3268. Then I get this:
Testing Active Directory connectivity:
    Global Catalog: pdascdc02.xyz.com
      gc:       3268/tcp - refused
Testing Active Directory connectivity:
    Global Catalog: pdascdc02.xyz.com
      gc:       3268/tcp - refused
For some reason, the request to the controllers on port 3268 is being refused.
Any thoughts you might have are greatly appreciated.
Cheers,
Greg

Startup error: ldaprealm.properties (The system cannot find the file specified)

Hello,
I'm starting WebLogic from JBuilder 3.5; before using the LDAP realm
everything worked fine.
After adding the following entry to the weblogic.properties file
weblogic.security.realmClass=weblogic.security.ldaprealm.LDAPRealm
the WLS states following error message:
java.io.FileNotFoundException: ldaprealm.properties (The system cannot
find the file specified)
The ldaprealm.properties file is located in the WL_HOME dir (same location
as weblogic.properties)
I've start WLS with -Duser.dir=c:\weblogic, but it didn't affect my problem.
When starting WLS with startWebLogic.cmd, everything works fine but no
practicalbe for me,
because I've to start in form JBuilder in order to enable remote debugging.
Thanx for your help in advance,
Michael

http://www.bea.com/support/askbea/wls/S-06632.shtml
ldaprealm.properties has to be in %WinDir%\System32 to be picked up by a WLS 5.1 server run as a service and LDAPRealm enabled.
Still getting interesting LDAP errors, but the file is being picked up on startup.

ActiveDirectory/LDAPRealm Problem

Similar Messages

Maybe you are looking for