Convergence with LDAP SSL Failure

Hello,
I'm now having a problem securing connections between Convergence and my LDAP server.
Once I set it in iwcadmin, ugldap.enablessl to true and change the port to 636, the following error occurs and convergence just couldn't authenticate.
server.log in Glassfish 2.1.1, enterprise profile using NSS keystore
[#|2010-11-12T20:17:15.208+0000|SEVERE|sun-appserver2.1|com.sun.comms.shared.ldap|_ThreadID=19;_ThreadName=Thread-114;_RequestID=f4814afe-c0b0-4245-b21b-64be2d4a39e3;|LDAPS:Error occured during SSL handshake java.lang.RuntimeException: Could not parse key values|#]
[#|2010-11-12T20:17:15.209+0000|SEVERE|sun-appserver2.1|com.sun.comms.shared.ldap.LDAPSingleHostPool|_ThreadID=19;_ThreadName=Thread-114;_RequestID=f4814afe-c0b0-4245-b21b-64be2d4a39e3;|buildConnection: got LDAPException while connecting to Pool number:0. Host=<ldaphost> :netscape.ldap.LDAPException: Error occured during SSL handshake java.lang.RuntimeException: Could not parse key values (91)|#]
HTTP SSL connections to Webmail server and calendar servers are fine. I tried deploying the same configuration using developer profile with JKS keystore, the SSL authentication goes through then, but I need clustering for high availability.
Does anyone have any ideas?
Thanks so much in advance!
Mathew

Hard to tell what is happening without looking at the application
source, knowing what OS & hardware you're using etc. You might want to
try running with different JVM versions to see if it's actually the VM
that is the problem. If you have a support contract with BEA you could
ask support to help you diagnose this.
Regards,
/Helena
Ayub Khan wrote:
I have an application running on Weblogic 8.1 ( with JRockit as the JVM). This
application in turns talks to an iPlanet Directory server via LDAP/SSL. The problem
seems to happen on loading the machine..the performance progressively gets worse
and after a couple of seconds, all the threads stop responding. I checked the
heap, cpu and the idle threads in the execute queue and there is nothing there
to trigger alarms...there are quite a few idle threads still and the heap and
the cpu utilization seem OK. On doing a thread dump, Is see that all the other
threads seem to be in a state where they are waiting for data from LDAP and it
is basically read only data that they are waiting on.
Does anyone know what it is going on and help point me in the right direction.
-Ayub

Similar Messages

EDSPermissionError(-14120) problems with LDAP, SSL and Directory Utility

Hello everyone,
Apologies for the repost but I think I may have made a mistake by posting this originally in the Installation, Setup and Migration forum instead of the Open Directory forum. At least I think that may be why I didn't receive any responses.
Anyway, I've been trying to get my head around Open Directory and SSL as they are implemented in Mac OS X Server 10.5 Leopard, and have been having a few issues. I would like to set up a secure internal infrastructure based around a local Certificate Authority that signs certificates for other internal services like LDAP, email, websites, etc.
I only have one Mac OS X Server and it is kind of a small office so I have gone against best practice and simply made it a CA (through Keychain Utility). I then generated a self-signed SSL certificate through Server Admin, and used the "Generate CSR" option to create a Certificate Signing Request. This went fine, but I did have some problems signing it with the CA, because the server documentation suggested that once I signed it it would pop open a Mail message containing the ASCII version of the signed certificate - it did not, and it took me a loooong time to realize that I could simply export the copy of the signed certificate it put in my local Keychain on the server as a PEM file and paste this back into the "Add Signed or Renewed Certificate from Certificate Authority" dialog box in Server Admin. Hopefully this can be fixed in a forthcoming patch, but I thought I would mention it here in case anyone else is stuck on this issue.
Once I did this I was able to use this certificate in the web server on the same machine and sure enough I was able to connect to it with with clients who had installed the CA certificate in their system Keychains without getting any error messages - very cool.
However, I haven't had quite as much luck getting it going with LDAP/Open Directory. I installed the certificate there as well, but have run into a number of problems. At first I could not get clients (also running 10.5.2) to talk to the server at all over SSL, receiving an error in Directory Utility that the server did not support SSL. I eventually discovered that the problem seemed to lie in the fact that the OpenLDAP implementation on Leopard is not tied in with the system Keychain, necessitating some command-line voodoo to install a copy of the CA cert in a local directory and point /etc/openldap/ldap.conf at it, as documented here: http://www.afp548.com/article.php?story=20071203011158936
This allowed me to do an ldapsearch command over SSL, and seemingly turn SSL on on clients that were previously bound to the directory, and additionally allowed me to run Directory Utility on new clients and put in the server name with the SSL box checked and begin to go through the process of binding. Once this seemed to work, I turned off all plaintext LDAP communication and locked down the service by checking the "Enable authenticated directory binding," "Require authenticated binding," "Disable clear text passwords," and "Encrypt all packets" options in Server Admin. However, I am now running into a new problem, specifically that I cannot successfully bind a local account to a directory account over SSL.
Here's what happens:
1) I run Directory Utility, (or it auto-runs) and add a server, typing in the DNS name and clicking the SSL box.
2) I get asked to authenticate, and type in user credentials, including computer name (incidentally, should this be a FQDN or just a hostname?)
3) Provided I put admin credentials in here and not user-level credentials, I get taken to the "Do you want to set up Mail, VPN, etc.?" box that normally appears when you autodiscover or connect to an Open Directory server.
4) I click through, and am asked for a username and password on the server, as well as the password for my local account.
5) When I put this information in, I get a popup with the dreaded "eDSPermissionError(-14120)" and it fails.
Checking the logs in Server Admin reveals nothing special, and while I have seen a couple other threads on this error and various other binding problems:
http://discussions.apple.com/thread.jspa?messageID=5967023
http://discussions.apple.com/message.jspa?messageID=5982070
these have not solved the problem. In the Open Directory user name field I am putting the short username. I have tried putting [email protected] and the user's longname but this fails by saying the account does not exist. For some reason it does seem to work if I bind it to the initial admin account I created, but no other user accounts.
If I turn all the encryption stuff off I am able to join just fine, so I am suspecting that the error may lie in some other "under the hood" piece of software that doesn't get the CA trust settings from the Keychain or the ldap.conf file, but I'm stymied as to which piece of software this might be. Does anyone have any clues on what I might be able to do here?
Thanks,
Andrew

Hard to tell what is happening without looking at the application
source, knowing what OS & hardware you're using etc. You might want to
try running with different JVM versions to see if it's actually the VM
that is the problem. If you have a support contract with BEA you could
ask support to help you diagnose this.
Regards,
/Helena
Ayub Khan wrote:
I have an application running on Weblogic 8.1 ( with JRockit as the JVM). This
application in turns talks to an iPlanet Directory server via LDAP/SSL. The problem
seems to happen on loading the machine..the performance progressively gets worse
and after a couple of seconds, all the threads stop responding. I checked the
heap, cpu and the idle threads in the execute queue and there is nothing there
to trigger alarms...there are quite a few idle threads still and the heap and
the cpu utilization seem OK. On doing a thread dump, Is see that all the other
threads seem to be in a state where they are waiting for data from LDAP and it
is basically read only data that they are waiting on.
Does anyone know what it is going on and help point me in the right direction.
-Ayub

How do Sun Convergence Communicate with LDAP?

Please tell how do sun convergence communicate with LDAP server.what api do these calls use.and where do we can find it.
Looked at the login page,it is was calling iwc.protocol.iwcp.LOGIN_URL variable.
login_url was assign as below:
iwc.protocol.iwcp.LOGIN_URL = iwc.config.session.contextPath + "/svc/iwcp/login.iwc";
please let us know what is iwcp ?
And what is contextPath its refering?
Also please let us know what kind of frame work does convergence uses to communicate with LDAP.
If possible,advice some documentation to read about this function.
thanks in advance
Edited by: testxtest on Jul 14, 2009 12:50 PM

testxtest wrote:
Please tell how do sun convergence communicate with LDAP server.Convergence uses the standard LDAP protocol to access data from the LDAP servers.
what api do these calls use.and where do we can find it.The LDAP protocol technical specifications are defined here:
http://tools.ietf.org/html/rfc4510
Looked at the login page,it is was calling iwc.protocol.iwcp.LOGIN_URL variable.
login_url was assign as below:
iwc.protocol.iwcp.LOGIN_URL = iwc.config.session.contextPath + "/svc/iwcp/login.iwc";
please let us know what is iwcp ?What is it you are trying to achieve?
And what is contextPath its refering?The "contextPath" is the Convergence server URL base for the current session e.g. http://server.aus.sun.com/iwc
Also please let us know what kind of frame work does convergence uses to communicate with LDAP.The Convergence server uses java ldap-pool libraries.
If possible,advice some documentation to read about this function.Once again, what is it you are trying to achieve, and most importantly, why?
Regards,
Shane.

Upgrade to 3.0.8 with LDAP failure

Has anyone managed to upgrade Portal on W2000 from 3.0.7 to 3.0.8 and use LDAP. Our site was working with LDAP before the upgrade, and now we are getting the WWC-40100 error on attempting to login. The directory is not getting the connection.
We have re-copied the ssoxldap.dll and created the library again to no avail. We have checked that the install works when not using LDAP. Does anyone have this working, or know where we may look to find errors.
Thanks for your time
null

Have you verified that the external procedure
listener is up and running. If it is could you please enable debugging?
null

How to configure LDAP SSL using auto login wallet?

Hello,
I need to enable authentication over LDAP SSL.
I've configured a wallet (auto login) containing required certificates and set accordingly WALLET_PATH and WALLET_PWD settings using apex_instance_admin.set_parameter method.
With this, everything is working fine and LDAP over SSL is working well. It confirms that the wallet is properly configured, valid and usable.
So, the wallet was created with auto login option and it seems to work well without specifying password when calling utl_http.
Proof of properly configured auto login wallet (without password).
TEST01@DB11G> exec show_html_from_url('https://www.verisign.com/'); -- test without wallet
BEGIN show_html_from_url('https://www.verisign.com/'); END;
ERROR at line 1:
ORA-29273: HTTP request failed
ORA-06512: at "SYS.UTL_HTTP", line 1527
ORA-29261: bad argument
ORA-06512: at "TEST01.SHOW_HTML_FROM_URL", line 25
ORA-29273: HTTP request failed
ORA-06512: at "SYS.UTL_HTTP", line 1130
ORA-29024: Certificate validation failure
ORA-06512: at line 1TEST01@DB11G> exec utl_http.set_wallet('file:/u01/app/oracle/product/11.2.0/dbhome_1/network/admin'); -- set wallet info for use without password (autologin)
PL/SQL procedure successfully completed.
TEST01@DB11G> exec show_html_from_url('https://www.verisign.com/'); -- It works!
PL/SQL procedure successfully completed.
So, when I configure WALLET_PATH without WALLET_PWD, it not seems to work as it should with my auto login wallet...
What am I missing? Is it APEX not handling auto login wallets correctly?
Apex Version: 4.2.0.00.27
OS: OEL 6.4
DB: 11.2.0.3 x64
Thanks
Bruno Lavoie

Hello,
I need to enable authentication over LDAP SSL.
I've configured a wallet (auto login) containing required certificates and set accordingly WALLET_PATH and WALLET_PWD settings using apex_instance_admin.set_parameter method.
With this, everything is working fine and LDAP over SSL is working well. It confirms that the wallet is properly configured, valid and usable.
So, the wallet was created with auto login option and it seems to work well without specifying password when calling utl_http.
Proof of properly configured auto login wallet (without password).
TEST01@DB11G> exec show_html_from_url('https://www.verisign.com/'); -- test without wallet
BEGIN show_html_from_url('https://www.verisign.com/'); END;
ERROR at line 1:
ORA-29273: HTTP request failed
ORA-06512: at "SYS.UTL_HTTP", line 1527
ORA-29261: bad argument
ORA-06512: at "TEST01.SHOW_HTML_FROM_URL", line 25
ORA-29273: HTTP request failed
ORA-06512: at "SYS.UTL_HTTP", line 1130
ORA-29024: Certificate validation failure
ORA-06512: at line 1TEST01@DB11G> exec utl_http.set_wallet('file:/u01/app/oracle/product/11.2.0/dbhome_1/network/admin'); -- set wallet info for use without password (autologin)
PL/SQL procedure successfully completed.
TEST01@DB11G> exec show_html_from_url('https://www.verisign.com/'); -- It works!
PL/SQL procedure successfully completed.
So, when I configure WALLET_PATH without WALLET_PWD, it not seems to work as it should with my auto login wallet...
What am I missing? Is it APEX not handling auto login wallets correctly?
Apex Version: 4.2.0.00.27
OS: OEL 6.4
DB: 11.2.0.3 x64
Thanks
Bruno Lavoie

Untrusted server cert chain - while connecting with ldap

Hi All,
I am getting the following error while running a standalone java program in windows 2000+jdk1.3 environment to connect with LDAP.
javax.naming.CommunicationException: hostname:636 [Root exception is ja
vax.net.ssl.SSLException: untrusted server cert chain]
javax.naming.CommunicationException: hostname:636. Root exception is j
avax.net.ssl.SSLException: untrusted server cert chain
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(DashoA12
275)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA12275)
at java.io.OutputStream.write(Unknown Source)
at com.sun.jndi.ldap.Connection.<init>(Unknown Source)
at com.sun.jndi.ldap.LdapClient.<init>(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)
at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
at javax.naming.InitialContext.init(Unknown Source)
at javax.naming.InitialContext.<init>(Unknown Source)
at javax.naming.directory.InitialDirContext.<init>(Unknown Source)
at Test2.getProxyDirContext(Test2.java:66)
at Test2.main(Test2.java:40)
Any help would be appreciated
Thanks in Advance
Somu

This got resolved when in the code the following
System.setProperty("javax.net.ssl.tmrustStore", CertFileName);
where cert file name is the filename with complete path.the file is a CA certificate of the LDAP server
in X509 format

Help, Java newbie a little over my head with LDAP

I'm actually a network admin but I've been dabling in Java for a little while now.
I am trying to write an app that will allow me to insert and remove attributes to entries in Active Directory.
I have found some sample code which I have altered to make a "proof of concept" before I start on the actuall app I want.
The problem I am having is writing into the AD. I can query entries with no error but when I try a modification I get an "DSA is unwilling to perform" LDAPException. I am pretty sure it's not a permissions issue but from reading stuff on here I am begnining to think that it may have something to do with SSL connections. There is commented out code below where I experimented with this but I was unable to connect the the AD when this was in. "unable to connect to the directory server error".
If anyone can offer me any advice I would be most grateful.
package LDAPTest;
import netscape.ldap.*;
import java.util.*;
import com.novell.service.ndssdk.jndi.ldap.ssl.*;
// Simple program to experiment with searching LDAP
public class FilterSearch
public static void main(String[] args)
if(args.length != 6)
System.out.println("Usage: java FilterSearch " +
"<host> <port> "+
"<authdn> <password> "+
"<basedn> <filter> ");
System.exit(1);
String host = args[0];
int port = Integer.parseInt(args[1]);
String authid = args[2];
String authpw = args[3];
String base = args[4];
String filter = args[5];
String[] ATTRS = {"memberOf"};
int status = -1;
//SSL experiment that would not connect to the AD server.
//LDAPConnection ld = new LDAPConnection(new LDAPSSLSocketFactory("com.novell.service.ndssdk.jndi.ldap.ssl.LdapSecureSocketFactory"));
LDAPConnection ld = new LDAPConnection();
System.out.println("done connection");
try
//Connect to server and authenticate
ld.connect(host, port,authid,authpw);
System.out.println("Search filter = " +filter);
LDAPSearchResults res = ld.search(base, ld.SCOPE_SUB, filter, null, false);
//Loop on results until complete
while(res.hasMoreElements())
try
//Next Directory entry
LDAPEntry entry = res.next();
prettyPrint(entry, ATTRS, ld);
status=0;
catch(LDAPReferralException e)
System.out.println(e);
continue;
catch(LDAPException e)
System.out.println(e.toString() );
continue;
LDAPAttribute atrib = new LDAPAttribute("memberOf", "CN=Tight VNC,OU=Staging Transmitter Channels,DC=marimba,DC=local");
LDAPModification mod = new LDAPModification(LDAPModification.ADD, atrib);
System.out.println(ld.isAuthenticated());
try{
// This is the code the throws the Exception DSA is unwilling to perform.
ld.modify("CN=smstest0005,CN=MarimbaComputers,CN=Computers,DC=marimba,DC=local", mod);}
catch(LDAPException e){
System.out.println(e);}
catch(LDAPException e)
System.out.println(e.toString() );
//Done, so disconnect
if((ld!=null) && (ld.isConnected()))
try
ld.disconnect();
catch(LDAPException e)
System.out.println(e.toString());
System.exit(status);
public static void prettyPrint(LDAPEntry entry, String[] attrs, LDAPConnection ld)
System.out.println("DN: " + entry.getDN());
//Use array to pick attributes. We could have
//enumerated them all user LDAPEntry.getAttributes
//but this gives us control of the display order
for(int i = 0; i < attrs.length; i++)
LDAPAttribute attr = entry.getAttribute( attrs);
if (attr == null )
System.out.println(attrs[i] + " not present");
continue;
Enumeration enumVals = attr.getStringValues();
//Enumerate on values for this attribute
boolean hasVals = false;
while ((enumVals!=null) && enumVals.hasMoreElements())
String val = (String)enumVals.nextElement();
System.out.println(attrs[i] + ": " + val);
hasVals=true;
if(!hasVals)
System.out.println(attrs[i] + " has no values");
System.out.println("----------------------");

OK, I have learned a little about JNDI today and have attempted to implement this using JNDI instead.
I am now getting the OperationNotSupportedException when attempting to add an attribute to an item in Active Directory.
here's the code, can anybody who has managed to add data into AD help with this?
cheers.
package JNDI;
import javax.naming.*;
import javax.naming.directory.*;
import java.util.*;
class Getattr
public static void main(String[] args)
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://hostname:389/");
env.put(Context.SECURITY_PRINCIPAL, args[0]);
env.put(Context.SECURITY_CREDENTIALS, args[1]);
try {
// Create the initial directory context
DirContext ctx = new InitialDirContext(env);
// Ask for all attributes of the object
Attributes attrs = ctx.getAttributes("CN=smstest0005,CN=MarimbaComputers,CN=Computers,DC=marimba,DC=local");
for (NamingEnumeration ae = attrs.getAll(); ae.hasMore();)
Attribute attr = (Attribute)ae.next();
System.out.println("attribute: " + attr.getID());
/* Print each value */
for (NamingEnumeration e = attr.getAll(); e.hasMore();System.out.println("value: " + e.next()));
// Specify the changes to make
ModificationItem mod[] = new ModificationItem[1];
mod[0] = new ModificationItem(DirContext.ADD_ATTRIBUTE,
new BasicAttribute("memberOf", "CN=Tight VNC,OU=Staging Transmitter Channels,DC=marimba,DC=local"));
ctx.modifyAttributes("CN=smstest0005,CN=MarimbaComputers,CN=Computers,DC=marimba,DC=local", mod);
// Find the surname attribute ("memberOf") and print it
//System.out.println("memberOf: " + attrs.get("memberOf").get());
} catch (NamingException e) {
System.err.println("Problem getting attribute:" + e);

Error in authentication with ldap server with certificate

Hi,
i have a problem in authentication with ldap server with certificate.
here i am using java API to authenticate.
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed.
I issued the new certificate which is having the up to 5 years valid time.
is java will authenticate up to one year only?
Can any body help on this issue...
Regards
Ranga

sorry i am gettting ythe same error
javax.naming.CommunicationException: simple bind failed: servername:636 exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed]
here when i am using the old certificate and changing the system date means i can get the authentication.
can you tell where we can concentrate and solve the issue..
where is the issue
1. need to check with the ldap server only
2. problem in java code only.
thanks in advance

FRM-41211 SSL-Failure From Forms

I have a Reports/Forms problem when running run_product from within Forms in a loop (for i in a..b loop run_product(i) end loop) for generating emails or faxes using MS Outlook starting with the second report.
Error message "FRM-41211 SSL-Failure...".
When generating only one report it is no problem.
In Outlook after while a protocol message appears saying "Conversion Error...".
null

hello,
sounds like a timeout problem. please check with oracle support services. might be version problem.
regards,
the oracle reports team

Integration error SSL failure running another product

Dear All,
I am facing some problem while running reports from forms
SERVER:
•     OPERATING SYSTEM: Windows.8
•     Database: ORACLE 11g
•     Forms & Reports = 6i.
In form when click any report button to call report some time error comes.
FRM-41211: integration error SSL failure running another productAnd user can not print the report,

Forms/Reports 6i on Windows 8? I very much doubt that this is going to work. The last supported OS for Forms/Reports 6i was Windows XP.
You might have some luck with a non-supported workaround:
http://windows7bugs.wordpress.com/2012/08/25/windows-8-oracle-developer-suite-6i-patch-18/

Integration Error:SSL failure running another product.In DeveloperSuite 10g

I'm using DeveloperSuite 10g. I'm trying run the report from Forms but when I'm
clicking on button to run report using RUN_REPORT_OBJECT I'm getting following
error :
Integration Error : SSL failure running another product.
Can any one explain why I'm getting this error.
Regards
Alpesh.

Hi alpesh
I think you are good at oracleDS 10g and it is running on your machine successfully. But I am not able to run any form on my system.
My OS is Win XP with service Pack 2
Installed Oracle Database 10g
Installed Oracle DS 10g
Able to run reports on paper layout and web layout, But can not run forms. Error is shown on the IE Ver 7. Only source code is displayed. can you help me out from this.

Issue with LDAP login authentication in CMC console

We have a existing issues with Business Objects BOE XIR2 SP2 and LDAP authentication with the BOE CMC Console.
We use websphere as the application server and it is installed on the same machine (Solaris) as BOE.
We have this issue on both our production and our recently rebuilt development environment to duplicate the issue.
Both environment have configured LDAP over SSL and we can login to BOE Infoview Reports with LDAP and we can map groups and users if we login to CMC but we can not login to CMC with secLDAP.
The specific error still being shown is "Security plugin error: Failed to set parameters on plugin".
Both environments (DEV and PROD) are fresh installs of BOE XIR2 SP2.
Any ideas are much appreciated
Thankyou

The CMC in XIR2 used com components for the SSL (rather than java like infoview) and I'm betting the WAS deployment is not finding them. Is WAS on a seperate server or is BOE installed there as well?
I'm not familiar with any regular fixes for an issue like this. If no other replies I'd recommend opening a case with either deployment(WAS on "nix") or authentication(WAS on windows) to see if they can trace down the problem.
Regards,
Tim

Auto image load failure, ssl failure, secure connection failure

First their is a problem with some ssl web sites, now I have read the article and if it had worked I would not be posting this here. so for the last time, I go to a bank web site it has the page that tells me to add a exception. then when i get to the page for the exception it says their is no problem and no exception will be added. period. it is a loop, it will not not not let me add the web site to the exception list and sits their and fights with me. when i go to add it to the list it says no their is no problem with the cert so it will NOT be added, but when i try to go their it pops up the page again saying i cant go their because their is a problem. so this is a loop which means it does the same thing over and over and over again. so trying to add it to the exception list can not happen because firefox will NOT let me add it and will NOT let me go their any longer.
Problem 2. I was not able to post a question in this forum until i told it to search for bearded dragon as the problem with firefox THEN and ONLY THEN would it let me open this question.
problem 3 : in ebay in my own listings i am having a auto load image failure, yes yes yes I did add the web addresses under auto load images , exceptions and allow for both hosting web sites and even though they are in their it will still NOT NOT NOT load the images. it will make me, by forcing me, to go to view 1 image on the page then it says WARNING YOUR ABOUT TO GO FROM A SECURE CONNECTION TO A UN SECURE CONNECTION. then AFTER I say yes and go to view that 1 image it unlocks all of the other images on the web page.
and why is that happening because the firefox is not programmed correctly as in the base coding i can not change, I would need to tell it to STOP STOP STOP blocking the images and stop warning me when i am going from a secure connection to a unsecure connection.
and it will not not not for the love of god not load images on ebay in secure when the images are hosted from a unsecure web site.
their is really no discussion, I am simply telling you all what it is doing, period.
I have a iq of 165 and I am not stupid so what I am saying it is doing is what it is doing.
so telling me to read crusty old articles will just make me madder as I have all ready read them front, back, up side down and sideways and if they really worked like it says they do you would not be reading this.

so far under 9.0it is accepting the security certs, so I do not know if that happened again if it would have the same error or not.
but ty 4 trying to help.

Install OCS 10.1.2 Infra DB failed with LDAP: error code 16 on Workspaces

during install OCS Infrastructure DB OCS have error:
... processed key-value: logfile=/oracle/product/dbocs/workspaces/logs/cw_config_backend.log
... processed key-value: action=setup_backend
... processed key-value: oh=/oracle/product/dbocs
... processed key-value: oid=oid.domain
... processed key-value: oid_port=389
... processed key-value: oid_user_dn=cn=orcladmin
... processed key-value: oid_passwd=xxxxxx
... processed key-value: db_sn=ocs.domain
... processed key-value: dba_user=sys
... processed key-value: dba_passwd=xxxxxx
... processed key-value: cw_db_passwd=xxxxxx
Attempting to set logfile to: /oracle/product/dbocs/workspaces/logs/cw_config_backend.log
Processed oh=/oracle/product/dbocs
BACKEND installation ...
... Trying to lookup database dn
... Obtain OID connection
...... Can not obtain OID ssl port.
...... OID port = "389"
...... Trying to establish a non-ssl connection. OID host "oid.domain", OID port "389", OID user dn "cn=orcladmin".
... OID connection created.
...... You must specify either db_dn or db_sn.
...... ldap search filter "(&(objectclass=orcldbserver)(orcldbglobalname=ocs.domain))"
...... Succesfully located database dn "cn=ocs,cn=OracleContext".
...... Database dn = "cn=ocs,cn=OracleContext"
... Validating existence and version of CW schema: "CWSYS" in database: "cn=ocs,cn=OracleContext".
... Obtain JDBC connect string
... JDBC connect string = "(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=ocsoas.domain)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=ocs.domain)))"
...derived: "jdbc_str=(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=ocsoas.domain)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=ocs.domain)))".
Opening JDBC connection: "jdbc:oracle:thin:sys/xxxxxx@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=ocsoas.domain)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=ocs.domain)))"
Opening JDBC connection: "jdbc:oracle:thin:sys/xxxxxx@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=ocsoas.domain)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=ocs.domain)))"
Unlocking schema and setting passwd: "CWSYS/xxxxxx".
Opening JDBC connection: "jdbc:oracle:thin:sys/xxxxxx@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=ocsoas.domain)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=ocs.domain)))"
... Checking Workspaces container.
... Container "cn=CollaborativeWorkspaces,cn=Products,cn=OracleContext" already exist.
... Finish checking Workspaces container.
... Trying to create backend application entity in OID
...... Database dn = "cn=ocs,cn=OracleContext"
...... Backend entity name = "ocs"
...... Backend entity dn = "orclApplicationCommonName=ocs,cn=Database Instances,cn=CollaborativeWorkspaces,cn=Products,cn=OracleContext"
... Backend entries already exist. Cleanup old entries.
deregisterProvisioningListener ...
app dn = orclApplicationCommonName=ocs,cn=Database Instances,cn=CollaborativeWorkspaces,cn=Products,cn=OracleContext
subscriber = dc=domain,dc=com
... Trying to remove entity "orclApplicationCommonName=ocs,cn=Database Instances,cn=CollaborativeWorkspaces,cn=Products,cn=OracleContext".
... Deleting "orclApplicationCommonName=ocs,cn=Database Instances,cn=CollaborativeWorkspaces,cn=Products,cn=OracleContext"
Adding Workspaces application entity to: cn=Service Registry Viewers,cn=Groups,cn=OracleContext
Adding Workspaces application entity to: cn=Service Registry Admins,cn=Groups,cn=OracleContext
... Insufficient privilege to create application entity "orclApplicationCommonName=ocs,cn=Database Instances,cn=CollaborativeWorkspaces,cn=Products,cn=OracleContext". Please check the user DN and password.
javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 - One or more values for attribute uniquemember does not exist]; remaining name 'cn=Service Registry Admins,cn=Groups,cn=OracleContext'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3009)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2934)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2740)
at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1373)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:235)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:147)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:136)
at javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.java:136)
at oracle.workspaces.share.util.oid.OIDShareUtil.setEntryAttribute(OIDShareUtil.java:471)
at oracle.workspaces.share.util.oid.OIDShareUtil.addMemberToGroup(OIDShareUtil.java:420)
at oracle.workspaces.share.util.oid.OIDShareUtil.addMemberToGroupIgnoreDuplicateMember(OIDShareUtil.java:435)
at oracle.workspaces.install.CwConfigOID.createBackendEntity(CwConfigOID.java:1205)
at oracle.workspaces.install.CwConfigOID.registerBackend(CwConfigOID.java:449)
at oracle.workspaces.install.CwConfig.regBackend(CwConfig.java:320)
at oracle.workspaces.install.CwConfig.run(CwConfig.java:609)
at oracle.workspaces.install.CwConfig.main(CwConfig.java:790)
oracle.workspaces.install.CwCAException: Error while executing action: "setup_backend"
Caused by: javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 - One or more values for attribute uniquemember does not exist]
at oracle.workspaces.install.CwConfig.run(CwConfig.java:639)
at oracle.workspaces.install.CwConfig.main(CwConfig.java:790)
Caused by: javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 - One or more values for attribute uniquemember does not exist]; remaining name 'cn=Service Registry Admins,cn=Groups,cn=OracleContext'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3009)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2934)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2740)
at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1373)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:235)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:147)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:136)
at javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.java:136)
at oracle.workspaces.share.util.oid.OIDShareUtil.setEntryAttribute(OIDShareUtil.java:471)
at oracle.workspaces.share.util.oid.OIDShareUtil.addMemberToGroup(OIDShareUtil.java:420)
at oracle.workspaces.share.util.oid.OIDShareUtil.addMemberToGroupIgnoreDuplicateMember(OIDShareUtil.java:435)
at oracle.workspaces.install.CwConfigOID.createBackendEntity(CwConfigOID.java:1205)
at oracle.workspaces.install.CwConfigOID.registerBackend(CwConfigOID.java:449)
at oracle.workspaces.install.CwConfig.regBackend(CwConfig.java:320)
at oracle.workspaces.install.CwConfig.run(CwConfig.java:609)
... 1 more
javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 - One or more values for attribute uniquemember does not exist]; remaining name 'cn=Service Registry Admins,cn=Groups,cn=OracleContext'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3009)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2934)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2740)
at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1373)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:235)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:147)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:136)
at javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.java:136)
at oracle.workspaces.share.util.oid.OIDShareUtil.setEntryAttribute(OIDShareUtil.java:471)
at oracle.workspaces.share.util.oid.OIDShareUtil.addMemberToGroup(OIDShareUtil.java:420)
at oracle.workspaces.share.util.oid.OIDShareUtil.addMemberToGroupIgnoreDuplicateMember(OIDShareUtil.java:435)
at oracle.workspaces.install.CwConfigOID.createBackendEntity(CwConfigOID.java:1205)
at oracle.workspaces.install.CwConfigOID.registerBackend(CwConfigOID.java:449)
at oracle.workspaces.install.CwConfig.regBackend(CwConfig.java:320)
at oracle.workspaces.install.CwConfig.run(CwConfig.java:609)
at oracle.workspaces.install.CwConfig.main(CwConfig.java:790)
What should i do?
help.
Thanks

closed
Re: Install OCS 10.1.2 Infra DB failed with LDAP: error code 16 on Workspac

IdM SPE Ldap SSL operations hang

Hi all,
We're having a problem with IdM SPE hanging while doing LDAP operations over SSL. Has anyone encountered this before? We're under a tight deadline and any inputs/suggestions would automatically make the contributor my hero.
Description:
Our application is hanging when we try to use SPE's APIs to add some users to an LDAPS resource. We see these connections being logged in the LDAP logs, however binding never occurs. Instead these LDAP connections from SPE seem to sit until timeout.
Environment:
IdM 6.0 SPE SP1
AIX 5.2
J2RE 1.4.2 IBM AIX SP7
BEA WebLogic 8.1 SP5
SunOne Directory Server 5.2
Evaluation:
After a long period of time we see the following exception in our application logs:
javax.naming.CommunicationException: Request: 1 cancelled
        at com.sun.jndi.ldap.LdapRequest.getReplyBer(LdapRequest.java(Inlined Compiled Code))
        at com.sun.jndi.ldap.Connection.readReply(Connection.java(Compiled Code))
        at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:357)
        at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:210)
        at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2657)
        at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:307)
        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:190)What we noticed is that LDAP connection (no SSL) seem to be okay. We have verified that connections can be made from our app server box to our LDAP server on the ssl port. We've also created a simple java servlet that makes LDAPS using JNDI and put this in the same container as IdM and this seems to connect okay as well. This seems to indicate that the hanging is not a SSL issue but an SPE one.
We do notice from examining the LDAP logs that the same connections are being used over and over. This is expected connection pooling behavior, but could this be an issue if we switch our connection from LDAP to LDAPs? Does the pool not get purged when we switch on SSL?

Updated findings:
We were able to duplicate this on a windows sand box environment. Again it breaks when SPE tries to do an LDAPS operation. Here's what we figured out so far.
a.) Definately not a certificate issue
b.) Almost definately not a JDK/JCE/JSSE issue
c.) Definately not an LDAP issue
d.) Not an IdM 6.0 issue (Can provision users from IdM console)
e.) Not a connection pooling issue (Turned off pooling and it still hung)
f.) Not a network issue.
It seems at this stage that the problem stems from SPE, has anyone ever gotten SPE to work with LDAP over ssl? Any suggestions?

Convergence with LDAP SSL Failure

Similar Messages

Maybe you are looking for