Creating users for admin console access

When I install the web server onto my system part of the installation is to create an admin user and password. I'd like to create another user to log into the web server admin console with the same or limited permissions. I don't want to have to hand out the 'admin' password to multiple people, I'd prefer to create new accounts for each person that needs to administer some part of the webserver and set permissions for each. Can't seem to find out how this is done in the admin guide.

"Andy" <[email protected]> wrote in message
news:[email protected]..
Hello,
I am using a custom authentication and authorization providers that
work just fine with my applications, but i have problems using Admin
Console with them (WL Server 7.0). The server is successfully started
with a user that has been given rights to '<svr>.myserver.boot' etc.
Logging into Console is successful as well and most Console pages can
be viewed as usual. But when i'm trying to save any changes, or if i
try to just view certain Console pages, i get
'weblogic.management.NoAccessRuntimeException'. For example:
MBean operations need a user with Admin role.

Similar Messages

How to create users for B2B console in SOA Suite 11g?

Hi,
I have installed SOA Suite 11g and created a new user in weblogic server and assigned groups Deployers, Monitors & Operators. On trying to login(http://hostname:port/b2bconsole) using this new user, im not able to login and the below error is logged.
"There are no trading partners for this user".
Can someone plesae guide me on how to create a new user for B2B as i dont want to grant adminstrators group to developers.
Thanks,

Hi,
Please login as the weblogic server boot user into b2bconsole and then go to users tab of the host trading partner
and search for the newly added user [ provide full username ]
and then assign the role as administrator / monitor from there.
once this is done.. the newly added user should be able to login to the b2bconsole..
monitors have read only access and less priveledges..
Regards,
Vijay

Error while creating user for a domain

i am developing a web-application which is hosted on tomcat server.
it is creating domains and users at another remote domain server.
localy it is working fine..
but when i test it online..
the problem is,
sometimes it works fine ,the domains are being creted at remote server..
but sometimes it delivers error that domain at remote server can not be created.
Is it due to fact that theat some errornous code in the buffer of application have older versions of applications causing the error ?
Code::
if(strPlanId.equalsIgnoreCase("3")) {
 //Create domain account for planid=3 plantype=Cp
 blnOK=false;
passwordGS comes from database
strUrl="http://sosync.net/sosync/admin?pwd="+passwordGS+"&action=user_createdomain&domain="+strSubDomain+".gosync.net&adminpassword=aspire3002&diskquota="+longdk;
 u=new URL(strUrl);
 uc=(HttpURLConnection)u.openConnection();
 code=uc.getResponseCode();
 if(code == 200) {
 rUrl="/TransCompleteServlet";
 blnOK=true;
 uc.disconnect();
 } else {
 rUrl="/GSView.jsp?page=GSError.jsp?REQ=Unknown";
 if(blnOK) {
 String strUrlUser="http://gosyncdesk.net/gosync/admin?pwd="+passwordGS+"&action=user_createuser&username="+strEmailId+"&password="+strPassword+"&domain="+strSubDomain+".gosync.net&communityname=Default&firstname="+user.getFirstName()+"&lastname="+user.getLastName();
 URL u1=new URL(strUrlUser);
 HttpURLConnection uc1=(HttpURLConnection)u1.openConnection();
 code=uc1.getResponseCode();
 response1=uc1.getResponseMessage();
 if(code == 200) {
 rUrl="/TransCompleteServlet";
 String strUrlTZ="http://gosyncdesk.net/gosync/admin?pwd="+passwordGS+"&action=user_setuserpreference&username="+strEmailId+"&domain="+strSubDomain+".gosync.net&name=web_timezone&value='"+timeZone+"'";
 u=new URL(strUrlTZ);
 uc=(HttpURLConnection)u.openConnection();
 code=uc.getResponseCode();
 if(code != 200) {
 rUrl="/GSView.jsp?page=GSError.jsp?REQ=Unknown";
 } else {
 rUrl="/GSView.jsp?page=GSError.jsp?REQ=Unknown";
 mailUtil.sendMail_admin("Error In Creating User for the Domain","While creating domain for "+user.getEmail()+" user could not be created due to following reason: "+response1+" GoSync UserName:"+strEmailId+" GoSync Password:"+strPassword+" GoSync Domain :"+strSubDomain+".gosync.net and URl String was :"+strUrlUser+"");
 }

if the problem is caching try setting the useChasses to false
uc.setUseCaches(false);

Create user for CPS in _ UPPER CASE LETTERS _ if using JSM on SolMan

only create users for CPS in UPPER CASE LETTERS if using JSM on SolMan
Dear CPS Admins,
If you plan to use Job Scheduling Management (JSM) on SAP Solution Manager together with CPS by Redwood please always create any users in CPS only with upper case letters to avoid issues in the communication between SolMan and CPS.
The user creation for CPS is done in the UME (Java user administration, alias /useradmin).
Actually the CPS user itself is only created in CPS during the first logon.
Both CPS and the Java UME are case sensitive. So you can create users in uppercase, lowercase or mixed letters. But of course the system does still not allow duplicate names. So you can either create MUELLERP, MuellerP or muellerp - but not multiple of them.
Now, if the SolMan communicates with CPS for Job Scheduling, the actual user name is taken in some kind of a "trusted RFC like" way and checked on the CPS system connected to the SolMan. If the current SAP user does not exist on CPS no activities are possible, neither in read mode (read existing CPS jobs) nor in write mode (change existing jobs or create new ones).
Unfortunately the Solution Manager transmits the current user name to CPS only in upper case letter. So if the CPS user was not created in UPPERCASE letters in CPS the communication will fail. Therefore, think about creating CPS users in UME only in UPPERCASE letters. Changing this later is difficult to impossible.
Best regards,
Peter

hi,
I tried to reproduce your issue but I was not able to create a UME user with lower case letters.
UME automatically converted the user name into upper case after saving. So even if I enter "cps" as user name UME stored the user name as "CPS".
(maybe that happend because of the existing SU01-UME integration in our SolMan system)
If UME would be case sensitive I would expect that it is possible to create the user "CPS", "cPs" and "cps".
Regarding the SolMan-CPS connectivity:
Transaction SU01 allows only upper case letters (in user name and alias). Since you're starting from an ABAP system only user names with upper case letters are supported. It's a technical constraint of the ABAP user management that user names consist of upper case letters only.
Kind regards,
Martin

Not able to see Role UDF while creating Role from Admin console

OIM 11g:
I created a Role UDF(under Administration->User Defined Field Definition->Form Name->Roles) in OIM design console. But when I try to create role in admin console I didn't see the UDF which was created from design console.
How to make the UDF visible in admin console. I don't see any authorization policy to make it visible in admin console.
Am I missing any thing here? Pls help.
TiA

Got it.
Added the Role Role Administrators under Administrators tab on Role Form in design console.

Create users for my application

Hi! I'd like to make an administrative page so I can create users for my application. Let's say that I have following fields: username, first name, lasta name, password, etc.
Does anyone have an example? Or a short description about what I have to do.
Thanks a lot!

Thanks Jes. I looked at that thread. As it's said there, I created my custom table of users and a function with 2 parameters(username and password).
I was thinking to make a process which calls my function and take as parametres the (:P101_USERNAME,:P101_PASSWORD). I wrote some code in my function. But when I want to create the process, I got the next error:
ORA-06550: line 3, column 1: PLS-00103: Encountered the symbol "END" when expecting one of the following: := . ( % ; The symbol ";" was substituted for "END" to continue.
My function is this:
create or replace function "AUTENTIFICATION"
(p_username in VARCHAR2,
p_password in VARCHAR2)
return BOOLEAN
is
if p_username IS NULL or
p_password IS NULL then
return false;
end if;
if p_username NOT IN
(select username
from users) then
return false;
end if;
if p_password NOT IN
(select passw
from users
where username = 'p_username') then
return false;
end if;
And in the PL/SQL Page Process I'm trying to put the following:
AUTENTIFICATION(:P101_USERNAME,:P101_PASSWORD) , when I get the error.

Needed validation when creating user for employee in HRUSER transaction

hi All,
I wanted to put validation in HRUSER TCode when we are creating user for an employee by selecting exit module for user name and password
in my scenario I want to remove the first alphabet of user name that is P and with that I want to set a default password can anyone suggest me includes.
Please find the attached snap.

Solved it for myself
refer the link:
Dear all,
Regards,
Siva

Create users for teradata in ADAM / Acitve Directory

Hi
I was wondering if you could help me with the ability to create a user in AD / Adam? I am trying to write the powershell code to create users for Teradata connectivity. the manual process is to use adsiedit and create the users through groupof names class.
This is what I have that is NOT working and was looking where to go from here.
$dom=[ADSI]"LDAP://OU=Users,OU=dev,OU=tdev,dc=acme,dc=com"
$obj = $dom.Create('GroupOfNames', 'CN=ASmith')
$obj.SetInfo()
any help would be greatly appreciated.
Thank you
John R Remillard

Hello,
You should ask in the
Windows PowerShell forum.
Karl
When you see answers and helpful posts, please click Vote As Helpful, Propose As Answer, and/or Mark As Answer.
My Blog: Unlock PowerShell
My Book:
Windows PowerShell 2.0 Bible
My E-mail: -join ('6F6C646B61726C406F75746C6F6F6B2E636F6D'-split'(?<=\G.{2})'|%{if($_){[char][int]"0x$_"}})

Admin can create user for specific company

Hi all,
I have requirement to provide authoriaztion to 3 basis admin in the way that they can use su01, pfcg or any basis related tcode but one should be restricted to one company say 'A' only... i.e. I have 3 basis admin A, B and C on single system and 3 comanies say DEF, PQR and XYZ . Now A can create use id for DEF company only...same for the rest of the user and company..
Is it possible n what way ?
Rgds
D L

Of course this can be done.
Here you would be using the S_USER_GRP authorization object.
Giving access this authorization will allow user A to only manage users in group DEF
S_USER_GRP
ACTVT 02
GRP 'DEF'
Giving access this authorization will allow user C to only manage users in group XYZ
S_USER_GRP
ACTVT 02
GRP 'XYZ'
Create user groups via transaction SUGR.
Read more at:
http://help.sap.com/saphelp_nw70/helpdata/EN/fa/f63f4222fab16be10000000a155106/frameset.htm
Good luck
Regards Fredrik

Issue after ldap syncronization enabled in oim 11.1.1.5.0 unable to create user in oim console

Hi Experts,
I installed oim 11.1.1.5.0 and enabled ldap sync OID 11.1.1.6.0 and after completion of deployments i tried to create user from OIM admin console resulted in error.if i create roles it is working fine.I can see the same roles in OID.
Error message:
[2013-09-26T15:46:02.706+05:30] [oim_server1] [NOTIFICATION] [IAM-0080006] [oracle.iam.platform.kernel.impl] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 4ebbc6d3d62f6b09:-4d9bdbc2:14130907d1b:-8000-0000000000005984,0] [APP: oim#11.1.1.3.0] Orchestration process moved to failed stage, and the corresponding error is - {0}[[
oracle.iam.platform.kernel.EventFailedException: Failed to find obpasswordexpirydate in mandatory or optional attribute list.
at oracle.iam.ldapsync.impl.eventhandlers.user.UserCreateLDAPHandler.execute(UserCreateLDAPHandler.java:98)
at oracle.iam.platform.kernel.impl.OrchProcessData.runPreProcessEvents(OrchProcessData.java:898)
at oracle.iam.platform.kernel.impl.OrchProcessData.runEvents(OrchProcessData.java:634)
at oracle.iam.platform.kernel.impl.OrchProcessData.executeEvents(OrchProcessData.java:227)
at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.resumeProcess(OrchestrationEngineImpl.java:664)
at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.process(OrchestrationEngineImpl.java:435)
at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.orchestrate(OrchestrationEngineImpl.java:381)
at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.orchestrate(OrchestrationEngineImpl.java:334)
at oracle.iam.identity.usermgmt.impl.UserManagerImpl.create(UserManagerImpl.java:653)
at oracle.iam.identity.usermgmt.api.UserManagerEJB.createx(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.jee.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:37)
at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
at com.bea.core.repackaged.springframework.jee.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:50)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy329.createx(Unknown Source)
at oracle.iam.identity.usermgmt.api.UserManager_nimav7_UserManagerRemoteImpl.__WL_invoke(Unknown Source)
at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:40)
at oracle.iam.identity.usermgmt.api.UserManager_nimav7_UserManagerRemoteImpl.createx(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:85)
at $Proxy184.createx(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:198)
at $Proxy323.createx(Unknown Source)
at oracle.iam.identity.usermgmt.api.UserManagerDelegate.create(Unknown Source)
at oracle.iam.identitytaskflow.backing.taskflows.createuser.CreateUserView.saveUserOperation(CreateUserView.java:528)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at com.sun.el.parser.AstValue.invoke(Unknown Source)
at com.sun.el.MethodExpressionImpl.invoke(Unknown Source)
at org.apache.myfaces.trinidad.component.MethodExpressionMethodBinding.invoke(MethodExpressionMethodBinding.java:46)
at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:102)
at org.apache.myfaces.trinidad.component.UIXCommand.broadcast(UIXCommand.java:190)
at oracle.adf.view.rich.component.fragment.UIXRegion.broadcast(UIXRegion.java:148)
at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:102)
at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:92)
at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:361)
at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:96)
at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:96)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.broadcastEvents(LifecycleImpl.java:902)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:313)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:186)
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.help.web.rich.OHWFilter.doFilter(Unknown Source)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:205)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:106)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:60)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:271)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:177)
at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.iam.platform.auth.web.PwdMgmtNavigationFilter.doFilter(PwdMgmtNavigationFilter.java:121)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.iam.platform.auth.web.OIMAuthContextFilter.doFilter(OIMAuthContextFilter.java:107)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adf.library.webapp.LibraryFilter.doFilter(LibraryFilter.java:175)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:136)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
Caused by: oracle.iam.platform.entitymgr.ProviderException: Failed to find obpasswordexpirydate in mandatory or optional attribute list.
at oracle.iam.platform.entitymgr.impl.EntityManagerImpl.createEntity(EntityManagerImpl.java:303)
at oracle.iam.ldapsync.impl.eventhandlers.user.UserCreateLDAPPreProcessHandler.createUser(UserCreateLDAPPreProcessHandler.java:193)
at oracle.iam.ldapsync.impl.eventhandlers.user.UserCreateLDAPHandler.execute(UserCreateLDAPHandler.java:84)
... 111 more
Caused by: javax.naming.directory.SchemaViolationException: [LDAP: error code 65 - LDAP Error 65 : [LDAP: error code 65 - Failed to find obpasswordexpirydate in mandatory or optional attribute list.]]; remaining name 'uid=400011,ou=identity,ou=ubank,ou=users,ou=external,dc=national,dc=com,dc=au'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3063)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2978)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2785)
at com.sun.jndi.ldap.LdapCtx.c_createSubcontext(LdapCtx.java:801)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_createSubcontext(ComponentDirContext.java:337)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(PartialCompositeDirContext.java:266)
at javax.naming.directory.InitialDirContext.createSubcontext(InitialDirContext.java:200)
at oracle.iam.platform.entitymgr.provider.ldap.LDAPUtil.createSubcontext(LDAPUtil.java:1045)
at oracle.iam.platform.entitymgr.provider.ldap.LDAPDataProvider.create(LDAPDataProvider.java:487)
at oracle.iam.platform.entitymgr.impl.EntityManagerImpl.createEntity(EntityManagerImpl.java:291)
... 113 more
[2013-09-26T15:46:02.842+05:30] [oim_server1] [NOTIFICATION] [IAM-3050144] [oracle.iam.identity.usermgmt.impl.handlers.create] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 4ebbc6d3d62f6b09:-4d9bdbc2:14130907d1b:-8000-0000000000005984,0] [APP: oim#11.1.1.3.0] Compensate method called in pre-process handler of user operation CREATE with process Id 87 and event Id 494
[2013-09-26T15:46:02.862+05:30] [oim_server1] [NOTIFICATION] [IAM-3010089] [oracle.iam.ldapsync.impl.eventhandlers.user] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 4ebbc6d3d62f6b09:-4d9bdbc2:14130907d1b:-8000-0000000000005984,0] [APP: oim#11.1.1.3.0] Compensate method called in pre-process handler of user operation CREATE with process Id 87 and event Id 485
[2013-09-26T15:46:02.902+05:30] [oim_server1] [NOTIFICATION] [IAM-0080046] [oracle.iam.platform.kernel.impl] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 4ebbc6d3d62f6b09:-4d9bdbc2:14130907d1b:-8000-0000000000005984,0] [APP: oim#11.1.1.3.0] Completed orchestration with action result - null
[2013-09-26T15:46:02.911+05:30] [oim_server1] [NOTIFICATION] [IAM-3050031] [oracle.iam.identity.usermgmt.impl] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 4ebbc6d3d62f6b09:-4d9bdbc2:14130907d1b:-8000-0000000000005984,0] [APP: oim#11.1.1.3.0] The result of the CREATE operation is null.
[2013-09-26T15:46:02.915+05:30] [oim_server1] [ERROR] [IAM-3050030] [oracle.iam.identity.usermgmt.impl] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 4ebbc6d3d62f6b09:-4d9bdbc2:14130907d1b:-8000-0000000000005984,0] [APP: oim#11.1.1.3.0] An exception occurred while performing the operation.[[
oracle.iam.platform.kernel.EventFailedException: Failed to find obpasswordexpirydate in mandatory or optional attribute list.
at oracle.iam.platform.kernel.impl.OrchProcessData.runEvents(OrchProcessData.java:817)
at oracle.iam.platform.kernel.impl.OrchProcessData.executeEvents(OrchProcessData.java:227)
at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.resumeProcess(OrchestrationEngineImpl.java:664)
at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.process(OrchestrationEngineImpl.java:435)
at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.orchestrate(OrchestrationEngineImpl.java:381)
at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.orchestrate(OrchestrationEngineImpl.java:334)
at oracle.iam.identity.usermgmt.impl.UserManagerImpl.create(UserManagerImpl.java:653)
at oracle.iam.identity.usermgmt.api.UserManagerEJB.createx(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.jee.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:37)
at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
at com.bea.core.repackaged.springframework.jee.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:50)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy329.createx(Unknown Source)
at oracle.iam.identity.usermgmt.api.UserManager_nimav7_UserManagerRemoteImpl.__WL_invoke(Unknown Source)
at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:40)
at oracle.iam.identity.usermgmt.api.UserManager_nimav7_UserManagerRemoteImpl.createx(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:85)
at $Proxy184.createx(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:198)
at $Proxy323.createx(Unknown Source)
at oracle.iam.identity.usermgmt.api.UserManagerDelegate.create(Unknown Source)
at oracle.iam.identitytaskflow.backing.taskflows.createuser.CreateUserView.saveUserOperation(CreateUserView.java:528)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at com.sun.el.parser.AstValue.invoke(Unknown Source)
at com.sun.el.MethodExpressionImpl.invoke(Unknown Source)
at org.apache.myfaces.trinidad.component.MethodExpressionMethodBinding.invoke(MethodExpressionMethodBinding.java:46)
at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:102)
at org.apache.myfaces.trinidad.component.UIXCommand.broadcast(UIXCommand.java:190)
at oracle.adf.view.rich.component.fragment.UIXRegion.broadcast(UIXRegion.java:148)
at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:102)
at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:92)
at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:361)
at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:96)
at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:96)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.broadcastEvents(LifecycleImpl.java:902)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:313)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:186)
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.help.web.rich.OHWFilter.doFilter(Unknown Source)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:205)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:106)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:60)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:446)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:271)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:177)
at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.iam.platform.auth.web.PwdMgmtNavigationFilter.doFilter(PwdMgmtNavigationFilter.java:121)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.iam.platform.auth.web.OIMAuthContextFilter.doFilter(OIMAuthContextFilter.java:107)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adf.library.webapp.LibraryFilter.doFilter(LibraryFilter.java:175)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.security.jps.ee.http.JpsAbsFilter$1.run(JpsAbsFilter.java:111)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
at oracle.security.jps.ee.util.JpsPlatformUtil.runJaasMode(JpsPlatformUtil.java:413)
at oracle.security.jps.ee.http.JpsAbsFilter.runJaasMode(JpsAbsFilter.java:94)
at oracle.security.jps.ee.http.JpsAbsFilter.doFilter(JpsAbsFilter.java:161)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:71)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.dms.servlet.DMSServletFilter.doFilter(DMSServletFilter.java:136)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3715)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3681)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2277)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
[2013-09-26T15:46:02.916+05:30] [oim_server1] [ERROR] [] [oracle.iam.identitytaskflow.logging] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 4ebbc6d3d62f6b09:-4d9bdbc2:14130907d1b:-8000-0000000000005984,0] [APP: oim#11.1.1.3.0] IAM-3060023
[2013-09-26T15:46:04.026+05:30] [oim_server1] [NOTIFICATION] [IAM-0060016] [oracle.iam.platform.auth.impl] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: xelsysadm] [ecid: 4ebbc6d3d62f6b09:-4d9bdbc2:14130907d1b:-8000-0000000000005988,0] [APP: oim#11.1.1.3.0] The IP address from which browser is triggered is 148.87.19.45
Please suggest me on this.
Best regards,
Srikanth Vadlamudi.

check this link:
Updating Existing LDAP Users with Required Object Classes
http://docs.oracle.com/cd/E29597_01/fusionapps.1111/e21032/oim.htm

Creating user for Enterprise Manager

Hi,
As you know there is an admin user called ias_admin which can login to OracleAS Enterprise Manager and do all tasks.
Can we define another user with less privileges?
We want to give our developers the ability to view each instance logs by using the Enterprise Manager web tool, but want them to be able to add or remove instances nor deploy, un-deploy?
We are using Oracle 9.4.0, and have NOT configured OID,portal.... Only OracleAs core!
Regards,
Alireza Fattahi

But if you want to avoid sharing ias_admin login, you can:
Run the mgmt_user procedure to make the database user into an EM administrative user:
exec mgmt_user.make_em_user_dbconsole('<USER>','<EMAIL OF THAT USER>',NULL,NULL,1);
This will create a login for the console with the same name as the database user/password.
Vlad Kaminsky

OIM Create User fails from Console :

Hi ,
I have a fresh copy of OIM 11.1.1.5 which has LDAP sync enabled.
I am creating a user from the console but it fails with the error message : Unable to get LDAP connection,and the root cause is - Failed to get connection due to initialization error with the pool : Failed to initialize and start UCP Pool.
Anyknows whats causing this and how to get over this error.
Any help or pointers will be highly appreciated.
Thanks,

One thing I realize is that while connecting to OVD from ODSM and creating the necessary adapters for LDAP Sync, it refuses to connect on default non ssl port 6501. Keeps saying Not a Valid Connection. While it connects while I use the Admin SSL Port 8901 using which the adapters were created.
Wondering if this has got to do with the errors...

LDAP authentication issue for Admin Console 7.0U5

Here is what I'm trying to do:
In Unix LDAP Server, there are 2 identities already been created
dn: cn=group1, ou=group,ou=na,dc=XYZ,dc=com (gidNumber: 937)
dn: uid=bai, ou=People,ou=na,dc=XYZ,dc=com (gidNumber: 937)
dn: cn=group1,ou=group,ou=na,dc=XYZ,dc=com+
memberUid: user1+
memberUid: bai+
memberUid: user2+
gidNumber: 937+
objectClass: top+
objectClass: posixgroup+
objectClass: groupofuniquenames+
dn: uid=bai,ou=People,ou=na,dc=XYZ,dc=com*
loginShell: /bin/ksh*
homeDirectory: /export/home/bai*
gidNumber: 937*
cn: Lastname, Firstname*
sn:*
uid: bai*
uidNumber: 10091*
objectClass: top*
objectClass: inetOrgPerson*
objectClass: posixAccount*
objectClass: shadowaccount*
objectClass: organizationalPerson*
objectClass: person*
++shadowFlag: 0+
User "bai" is a member of Group "group1" and will also be used as bind-dn (connection tested successfully)
There are also other members (user1, user2) in the Group "group1".
Goal: all individual users in "group1" will have access to Admin Console. (allow_group=group1)
settings as follows
--ldap-url=ldap://ldapsever.XYZ.com:389/dc=XYZ,dc=com*+
--bind-dn=uid=bai,ou=People,ou=na,dc=XYZ,dc=com*+
--bind-password=xxxx*+
--group-search-filter=gidNumber*+
--group-search-attr=cn*+
--allow-group=group1*+
--search-filter=uid*+
It appears that I got authenticated by LDAP, please see messages from the ldap log
+*[03/Nov/2009:10:00:54
-0500] conn=10858 op=0 msgId=1 - BIND dn="uid=bai,ou=People,ou=na,dc=XYZ,dc=com"
method=128 version=3*+
+*[03/Nov/2009:10:00:54
-0500] conn=10858 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0
dn="uid=bai,ou=people,ou=na,dc=XYZ,dc=com"*+
+*[03/Nov/2009:10:00:54
-0500] conn=10858 op=1 msgId=2 - SRCH base="dc=XYZ,dc=com" scope=2
filter="(uid=bai)" attrs="c"*+
+*[03/Nov/2009:10:00:54
-0500] conn=10858 op=1 msgId=2 - RESULT err=0 tag=101 nentries=1 etime=0*+
+*[03/Nov/2009:10:00:54
-0500] conn=10858 op=2 msgId=3 - BIND dn="uid=bai,ou=People,ou=na,dc=XYZ,dc=com"
method=128 version=3*+
+*[03/Nov/2009:10:00:54
-0500] conn=10858 op=2 msgId=3 - RESULT err=0 tag=97 nentries=0 etime=0
dn="uid=bai,ou=people,ou=na,dc=XYZ,dc=com"*+
+*[03/Nov/2009:10:00:54
-0500] conn=10858 op=3 msgId=4 - BIND dn="uid=bai,ou=People,ou=na,dc=XYZ,dc=com"
method=128 version=3*+
+*[03/Nov/2009:10:00:54
-0500] conn=10858 op=3 msgId=4 - RESULT err=0 tag=97 nentries=0 etime=0
dn="uid=bai,ou=people,ou=na,dc=XYZ,dc=com"*+
+*[03/Nov/2009:10:00:54
-0500] conn=10858 op=4 msgId=5 - SRCH base="dc=XYZ,dc=com" scope=2
filter="(uid=bai)" attrs="c"*+
+*[03/Nov/2009:10:00:54
-0500] conn=10858 op=4 msgId=5 - RESULT err=0 tag=101 nentries=1 etime=0*+
+*[03/Nov/2009:10:00:54
-0500] conn=10858 op=5 msgId=6 - SRCH base="dc=XYZ,dc=com" scope=2 filter="(|(&(objectClass=groupofuniquenames)(|(gidNumber=uid=bai,ou=People,ou=na,dc=XYZ,dc=com)))(&(objectClass=group)(|(member=uid=bai,ou=People,ou=na,dc=XYZ,dc=com)))(&(objectClass=groupofnames)(|(member=uid=bai,ou=People,ou=na,dc=XYZ,dc=com))))"
attrs="cn"*+
+*[03/Nov/2009:10:00:54
-0500] conn=10858 op=5 msgId=6 - RESULT err=0 tag=101 nentries=0 etime=0*+
+*[03/Nov/2009:10:00:54
-0500] conn=10858 op=6 msgId=7 - SRCH base="dc=XYZ,dc=com" scope=2
filter="(&(objectClass=groupOfURLs)(memberURL=*))" attrs="cn
memberURL"*+
+*[03/Nov/2009:10:00:54
-0500] conn=10858 op=6 msgId=7 - RESULT err=0 tag=101 nentries=0 etime=0*+
+*[03/Nov/2009:10:00:54
-0500] conn=10858 op=7 msgId=8 - SRCH base="dc=XYZ,dc=com" scope=2
filter="(uid=bai)" attrs="c"*+
+*[03/Nov/2009:10:00:54
-0500] conn=10858 op=7 msgId=8 - RESULT err=0 tag=101 nentries=1 etime=0*+
+*[03/Nov/2009:10:00:54
-0500] conn=10858 op=8 msgId=9 - SRCH base="dc=XYZ,dc=com" scope=2
filter="(|(&(objectClass=groupofuniquenames)(|(gidNumber=uid=bai,ou=People,ou=na,dc=XYZ,dc=com)))(&(objectClass=group)(|(member=uid=bai,ou=People,ou=na,dc=XYZ,dc=com)))(&(objectClass=groupofnames)(|(member=uid=bai,ou=People,ou=na,dc=XYZ,dc=com))))"
attrs="cn"*+
+*[03/Nov/2009:10:00:54
-0500] conn=10858 op=8 msgId=9 - RESULT err=0 tag=101 nentries=0 etime=0*+
+*[03/Nov/2009:10:00:54
-0500] conn=10858 op=9 msgId=10 - SRCH base="dc=XYZ,dc=com" scope=2
filter="(&(objectClass=groupOfURLs)(memberURL=*))" attrs="cn
memberURL"*+
+*[03/Nov/2009:10:00:54
-0500] conn=10858 op=9 msgId=10 - RESULT err=0 tag=101 nentries=0 etime=0
However, I'm still getting errors from Admin Console
WarningAccess Denied+
Access to the Administrative UI has been denied.+
Your user permissions do not allow you to view or edit data in this area. If you need access, contact the system administrator.+
Not sure where the problem is with? LDAP or ACL?
Any help will be highly appreciated, Thanks a lot!
- Langbaam
Edited by: langbaam on Nov 3, 2009 7:58 AM
Edited by: langbaam on Nov 3, 2009 8:29 AM
Edited by: langbaam on Nov 3, 2009 8:33 AM

Can you check if your admin-server's server.xml (admin-server/config/server.xml) has the following settings?
<default-auth-db-name>ldap</default-auth-db-name>
<auth-db>
 <name>ldap</name>
 <url>ldap://<hostname>:<port>/<base-dn></url>
 <property>
 <name>bindpw</name>
 <value><passwd></value>
 <encoded>true</encoded>
 </property>
 <property>
 <name>binddn</name>
 <value><binddn-value></value>
 </property>
</auth-db>Can you also verify if the file under admin-server/config/default-sun-web.xml has the following settings?
# cat default-sun-web.xml
<?xml version="1.0" encoding="UTF-8"?>

<sun-web-app>
<security-role-mapping>
 <role-name>admin</role-name>
 <group-name><your_group></group-name>
</security-role-mapping>
</sun-web-app>- Amit

Admin Console access with custom providers

Hello,
I am using a custom authentication and authorization providers that
work just fine with my applications, but i have problems using Admin
Console with them (WL Server 7.0). The server is successfully started
with a user that has been given rights to '<svr>.myserver.boot' etc.
Logging into Console is successful as well and most Console pages can
be viewed as usual. But when i'm trying to save any changes, or if i
try to just view certain Console pages, i get
'weblogic.management.NoAccessRuntimeException'. For example:
weblogic.management.NoAccessRuntimeException: Access not allowed for
subject: principals=[MyPrincipalImpl: Admin Weblogic], on
ResourceType: JDBCTxDataSource Action: write, Target: PoolName
or
weblogic.management.NoAccessRuntimeException: Access not allowed for
subject: principals=[MyPrincipalImpl: Admin Weblogic], on
ResourceType: Security:Name=MyRealmMyAuthenticator Action: execute,
Target: listGroups
When viewing most console pages, the custom provider is called by
WebLogic, resource information is parsed, then found from the
Principal and permission is granted. But as seen above, in some cases
WebLogic itself tries to find something non-existing from my
Principal, totally bypassing my custom provider implementation.
Obviously i am missing something here :).
Is there a way to direct all Console security checks to my custom
provider, or could this perhaps be a matter of configuration?
Any and all help is greatly appreciated!
- Andy -

"Andy" <[email protected]> wrote in message
news:[email protected]..
Hello,
I am using a custom authentication and authorization providers that
work just fine with my applications, but i have problems using Admin
Console with them (WL Server 7.0). The server is successfully started
with a user that has been given rights to '<svr>.myserver.boot' etc.
Logging into Console is successful as well and most Console pages can
be viewed as usual. But when i'm trying to save any changes, or if i
try to just view certain Console pages, i get
'weblogic.management.NoAccessRuntimeException'. For example:
MBean operations need a user with Admin role.

Password Violation error while creating users from Admin interface

Guys,
The Sun Identity Manager system throws policy violation error while creating users from Sun Identity Manager Admin interface.
Current System:
1. I have configured TAM Pass-Thru authentication for End User Login Application.
2. I have an admin user 'testsjimadmin1' who has admin capabilities. testsjimadmin1 user has default SJIM password policy.
3. I have custom password policies configured for different orgainizatoions
Problem:
1. The Sun Identity Manager throws a password policy violation error when 'testsjimadmin1' tries to create an user with valid or invalid password from Sun Identity Manager Admin interface.
2. If TAM Pass-thru authentication is removed for 'End User Login Application' and Sun Identity Manager default authentication is configured for 'End User Login Application' then testsjimadmin1 was able to create user successfully without any errors.
Please let me know if any configurations are required to be made on Sun Identity Manager for TAM Pass-Thru authentication so that admin users can create users successfully from admin interface.
Appreciate your help!!!
Thanks
Vijay

Guys,
The Sun Identity Manager system throws policy violation error while creating users from Sun Identity Manager Admin interface.
Current System:
1. I have configured TAM Pass-Thru authentication for End User Login Application.
2. I have an admin user 'testsjimadmin1' who has admin capabilities. testsjimadmin1 user has default SJIM password policy.
3. I have custom password policies configured for different orgainizatoions
Problem:
1. The Sun Identity Manager throws a password policy violation error when 'testsjimadmin1' tries to create an user with valid or invalid password from Sun Identity Manager Admin interface.
2. If TAM Pass-thru authentication is removed for 'End User Login Application' and Sun Identity Manager default authentication is configured for 'End User Login Application' then testsjimadmin1 was able to create user successfully without any errors.
Please let me know if any configurations are required to be made on Sun Identity Manager for TAM Pass-Thru authentication so that admin users can create users successfully from admin interface.
Appreciate your help!!!
Thanks
Vijay

Creating users for admin console access

Similar Messages

Maybe you are looking for