Delegated Admin Problem  ????  ( High REWARD !)

Dear Portal Experts,
Want to find out if there is a way to provide limited access to a content admin i.e. the content admin can create iviews but not pages.Can it only be done at the folder level or can it also be done at the object type level.
Appreciate your help.
Thanks.
Harsha

Hi Harsha,
yes, unfortunately that's right. Only system objects can be treated separately, as you can restrict the permission on the "System Landscape" iView, which is the only location where you can create a new PCD object "system".
Hope this helps,
Robert
PS: Where is the "High Reward" you mentioned for answering your question???

Similar Messages

  • From schema 1 to schema 2 migration delegated admin problem

    I want migrate from schema 1 to schema 2 the messaging server 6.2 ( jes 2005q1).
    I have install access manager and delegated admin.
    With the commdirmig I migrate the domain and schema , the messaging work correctly.
    I have a problem with the delegated admin web interface.
    The delegated don't view my domain. If I add the sundelegatedorganization objectclass I can view my domain on delegated admin but I can view user and group.
    Any Idea?
    TIA
    Bye Giovanni

    There are two very different products called "deletaged admin". The old iPlanet Delegated Admin (iDA) only works with Schema 1. The current Delegated Admin, that comes with JES3 only works with Schema 2.
    If you're using the old iDA that worked with schema 1, it won't work with schema 2. You have to install the new DA for that.
    It doesn't work with groups/lists, only with users and domains.

  • Delegated admin problems with 5.2

    I just installed iMS 5.2 and the delegated admin server. i'm using Direct ldap, my ldap server is on another machine. my problem is, i cannot log into the delegated admin at all, using any account.
    my ldap error log tailed no entries.
    this is the ldap access log:
    [17/Feb/2006:09:24:00 -0500] conn=250 fd=60 slot=60 connection from 160.10.4.10 to 160.10.36.186
    [17/Feb/2006:09:24:00 -0500] conn=250 op=0 BIND dn="uid=NDAUser, ou=config, o=ida" method=128 version=3
    [17/Feb/2006:09:24:00 -0500] conn=250 op=0 RESULT err=32 tag=97 nentries=0 etime=0
    [17/Feb/2006:09:24:00 -0500] conn=250 op=1 BIND dn="" method=128 version=3
    [17/Feb/2006:09:24:00 -0500] conn=250 op=1 RESULT err=0 tag=97 nentries=0 etime=0 dn=""
    [17/Feb/2006:09:31:31 -0500] conn=251 fd=61 slot=61 connection from 160.10.4.10 to 160.10.36.186
    [17/Feb/2006:09:31:31 -0500] conn=251 op=-1 fd=61 closed - B1
    [17/Feb/2006:09:41:31 -0500] conn=252 fd=61 slot=61 connection from 160.10.4.10 to 160.10.36.186
    [17/Feb/2006:09:41:31 -0500] conn=252 op=-1 fd=61 closed - B1
    [17/Feb/2006:09:51:30 -0500] conn=253 fd=61 slot=61 connection from 160.10.4.10 to 160.10.36.186
    [17/Feb/2006:09:51:30 -0500] conn=253 op=-1 fd=61 closed - B1
    [17/Feb/2006:10:01:30 -0500] conn=254 fd=61 slot=61 connection from 160.10.4.10 to 160.10.36.186
    [17/Feb/2006:10:01:30 -0500] conn=254 op=-1 fd=61 closed - B1
    [17/Feb/2006:10:02:49 -0500] conn=255 fd=61 slot=61 connection from 160.10.4.10 to 160.10.36.186
    [17/Feb/2006:10:02:49 -0500] conn=255 op=0 BIND dn="uid=NDAUser, ou=config, o=ida" method=128 version=3
    [17/Feb/2006:10:02:49 -0500] conn=255 op=0 RESULT err=32 tag=97 nentries=0 etime=0
    [17/Feb/2006:10:02:49 -0500] conn=255 op=1 BIND dn="" method=128 version=3
    [17/Feb/2006:10:02:49 -0500] conn=255 op=1 RESULT err=0 tag=97 nentries=0 etime=0 dn=""
    [17/Feb/2006:10:11:31 -0500] conn=256 fd=62 slot=62 connection from 160.10.4.10 to 160.10.36.186
    [17/Feb/2006:10:11:31 -0500] conn=256 op=-1 fd=62 closed - B1
    Thanks in advance for any help anyone can give. i know i'll need to provide more detail so if you need any info i'll be happy to divulge it, i just thought this would be an ok starter. I do need some help with this, I just want to get this working.
    Thanks in advance for any help.

    The old iPlanet Delegated Admin uses a special account itself, rather than the one you use to log in as.
    I see that login failing:
    [17/Feb/2006:10:02:49 -0500] conn=255 op=0 BIND dn="uid=NDAUser, ou=config, o=ida" method=128 version=3
    [17/Feb/2006:10:02:49 -0500] conn=255 op=0 RESULT err=32 tag=97 nentries=0 etime=0
    err=32 means, "no such object". This means that this user, NDAUser has been deleted, as have some of the entries above that.
    A failure to bind or locate an entry is not "an error" to Directory Server, it's a failed lookup or failure to bind. Nothing like this is going to be logged into the errors log.
    It's still clearly the problem....
    The password for NDAUser is in clear text in your iDA config file, "resource.properties" Likely, you could create the user and password, or you coule reinstall Delegated Admin.
    If you haven't downloaded the later version, 1.2p2, I STRONGLY recommend that you uninstall the version that came with Messaging 5.2, and install the later one.

  • Delegated Admin - Problem

    I just installed the SC 6 Update 2 all component in the same server....when i try to create a user with delegate admin i have the following error
    /opt/sun/comms/da/bin/commadmin -v user create -D admin -n domain.com -l username -d domain.com -w password -S mail,cal -H servername.domain.com
    FAIL
    *5088:Error message required. missing resource string -> norgsmd null*
    the only way to make work is if I remove the " -S mail,cal". I enable mail & cal to be use with convergence, the object exist in the LDAP because the admin user that was created with the installation has all the objectsclass needed for calendar and mail, so if I login into convergence I see the calendar and email folders...
    and then a I run the command /opt/sun/comm/im/sbin/imadmin assign_services to assign the services to all users in a specific domain and it executes without problem but without changes...the users still have the same objectclass
    the complete output of the command is :
    bash-3.00# /opt/sun/comms/da/bin/commadmin -v user create -D admin -n domain.com -l username -d domain.com -w 12345 -S mail,cal
    [Debug]: DBG:Object = user ; task = create
    [Debug]: default domain from Properties: domain.com
    [Debug]: IShost from Properties: mail.domain.com
    [Debug]: ISPort from Properties: 80
    [Debug]: Contacting : http://mail.domain.com:80/commcli/auth
    [Debug]: To servlet: domain=domain.com&username=admin&password=12345&charsetenc=UTF-8
    [Debug]: cookie => JSESSIONID=6777b671e5fb7eee49f1851ec1a3; Path=/commcli
    [Debug]: RECV: OK
    [Debug]: RECV: OK
    [Debug]: RECV: dn: uid=admin, ou=People, o=domain.com,dc=domain,dc=com
    [Debug]: RECV: nsroledn: cn=Top-level Admin Role,dc=domain,dc=com
    [Debug]: RECV:
    [Debug]: DBG: before getobjtaskargs
    [Debug]: In getObjTaskArgs for: user; create
    [Debug]: Contacting : http://mail.domain.com:80/commcli/climap
    [Debug]: Sending to servlet: task=create&object=user
    [Debug]: getObjTaskArgs Status: 0
    [Debug]: Number of servlets: 1
    [Debug]: Servlet Name: TaskManager
    [Debug]: Servlet args: task=CreateUser
    [Debug]: Servlet args: objecttype=User
    [Debug]: Valid Options Array: 8
    d, true, , false, true, user's domain, domain, ,
    l, true, , true, true, user's login ID, add_uid, ,
    F, true, , true, true, user's first name, add_givenname, ,
    L, true, , true, true, user's last name, add_sn, ,
    I, true, , false, true, user's middle initial, add_initials, ,
    W, true, , true, true, user's password, add_userpassword+confirm_userpassword, ,
    S, true, , false, true, service(s) to be added , add_services, mail={H;true;#;false;true;user's mail host;add_mailhost;#},{E;true;#;false;true;user's email address;add_mail;#}::cal={E;true;#;false;true;user's email address;add_mail;#},{B;true;#;false;true;user's back end calendar server;add_icsdwphost;#},{J;true;#;false;true;first day of the week;add_icsfirstday;#},{T;true;#;false;true;user's timezone;add_icstimezone;#},{k;true;#;false;true;calendar version - legacy or hosted domain;cal_version;#},
    A, true, , false, true, attribute to add, <attr name>:<value>, add_, ,
    [Debug]: DBG: getObjTaskArgs done
    [Debug]: servInfo len = 1
    Enter user's password: 123456789
    [Debug]: argVal =domain.com
    [Debug]: servCommand =task=CreateUser&objecttype=User&domain=domain.com
    [Debug]: argVal =username
    [Debug]: servCommand =task=CreateUser&objecttype=User&domain=domain.com&add_uid=username
    [Debug]: argVal =test
    [Debug]: servCommand =task=CreateUser&objecttype=User&domain=domain.com&add_uid=username&add_givenname=test
    [Debug]: argVal =test
    [Debug]: servCommand =task=CreateUser&objecttype=User&domain=domain.com&add_uid=username&add_givenname=test&add_sn=test
    [Debug]: argVal =123456789
    [Debug]: servCommand =task=CreateUser&objecttype=User&domain=domain.com&add_uid=username&add_givenname=test&add_sn=test&add_userpassword=123456789
    [Debug]: argVal =123456789
    [Debug]: servCommand =task=CreateUser&objecttype=User&domain=domain.com&add_uid=username&add_givenname=test&add_sn=test&add_userpassword=123456789&confirm_userpassword=123456789
    [Debug]: argVal =mail
    [Debug]: servCommand =task=CreateUser&objecttype=User&domain=domain.com&add_uid=username&add_givenname=test&add_sn=test&add_userpassword=123456789&confirm_userpassword=123456789&add_services=mail
    [Debug]: argVal =cal
    [Debug]: servCommand =task=CreateUser&objecttype=User&domain=domain.com&add_uid=username&add_givenname=test&add_sn=test&add_userpassword=123456789&confirm_userpassword=123456789&add_services=mail&add_services=cal
    [Debug]: Contacting : http://mail.domain.com:80/commcli/TaskManager
    [Debug]: To servlet: task=CreateUser&objecttype=User&domain=domain.com&add_uid=username&add_givenname=test&add_sn=test&add_userpassword=123456789&confirm_userpassword=123456789&add_services=mail&add_services=cal
    [Debug]: RECV: FAIL
    *[Debug]: RECV: 5088:Error message required. missing resource string -> norgsmd null*
    [Debug]: CLITask: status returned =FAIL
    FAIL
    *5088:Error message required. missing resource string -> norgsmd null*
    [Debug]: DBG: doOne returned code=6
    [Debug]: Contacting : http://mail.domain.com:80/commcli/logout
    [Debug]: Logout ...
    any help will much appreciated
    CA

    KenGra wrote:
    I found the problem, the default domain that was created during the installation did not have all the objectclass needed, such as calendaruser etc....Did you remember to run the "./commadmin domain modify -S mail -S cal -H mailhost" for the default domain after the installation of Delegated Administrator?
    Regards,
    Shane.

  • Delegated admin login problem

    I am running Iplanet messaging server 5.2 and am having problems loging into the delegated administrator. When I try to log in as ServiceAdmin I immediately get a screen telling me that the session has timed out and to re-authenticate.
    Any ideas what is wrong?

    Unknown. Not nearly enough data to guess.
    Please examine your LDAP access logs, and comment.
    You should be looking for BIND commands for "NDAdmin". This is the first step in logging into Delegated Admin. If this fails, no user will be able to use DA.
    Do you have password expiration set up in DS? did you remove this account? Change the pw?

  • Cpu high while installing delegated admin 2nd instance.

    Hi,
    I am using Sun JES 2005Q1 on Solaris9 sparc platform.
    AM, Delegated Admin & MEM are running on 1 host which is working perfectly.
    I have installed another instance of AM on another host which is also working perfect.
    Whenever I try to install 2nd instance of Delegated Admin, the cpu utilization of my ldap server goes very high (98%) and installation doesnt proceed.
    I have increased the nsslapd-allidthreshold value from 4000 to 15000.
    Also indexing of attributes are already done.
    But still no luck for me.
    I am getting error logs on ldap server "search is not indexed".
    Can anyone help me out ?
    Regards,
    Shujaat Nazir Khan
    Senior System Engineer
    Cyber Internet Services (Pvt.) Ltd.

    The access manager has the same "oversight" but it was easy enough to fix by adding WS_ADMINHOST=admin.dom.tld to the amsamplesilent, and sed -i 's/--host=$WS_HOST/--host=$WS_ADMINHOST/g' to amws70config and amconfigupdate, and things actually worked when I did this (with a little more hackery, like manually editing mime.types and server.policy). This DA configurator is less straight forward, and when I fixed up the files and reran the failed scripts, things didn't work.
    Does it make sense to run the administration server in its own zone/machine from an architectural standpoint? There has to be at least one admin server, so is the point AM/DA makes "it may as well be running on the node that _requires_ it to be running" versus "separate services into logical partitions?" It seems to me the first option is "good enough" while the second makes sense, but I'm looking for confirmation or further input.

  • Delegated Admin Customization problem

    Delegated Administrator 7.0-0.00
    I'm trying to disable the ability to change the Mail & Message Quota when assigning an additional service package using Delegated Admin
    OrganizationAdminRole.WizardWindow.Wizard.WizardPage11.MailQuotaValue=NONEDITABLE
    When I enable that it won't let me past that screen keeps kicking me back.
    When I disable it lets me past the screen.
    This is all my cusomizations so you can duplicate it.
    OrganizationAdminRole.UserProperties.MailQuotaValue=NONEDITABLE
    OrganizationAdminRole.UserProperties.MailMsgQuotaValue=NONEDITABLE
    OrganizationAdminRole.WizardWindow.Wizard.WizardPage11.MailQuotaValue=NONEDITABLE
    OrganizationAdminRole.WizardWindow.Wizard.WizardPage11.MailMsgQuotaValue=NONEDITABLE
    OrganizationAdminRole.WizardWindow.Wizard.WizardPage12.CalendarHostValue=NONEDITABLE
    OrganizationAdminRole.WizardWindow.Wizard.WizardPage31.MailHostValue=NONEDITABLE
    OrganizationAdminRole.WizardWindow.Wizard.WizardPage31.MailQuotaValue=NONEDITABLE
    OrganizationAdminRole.WizardWindow.Wizard.WizardPage31.MailMsgQuotaValue=NONEDITABLE
    OrganizationAdminRole.tabs.orgproperties=INVISIBLE
    I've confirmed it on 2 servers.
    Bug? Or my config?

    Mark_Wal wrote:
    When I enable that it won't let me past that screen keeps kicking me back.
    When I disable it lets me past the screen.
    This is all my cusomizations so you can duplicate it.
    OrganizationAdminRole.WizardWindow.Wizard.WizardPage11.MailQuotaValue=NONEDITABLE
    OrganizationAdminRole.WizardWindow.Wizard.WizardPage11.MailMsgQuotaValue=NONEDITABLEI could reproduce the problem behaviour with just the above settings enabled.
    Bug? Or my config?I've logged a new bug :
    bug #6861629 - "DA7: Setting mail quota values as noneditable in assign service package causes mail step to loop"
    Please escalate via Sun Support for a fix.
    Regards,
    Shane.

  • Delegated Admin web application only requests first 100 accounts?

    Hi,
    - Sun Java System Messenger Express 6.2
    - Delegated Administrator 6.3-0.09 built Sep 6, 2005
    Is this true that the Delegated Admin (DA) web application only requests first 100 accounts?
    Once logged in to DA web application, we only see "Retrieved Users (100)" if we want to see all users; but if we do a search on uid or username, all other users are retrieved.
    One of the admin gave us the following response:
    This is not a directory-related problem, but rather a matter of the design of the DA application you are using. The web-based java app only requests the first 100 accounts from the directory (presented by default as 10 pages of 10 accoints each.) , since you're supposed to be using the search facility to find accounts when you need to modify or delete them.
    This is a deliberate design choice by the Sun programmers who wrote the thing, probably because the directory is capable of holding several thousand accounts and pulling them all would take quite a bit of time (not to mention memory space), so in the interest of response-time speed they limited the data pull.
    I cannot modify this application's functionality. If you need a list of all user accounts in your domain, I can supply an LDIF on request, with any attributes (mail, uid, cn, etc.) that you like.
    Please let us know if there is any way we can view all users (approx. 1000) from DA web application.
    Thank you for your time,
    GJ

    Yes, the terminal commands I gave are changing permissions.
    Properly written OS X apps should run under any user account, and should store any account-specific information in the each user's home folder. Some poorly written apps might only be executable by the administrator. Running the first command I have will make the app executable to all users.
    Some even more poorly written apps will write user data into the application itself rather than to the user's home folder. This is a particularly bad problem with game software, which for example might write high score info into the app itself. If this is the case for your misbehaving apps, the second command I gave will make the app writable by everybody and should solve the problem.

  • Delegated Admin and non-flat user/group structures

    Hello, I am trying to build a directory structure with several containers under an organization used to store different portions of userdata and group data (i.e. not only ou=people and ou=group, but also a few ou's like them). Server software is from OUCS 7u2 release. Users in "other" containers are populated into LDAP (ODSEE 11) by replication, filling in all the same attributes as a freshly DA-created account has.
    The Delegated Admin interface and other parts of the software accept this and work okay with this setup, displaying user information, allowing logins and so on - except for attempts to edit user accounts in the alternate containers in the DA (i.e. add/remove service packages, change quotas, etc.). First I've verified that this is not an LDAP problem - I can use both command-line ldapmodify and an LDAPBrowser GUI to edit the entries with no hiccups.
    I tracked that when trying to save account information for accounts in non-standard containers, the DA still tries to use a hard-coded path (i.e. uid=USERNAME,ou=people,o=DOMAINNAME,dc=DOMAIN,dc=NAME) despite the fact that the user account is (and DA displayed it from) uid=USERNAME,ou=morePeople,o=DOMAINNAME,dc=DOMAIN,dc=NAME.
    Possibly, this "hardcoding" stems from DA configuration in WEB-INF/classes/sun/comm/cli/server/servlet/serverconfig.properties which does list components of the LDAP structure:
    # Ldap configuration.
    # List of ldap hosts. Form is <ldaphost>:<portnumber>. (Default port = 389)
    # add additional hosts with ldaphost-<consecutive number>
    # Schema type is either "1" or "2".
    # Reconnect interval is in seconds
    # Group and people container is dn from organization dn (e.g ou=people)
    ldaphost-1=oucsldap01:389
    ldaphost-2=oucsldap02:389
    ldaphost-suffix=dc=DOMAIN,dc=NAME
    ldaphost-dcsuffix=dc=DOMAIN,dc=NAME
    ldaphost-maxcount=50
    ldaphost-schematype=2
    ldaphost-reconnectinterval=60
    ldaphost-peoplecontainer=ou=People
    ldaphost-groupcontainer=ou=Groups
    ldaphost-orgadminrole=cn=Organization Admin Role
    While the organization root dn is not explicit here (and shouldn't be), the default people container is... I might guess a coding error logic like this: indeed, the "ou=People" container should be used by default when creating a user via DA; as a likely error, it might also be used when editing existing users - instead of their existing full DN/parent DN.
    Questions:
    1) Does anyone have a working configuration with several user/group containers within an organization like this? Would you care to share details and workarounds, if were needed?
    2) I think that possibly the "shared domain/organization hosting" mode might help here - at least it is expected to have several LDAP trees with their delegated administrators performing as a single e-mail domain. Before I go and reconfigure everything, I'd love to hear if there are any success stories with this route? Is it a proper solution (or THE solution) for such config?
    Thanks,
    //Jim Klimov

    I wanted to follow up that reconfiguring the directory structure according to shared domain hosting, with branches for ISW-synchronized accounts as one of the sub-organizations which share the domain, and manually created OUCS-only accounts being in another sub-organization. This works for both messaging components and the DA, as long as UIDs are in ou=People in their organization. Somewhat unfortunately, ISW config seems to allow only one DSEE target branch and puts groups (CN) there as well. Well, for our needs to edit user attributes and service packages via DA, this suffices. Sometimes there are hiccups (Can not save changes), but they are intermittent and harder to trace debug; usually go away with restart of the DA web container. The DSEE LDAP instances are configured with plugins to enforce uid uniqueness across the organization and uniqueness of values of messaging email address attributes (mail, mailAlternateAddress, mailEqiuvalentAddress) to avoid mixups between user accounts in different branches.
    Also, we had a problem with Calendar server after migrating the LDAP entries: since our deployment used the nsUniqueID for calendar user identification, relocation of entries (the way we did it) generated new values for new entries and users got new empty caledar databases. On this POC this was not a major problem, and newer OUCS releases with a davUniqueID attribute should specifically be immune to this problem. However, for others trodding this path I can suggest that they export the LDAP database into LDIF including the unique IDs, recreate the suffixes as needed (the ISW target organization in DSEE should be a separate LDAP database suffix), change the LDIF entry pathnames, and import the LDIF anew. This would wipe old LDAP data and should add old nsUniqueIDs to relocated entries (unlike recreation via ldapadd or relocation via ldapmodrdn).
    We have also hit a problem with DA refusing to render the list of accounts (returning 0 or 25 empty entries in a table). The LDAP logs showed that on the LDAP side all is ok, and expected amount of replies was located. Pattern searches often produced the proper table with a subset of users in DA. Ultimately, we linked the problem to ISW binary base64-encoded attributes (dspswuserlink et al; some of those values also garbaged output of commadmin queries in a terminal) and created an LDAP ACI which forbade our DA-admin user to read,search,compare these attributes. This solved the problem for us. I wonder if a more generic solution is possible, so as to apply this ACI not to an explicitly named admin user but to any users with DA admin privileges (by group or role? which string, to cover them all in advance)? Or, perhaps, nobody except the ISW user account should see these ISW attributes?
    Hope this report helps others who would try to pioneer this path of messaging integration
    //Jim Klimov

  • How do I suite Delegated admin to my LDAP structure

    Hello All
    I've been working in a customer's Mail server (messaging 5.1, Directory 4.16) and I am having a problem with ida.
    All the users are on:
    ou=001,o=Student, o=People, o=acme.com,o=acme.com
    And, the user's mail is [email protected]
    Now, with Branch ou=998, o=Student, .....
    They want all the users to have an e-mail address of the form [email protected] (DONE) and they want to have an administrator to handle the users in this ou
    I tried to setup a mail domain with Delegated admin but, I see no way of mapping this new domain to this ou (ida expects things to be in the dc= subtree that doesn't even exist)
    Anyone has any ideas?
    Thanks
    //JaimeC

    The image which appears in the Store page is referenced in the 'itunes:image' tag. This tag is present in your feed but the URL is of your website. You need to create an image, which should be 1400 x 1400 and either JPG or PNG, and reference it in this tag. I don't know anything about 'Podcast Suite': probably it has somewhere to enter the image details.

  • Delegated Admin login fail

    I installed Solaris 9 05/9 and JES05Q4 in a Sun Fire V440 recently.
    I chose these components only:
    Directory server
    Administration server
    Web server
    Access manager
    Messaging server
    Delegated administrator
    Directory preparation tools
    I can use commadm to created users after installation and initial configuration, but I can't login to the delegated admin with any account. http://server.mydomain.com/da/DA/Login
    After I check the DA log file, it shows:
    WARNING: User &#91;admin&#93; has no valid role assigned, aborting login
    What kind of role required for da login ?
    Thanks in advance for any help.
    dx

    I recommend that you post your question to the Messaging Server forum (also listed at the bottom of the Java ES forums page):
    http://swforum.sun.com/jive/forum.jspa?forumID=15
    You might also want to search that forum for similar problem reports.

  • Appserver dies (Delegated Admin)

    Hi,
    Running an instance of the Messaging Q12005. No additional patches installed after installation. The problem we are facing is that periodically (once or more a day) the Delegated Admin web access is not reachable. It seems that the App. Server process dies because when I try to stop the App server using asadmin , it replies that it is not running, so after restarting the App server and the Access Manager admin server also restarted, the Delegated Admin Web access works again.
    Any idea why this is hapenning ?

    Alas, I don't know much about troubleshooting App Server. Last time I even looked at it, I vaguely remember that it should be restarting itself.
    I use the web server, as a container for DA,and have no such issues.
    Does App Server dump core? Are you configured so it can? Have you opened a tech support case for this?

  • Delegated admin 6.3 Invalid login ID or password, please try again

    Dear Oracle,
    I am having problem login to delegated admin. previously the login was OK
    until recently not sure what cause the login fail.
    Please advice where should i start to t/s
    Cheer
    Sam

    Dear Oracle,
    I found the DA fail might related to access manager not functioning
    after several time restart webserver for da & amserver
    the error log shown as below
    20/Nov/2010:14:17:31      failure      Click to view more details for this
    message WebModule[amserver]StandardWrapper.Throwable
    java.lang.NullPointerException at
    com.sun.identity.authentication.UI.LoginLogoutMapping.initializeAuth(LoginLogoutMapping.java:89)
    at com.sun.identity.authentication.UI.LoginLogoutMapping.init(LoginLogoutMapping.java:74)
    at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1165)
    at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:994)
    at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:4731)
    at org.apache.catalina.core.StandardContext.start(StandardContext.java:5123)
    at com.sun.webserver.connector.nsapi.WebModule.start(WebModule.java:182)
    at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1224)
    at org.apache.catalina.core.StandardHost.start(StandardHost.java:924)
    at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1224)
    at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:520)
    at org.apache.catalina.startup.Embedded.start(Embedded.java:917) at
    com.sun.enterprise.web.PwcWebContainer.onStartup(PwcWebContainer.java:70)
    at com.sun.webserver.connector.nsapi.WebContainer.start(WebContainer.java:472)
    at com.sun.webserver.init.J2EERunner.confPostInit(J2EERunner.java:304)
    20/Nov/2010:14:17:31      failure      Click to view more details for this
    message WebModule[amserver]PWC1396: Servlet /amserver threw load()
    exception
    0/Nov/2010:14:11:03      failure      Click to view more details for this
    message for host 10.0.1.28 trying to GET /amserver/UI/Login,
    service-j2ee reports: WebModule[amserver][ERROR] Uncaught application
    exception
    java.util.MissingResourceException: Can't find resource for bundle
    java.util.PropertyResourceBundle, key at
    java.util.ResourceBundle.getObject(ResourceBundle.java:325) at
    java.util.ResourceBundle.getObject(ResourceBundle.java:322) at
    java.util.ResourceBundle.getString(ResourceBundle.java:285) at
    com.sun.identity.authentication.client.AuthClientUtils.getErrorVal(AuthClientUtils.java:1389)
    at com.sun.identity.authentication.client.AuthClientUtils.getErrorTemplate(AuthClientUtils.java:453)
    at com.sun.identity.authentication.UI.LoginViewBean.setErrorMessage(LoginViewBean.java:1650)
    at com.sun.identity.authentication.UI.LoginViewBean.forwardTo(LoginViewBean.java:373)
    at com.iplanet.jato.ApplicationServletBase.dispatchRequest(ApplicationServletBase.java:981)
    at com.iplanet.jato.ApplicationServletBase.processRequest(ApplicationServletBase.java:615)
    at com.iplanet.jato.ApplicationServletBase.doGet(ApplicationServletBase.java:459)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:796) at
    javax.servlet.http.HttpServlet.service(HttpServlet.java:917) at
    org.apache.catalina.core.ApplicationFilterChain.servletService(ApplicationFilterChain.java:398)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:304)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:185)
    at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:86)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:217)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:185)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275)
    at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:255)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:188)
    at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:586)
    at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:556)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:187)
    at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:586)
    at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:556)
    at com.sun.webserver.connector.nsapi.NSAPIProcessor.service(NSAPIProcessor.java:160)
    20/Nov/2010:14:11:03      failure      Click to view more details for this
    messagefor host 10.0.1.28 trying to GET /amserver/UI/Login,
    service-j2ee reports: StandardWrapperValve[LoginServlet]: PWC1406:
    Servlet.service() for servlet LoginServlet threw exception
    Cheers
    Sam

  • Deleting users with Delegated Admin

    Hope anyone can help with this:
    When I delete a user with Delegated Admin (For Messaging 5.x) the user
    seems to be deleted in iDA, but it is not deleted in LDAP.
    Therefore, I cannot re-use it's attributes (like E-mail address) for
    another (new) user.
    This causes all kind of problems.
    I can go into the Console and through away the user, then everything
    works again. But I expected iDA also to delete the user if I use the
    delete button.
    Any ideas? Did I forget something?
    Thanks in advance,
    Niels de Troye

    Hi..
    the nda does not remove the user... is put it in suspend mode...
    you have to run the imsimta purge command to remove the user.. or to wait
    the server to do that
    in a day or so....
    take a look at the manual to see how you can do that...
    "N. de Troye" wrote:
    Hope anyone can help with this:
    When I delete a user with Delegated Admin (For Messaging 5.x) the user
    seems to be deleted in iDA, but it is not deleted in LDAP.
    Therefore, I cannot re-use it's attributes (like E-mail address) for
    another (new) user.
    This causes all kind of problems.
    I can go into the Console and through away the user, then everything
    works again. But I expected iDA also to delete the user if I use the
    delete button.
    Any ideas? Did I forget something?
    Thanks in advance,
    Niels de Troye--
    Over and Out
    Giorgos Kiriakidis
    Technical Department
    NetSmart S.A.
    Panepistimiou 58.
    Athens 10678
    Hellas
    Tel +3013302608
    Fax +3013302658
    Email [email protected]
    This message contains confidential information intended for a specific
    individual and purpose,
    is protective by law. If you are not the intended recipient, you should
    delete this message.
    Any disclosure, coping, distribution or taking any action based on this
    message is strictly prohibited.

  • Delegated Admin for Messaging does not run properly

    Hi, my environment is:
    iDS5.1, iMS5.2, iCS5.1 and Delegated Admin for Messaging 1.2.
    I have installed all the components and it seems to run fine, but when I log on to the Delegated Admin I cna't see the frame in the middle of the browser window. An error appears that "The page cannot be displayed".
    I had a look in the error log of the WebServer to see what might happen and I saw the following error message:
    Internal error: servlet service function had thrown ServletException (uri=/servlet/getPage): javax.servlet.ServletException: java.lang.Exception: ../templates/isp/SearchSelected.html:45 -> Template contains directive that first requires LdapEntry to be initiallized by program., stack: javax.servlet.ServletException: java.lang.Exception: ../templates/isp/SearchSelected.html:45 -> Template contains directive that first requires LdapEntry to be initiallized by program. at java.lang.Throwable.fillInStackTrace(Native Method) at java.lang.Throwable.fillInStackTrace(Compiled Code) at java.lang.Throwable.<init>(Compiled Code) at java.lang.Exception.<init>(Compiled Code) at javax.servlet.ServletException.<init>(ServletException.java:107) at netscape.nda.servlet.NDAIMSGetPage.execute(Compiled Code) at netscape.nda.servlet.NDAServlet.doPost(NDAServlet.java:117) at netscape.nda.servlet.NDAServlet.doGet(NDAServlet.java:138) at javax.servlet.http.HttpServlet.service(HttpServlet.java:740) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at com.iplanet.server.http.servlet.NSServletRunner.invokeServletService(NSServletRunner.java:897) at com.iplanet.server.http.servlet.NSServletRunner.Service(NSServletRunner.java:464) , root cause:
    I had no errors during the installation and the access to the LDAP server seems to be o.k. because it is possible to log on to the Del. Admin.
    Does anyone can give me hint what this might be?
    Any help would be very appreciate.
    THX
    Marcel

    iDS5.1, iMS5.2, iCS5.1 and Delegated Admin for Messaging 1.2.
    Why is anybody installing 3-year old software today?
    The error message implies that not all installation steps were done correctly. The most common problem is that when ims_dssetup.pl is run, the entries there are not correct for what you intend to put in during Messaging install...

Maybe you are looking for