Error in LDAP Authentification

hi all,
i am wondering if there is someone who had the same error we are facing currently...
here is the problem:
in our single sing-on we authenticate the user with ldap in an stateless session bean. This works all perfect except that from time to time we get an error in the class "com.sun.jndi.ldap.BerEncoder" in the method "endSeq"... the exception is:
java.lang.IllegalStateException: BER encode error: Unbalanced SEQUENCEs
any ideas why this error occeurs?
TIA
sandro

I started getting this error when I mistakenly changed a search filter from (&(uid=james)(objectclass=Staff)) to (uid=james)(objectclass=Staff)). It is complaining about the unbalanced parenthesis.

Similar Messages

Private Key Not Found Error in Ldaps

Hi,
I am facing "Private Key Not Found" Error in ldaps. The key and the SSL certificate is stored under the same location. The certificate is self signed certificate and in .pem format. When I am trying to install the certifcate through SUN ONE Console it throws the following error
"Either this certificate is for another server, or this certificate was not requested using this server".
can any one help me in this regard.
Regards
Senthil
Edited by: senlog80 on Dec 30, 2008 3:18 AM

Or even better, check the note <a href="https://websmp110.sap-ag.de/~form/handler?_APP=01100107900000000342&_EVENT=REDIR&_NNUM=924320&_NLANG=E">924320</a>.
Symptom:
When you execute a query with virtual characteristics or key figures, the system issues the following error message:
Object FIELD I_S_DATA-<key figure> not found
Other terms
RSR00002, RSR_OLAP_BADI
Reason and Prerequisites
This problem is caused by a program error.
Solution
If the virtual characteristics or key figures are implemented using the enhancement RSR00002 (CMOD), implement the corrections.
If the virtual characteristics or key figures were created directly as implementations of the RSR_OLAP_BADI BAdI, compare the source code of the INITIALIZE method with the corresponding source code example. During the call of GET_FIELD_POSITIION_D, <L_S_SK>-VALUE_RETURNNM must be transferred instead of <L_S_SFK>-KYFNM.
Import Support Package 08 for SAP NetWeaver 2004s BI (BI Patch 08 or SAPKW70008) into your BI system. The Support Package is available when Note 0872280"SAPBINews BI 7.0 Support Package 08", which describes this Support Package in more detail, is released for customers.
In urgent cases, you can use the correction instructions.
To provide advance information, the note mentioned above may be available before the Support Package is released. In this case, the short text of the note still contains the words "Preliminary version".
Assign pts if helpful.

Lots of errors in LDAP Logs

We are having some issues with some user accounts, and I went into the logs to see what I could find. I am getting tons of errors in LDAP alone. Here is from the last 30 minutes. Not sure what is means exactly... Can anybody shed some light on this
Feb 8 12:00:38 server slapd[46]: SASL [conn=86077] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
Feb 8 12:00:39 server slapd[46]: <= bdbequalitycandidates: (sambaSID) index_param failed (18)\n
Feb 8 12:00:39 server slapd[46]: <= bdbequalitycandidates: (sambaSID) index_param failed (18)\n
Feb 8 12:00:56 server slapd[46]: SASL [conn=86083] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
Feb 8 12:00:57 server slapd[46]: SASL [conn=86087] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
Feb 8 12:00:58 server slapd[46]: SASL [conn=86091] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
Feb 8 12:01:01 server slapd[46]: <= bdbequalitycandidates: (uniqueMember) index_param failed (18)\n
Feb 8 12:01:01 server slapd[46]: <= bdbequalitycandidates: (uniqueMember) index_param failed (18)\n
Feb 8 12:01:01 server slapd[46]: <= bdbequalitycandidates: (uniqueMember) index_param failed (18)\n
Feb 8 12:01:01 server slapd[46]: <= bdbequalitycandidates: (uniqueMember) index_param failed (18)\n
Feb 8 12:01:01 server slapd[46]: <= bdbequalitycandidates: (uniqueMember) index_param failed (18)\n
Feb 8 12:01:01 server slapd[46]: <= bdbequalitycandidates: (uniqueMember) index_param failed (18)\n
Feb 8 12:03:48 server slapd[46]: SASL [conn=86106] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
Feb 8 12:08:18 server slapd[46]: SASL [conn=86131] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
Feb 8 12:08:19 server slapd[46]: SASL [conn=86135] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
Feb 8 12:08:19 server slapd[46]: SASL [conn=86139] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
Feb 8 12:08:20 server slapd[46]: SASL [conn=86143] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
Feb 8 12:08:32 server slapd[46]: <= bdbequalitycandidates: (apple-computers) index_param failed (18)\n
Feb 8 12:08:32 server slapd[46]: <= bdbequalitycandidates: (apple-computers) index_param failed (18)\n
Feb 8 12:08:53 server slapd[46]: SASL [conn=86150] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
Feb 8 12:08:54 server slapd[46]: SASL [conn=86154] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
Feb 8 12:08:54 server slapd[46]: SASL [conn=86156] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
Feb 8 12:11:38 server slapd[46]: SASL [conn=86175] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
Feb 8 12:11:39 server slapd[46]: SASL [conn=86179] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
Feb 8 12:13:08 server slapd[46]: connection_read(22): no connection!\n
Feb 8 12:15:32 server slapd[46]: connection_read(28): no connection!\n
Feb 8 12:23:32 server slapd[46]: SASL [conn=86249] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
Feb 8 12:23:33 server slapd[46]: SASL [conn=86253] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
Feb 8 12:23:35 server slapd[46]: SASL [conn=86257] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
Feb 8 12:30:37 server slapd[46]: connection_read(28): no connection!\n

This article fixed my problem
http://support.apple.com/kb/TS2915

Error in LDAP Connector

hi,
Our idm use HCM, so I try to use LDAP retrieved HR data. The JCo of Our idm and the ABAP RFC typed T run smoothy. When I start LDAP connector, it tells "Error starting LDAP Connector at operating system level". In ST11, it reads follow:
======> JCO.Server could not find server function 'LDAPRFC_LOAD'
ABAP Programm: SAPLSLDAP_CCMS (Transaction: LDAP)
Called function module: LDAPRFC_LOAD
I can't find the funtion LDAPRFC_LOAD.
Is there any one can tell me a good method to solve it? Thanks very much!
lily

Forget to install LDAP Client at HCM OS

Errors in LDAP configuration with Shared Services

Dear sirs,
we are getting errors in LDAP configuration with Shared Services.
Base DN is ou=Grupos,cn=East,o=SSGH,c=br,o=Grupo East
The group cn is cn=AH
In LDAP log you can see the applications is searching the group:
"ou=Grupos,cn=East,o=SSGH,c=br,o=Grupo"
When it should be:
“ou=Grupos,cn=East,o=SSGH,c=br,o=Grupo East”
We think the problem is with space in Base DN "o=Grupo East", it is not properly considered.
Error Codes
EPMCSS-05145
Thanks in advance

Hi.
Could you try to define the Base DN as :
ou=Grupos,cn=East,o=SSGH,c=br,o=Grupo\ East
I don't know if will work fine.. but you can use special characteres using with the "\"
Good luck.
Best regards!

Create external LDAP authentification to SAP via Web Dynpro

Hi Guys,
I have a requirement where I have to create access to SAP via external LDAP authentification. It is similiar how the Enterprise Portal works, but I want to achieve it with out the portal.
The user will enter his LDAP user and password and I will check via LDAP connector to grant access to SAP.
The only Problem I have is to switch to SAP user without knowing the SAP Password. Thats why I need external authentification.
I have been told by an basis expert that I could use java to achieve this. I have also got the java coding what the Enterprise Portal uses.
Am I on the right way? Can anybody advice me.
Thanks and best regards
Ali

Hi,
Refer this link and SAP Note
[SAP GUI for HTML|http://help.sap.com/saphelp_nw04s/helpdata/en/47/4b0902d84818c9e10000000a114a6b/frameset.htm]
SNote: 517484
Regards
Preethish

Error updating LDAP properties: An internal error has occurred in the secLdap plugin

Post Author: kbd_vijey
CA Forum: Authentication
Hi,
We are using Environment / Tools : BusinessObjects Enterprise XI R2 ,Sun Soloris 10,Active Directory.
To Configure the LDAP, we have done from CMC - > Authentication -> LDAP.
The below steps we have followed.
1) Please enter the LDAP hosts you are using. => Here, we have entered our AD's hostname:port (Ex: 192.168.0.8:389) (Is it correct?)
2) We have passed all the required informations for all other tabs.
3) SSL - Basic(no SSL), Authentication - Basic(no SSO)
Finally its providing the error as " Error updating LDAP properties: An internal error has occurred in the secLdap plugin."
If any one have solution or faced same problem, Kindly help us to resolve it.
Thanks & Best Rgds,Vijey

Post Author: TAZ
CA Forum: Authentication
There are 3 things needed to get the LDAP plugin configured.
1) Host:port
2) Base DN, usually dc=domain, dc=com
3) LDAP Administrator DN (this is not a visible attribute in AD unless you use a tool like ADSIedit or ADExplorer). You probably have to enter the Base DN instead of the username.
There are other AD specific issues when using the LDAP plugin to AD such as picking custom attributes, rules for multi domains, etc
Regards,
Tim

Error 49: LDAP Invalid credential Supplied when installing Identity Server

I am installing oracle Acess manager with Active directory for windows server 2003. While installing
the identity server we facing the issue with
Error 49: LDAP Invalid credential supplied. Please see the attached screen shot for more details.

At which stage are getting this error?
If you are getting this error after specifying LDAP Directory details during identity server install, make sure that your username/password for AD are correct.
if your domain name = example.com
and the user you are using is under cn=users in AD use:
1. cn=your_username,cn=users,dc=example,dc=com
and your password
2. if this doesn't work, try:
[email protected]
and your password.

LDAP authentification with R/3

hi!
after a long long search I could not found out how to implement LDAP authentification for SAP R/3. To be honest I'm not an expert in R/3 basic, for Web AS / EP i would know how to do it
Due to several network&security reasons we don't like to use the single-sign or the ldap syncronization functionality.
The only thing we would use ldap for is to just authentificate the user. Unfortunately, our LDAP-users are not the same than the SAP-users (8 chars in sap, longer in ldap). What the system should do is:
- ask for username (sap 8-char) and password (ldap)
- map sap-username and ldap-username (e.g. by the sap-aliasname or external username in USR15)
- connect to the ldap-directory, find out whether user/pass is correct
- if correct, log the sap-user in
- that's all
Any Ideas?
Thanks,
Markus

Hi,
It can be done. It all depends a bit on what kind of platforms you want to use it.
We're currently in the middle of introducing a shibolet CUA for all our systems, SAP or non SAP. That means that one needs to authenticate to a central server and via SSO, you will have access to the applications.
For SAP, that'll mean that we no longer will login via a SAP Gui, but via the EP that authenticates against this CUA. Once logged in, one can launch a SAP Gui script that allows you to work on the SAP R/3 server.
Have also a look at http://shib.kuleuven.be/
Alternatively, you can set up an UME. See http://help.sap.com/saphelp_nw2004s/helpdata/en/cc/cdd93f130f9115e10000000a155106/frameset.htm for this.
Eddy
PS.
Put yourself on the SDN world map (http://sdn.idizaai.be/sdn_world/sdn_world.html) and earn 25 points.
Spread the wor(l)d!

EN4093R LDAP authentification and authorization

Hi,i want to configure ldap authentification and authorization. Can anyone help me to configure this. In my test environment – I want to give our Domain Admins access to our switches. I found only basic configuration in the user manual but I got now information to configure groups. Could I configure two or more groups to access the switch?

What thype of ldap server are you using? Microsoft Windows 2012 or 2008. I got a problem with 2012 not give the groups back with some users.
Same problem as
https://supportforums.cisco.com/message/3866327#3866327
debug ldap 255
shows correct value with one user that is workin:
[196] Authentication successful for Administrator to 192.168.20.80
[196] Retrieved User Attributes:
[196]   objectClass: value = top
[196]   objectClass: value = person
[196]   objectClass: value = organizationalPerson
[196]   objectClass: value = user
[196]   cn: value = Administrator
[196]   description: value = Vordefiniertes Konto f..r die Verwaltung des Computers bzw. der Dom..ne
[196]   distinguishedName: value = CN=Administrator,CN=Users,DC=xxxx,DC=local
[196]   instanceType: value = 4
[196]   whenCreated: value = 20081201134058.0Z
[196]   whenChanged: value = 20131126141559.0Z
[196]   displayName: value = Administrator
[196]   uSNCreated: value = 12298
[196]   memberOf: value = CN=G_SSLVPN,OU=Service,OU=Groups,OU=XXXXX,DC=XXXX,DC=local
[196]           mapped to Group-Policy: value = ssl_admin
[196]           mapped to LDAP-Class: value = ssl_admin
One user that is not working:
no entries with memberOf in debug
[190] Authentication successful for sdag to 192.168.20.80
[190] Retrieved User Attributes:
[190]   objectClass: value = top
[190]   objectClass: value = person
[190]   objectClass: value = organizationalPerson
[190]   objectClass: value = user
[190]   cn: value = sdag
[190]   distinguishedName: value = CN=sdag,OU=Lieferanten,OU=Users,OU=xxxx,DC=xxxxxx,DC=local
[190]   displayName: value = sdag
[190]   homeMTA: value = CN=Microsoft MTA,CN=SRVSBS01,CN=Servers,CN=erste administrative gruppe,CN=Admini
[190]   proxyAddresses: value = smtp:sdag@xxxx
[190]   proxyAddresses: value = SMTP:sdag@xxxxx

Java LDAP Authentification - problem!!!

I found application in .NET (C#), and it's work perfectly! (http://www.codeproject.com/KB/system/arbauthentication.aspx)
I want do this logic in my java web application. All users in our domain in first leg must be log-in in web application!
And it - authetification must be over Active Directory (AD). Help me please.
            Hashtable authEnv = new Hashtable();
            String userName = "";
            String passWord = "";
            InputStreamReader converter = new InputStreamReader(System.in);
            BufferedReader in = new BufferedReader(converter);
            System.out.println("Input your username:");
            userName = in.readLine();
            System.out.println("Input your password:");
            passWord = in.readLine();
            base = userName + "@" + "xxxyyyzzz.com";
            String ldapURL = "ldap://192.168.0.99:389/";
            authEnv.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
            authEnv.put(Context.PROVIDER_URL, ldapURL);
            authEnv.put(Context.SECURITY_AUTHENTICATION, "simple");
            authEnv.put(Context.SECURITY_PRINCIPAL, base);
            authEnv.put(Context.SECURITY_CREDENTIALS, passWord);
            try {
                DirContext authContext = new InitialDirContext(authEnv);
                System.out.println("Authentication Success!");
            catch (AuthenticationException authEx)
                System.out.println("Authentication failed!");
            catch (NamingException namEx) {
                System.out.println("Something went wrong!");
                namEx.printStackTrace();
            }This code is not working when truely input username & password. Exception!
javax.naming.AuthenticationException:
[LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece]
And when input truely username, but password is a blank (password="") it's work...
Authentication Success!
may be this is anonymous authentification.

If you would have searched through the forum you would have discovered that the Active Directory error code 525 means username not found.
And you may also have discovered that a null password implies an anonymous logon.
Either the user has mistyped their username, or you have made an incorrect assumption when constructing the userPrincipalName and appending the upn suffix "xxxyyyzzz.com".

Error in LDAP Authentication for Sun One App Server 8..pls help

I need to authenticate my sun java system application server 8 with openldap server.....
i have added ldap realm as given in the administrators guide http://docs.sun.com/source/817-6088/security.html
My settings in the sun app server were like this:
Realm: ldap
Class Name: com.sun.enterprise.security.auth.realm.ldap.LDAPRealm
directory ldap://10.1.1.79:389
base-dn o=stooges
jaas-context ldapRealm
search-bind-dn cn=StoogeAdmin,o=stooges
search-bind-password secret1
My openldap schema is as follows
file : /etc/openldap/slapd.conf
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
database ldbm
suffix "o=stooges"
rootdn "cn=StoogeAdmin,o=stooges"
rootpw secret1
directory /var/lib/ldap/stooges
defaultaccess read
schemacheck off
lastmod on
index cn,sn,st pres,eq,sub
index uid,userPassword eq
file : /var/lib/ldap/stooges/stooges.ldif
dn: o=stooges
objectClass: top
objectClass: organization
o: stooges
description: The Three Stooges
dn: cn=StoogeAdmin,o=stooges
objectClass: organizationalRole
cn: StoogeAdmin
description: LDAP Directory Administrator
dn: ou=MemberGroupA,o=stooges
ou: MemberGroupA
objectClass: top
objectClass: organizationalUnit
description: Members of MemberGroupA
dn: ou=MemberGroupB,o=stooges
ou: MemberGroupB
objectClass: top
objectClass: organizationalUnit
description: Members of MemberGroupB
dn: uid=vikram,ou=MemberGroupA,o=stooges
uid:vikram
givenName:vicky
objectClass:top
objectClass:person
objectClass:organizationalPerson
objectClass:inetorgperson
sn:kone
cn:Kone Vikram
userPassword:glamsham
When i start ldap server and sun server,
the login page for sun server asks for username and password ....
when i give
username : vikram
password : glamsham
Error page comes.....
HTTP Status 403 - Access to the requested resource has been denied
type Status report
message Access to the requested resource has been denied
description Access to the specified resource (Access to the requested resource has been denied) has been forbidden.
Sun-Java-System/Application-Server-PE-8.0
Subsequent attempts to login gives another error page
HTTP Status 500 -
type Exception report
message
description The server encountered an internal error () that prevented it from fulfilling this request.
exception
com.sun.enterprise.tools.guiframework.exception.FrameworkException: Unabled to handle pre-compiled JSP '/jsp/j_security_check'. Expected pre-compiled classname: 'org.apache.jsp.jsp.j_005fsecurity_005fcheck'.
com.sun.enterprise.tools.admingui.servlet.HandlePrecompiledJsp.doPost(HandlePrecompiledJsp.java:59)
javax.servlet.http.HttpServlet.service(HttpServlet.java:768)
javax.servlet.http.HttpServlet.service(HttpServlet.java:861)
sun.reflect.GeneratedMethodAccessor55.invoke(Unknown Source)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:324)
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:289)
java.security.AccessController.doPrivileged(Native Method)
javax.security.auth.Subject.doAsPrivileged(Subject.java:500)
org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:311)
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:205)
note The full stack trace of the root cause is available in the Sun-Java-System/Application-Server-PE-8.0 logs.
Sun-Java-System/Application-Server-PE-8.0
So pls... help as to how to go about this..
P.S. My ldap server runs as "ldap" user not as root

Try with "vikram" as a member of "cn=asadmin" group in your LDAP directory...

LDAP error 53002 (LDAP search failre operations error)

Good day all,
When implementing LDAP authentication, I've received this error while configuring LDAP authentication. Here's how it happens:
A) I created LDAP servers in security settings - they test successfully with the settings that I put in ("LDAP server connected successfully")
B) Then I created a variable USER (with blank default initialization and LDAP variable user - (which I created in advanced LDAP server's settings) and Initialization Block - Authentication - after that I wasn't able to successfully test it - I would get the 53002 error.
C) If I check "Use bind parameters" box - I get 53002 error with "Bad Search Filter" message
Can anyone please advice me on which steps i could take to troubleshoot?
Thank you

Are you using OID or MSAD? If OID, check my blog entries here
http://oraclebizint.wordpress.com/2007/10/10/oracle-bi-ee-101332-using-ldapoid-authentication/
http://oraclebizint.wordpress.com/2007/10/12/oracle-bi-ee-101332-and-oid-user-and-group-phase-2/
I think your variable for the LDAP user is not correct.
Thanks,
Venkat
http://oraclebizint.wordpress.com

SLD error after LDAP integration

Hello All,
I integrated Corporate LDAP with EP 7.0 ,after that I have SLD error when I click on the ESS tab which says:
Caused by: com.sap.tc.webdynpro.services.exceptions.WDRuntimeException: Failed to resolve JCO destination name 'SAP_R3_SelfServiceGenerics' in the SLD. No such JCO destination is defined in the SLD.
When I go to content Admin->Webdynpro ,the SLD service is stopped and the 'Maintain Jco's' tab is greyed out.
This keeps on happening regularly.
When I go to the SLD log it says 'Server certificate rejected by ChainVerfier' ,I wonder if we need to implement SSL when we have the turned LDAP on.
Any help would be really appreciated
Thanks

Hi Subhash,
I think u didnt configure your SLD properly.
open this link
Configuring SLD in Sneak Preview SAP NetWeaver '04 Sneak
which gives the porcedure to configure SLD
for JCO destinations
http://help.sap.com/saphelp_nw04/helpdata/en/77/931440a1c32402e10000000a1550b0/frameset.htm
Administration manual->server administration->Administration/Configuration of Web Dynpro Runtime Environment ->Web Dynpro Content Administrator
rgds
srinivas

Error in LDAP user creation

Hi Expert,
I have set up my user in LDAP today. Earlier it was in UME database, because of Two ID, I have deleted UME database .
Now I am getting error like
An unexpected error occurred while retrieving user mapping data for system "WebEx".
Someone can help me to resolve this error?
Thanks,
Kundan

Hi,
the change of UME datasource went fine? Everything is working? Logon, logoff, user <-> group <-> roles?
Where do you get the error? Did you configure user mapping for your users before changing the datasource to LDAP? Have you tried to recreate the user mapping for the WebEX system?
br,
Tobias

Error in LDAP Authentification

Similar Messages

Maybe you are looking for