Error in LDAP Authentification
hi all,
i am wondering if there is someone who had the same error we are facing currently...
here is the problem:
in our single sing-on we authenticate the user with ldap in an stateless session bean. This works all perfect except that from time to time we get an error in the class "com.sun.jndi.ldap.BerEncoder" in the method "endSeq"... the exception is:
java.lang.IllegalStateException: BER encode error: Unbalanced SEQUENCEs
any ideas why this error occeurs?
TIA
sandro
I started getting this error when I mistakenly changed a search filter from (&(uid=james)(objectclass=Staff)) to (uid=james)(objectclass=Staff)). It is complaining about the unbalanced parenthesis.
Similar Messages
-
Private Key Not Found Error in Ldaps
Hi,
I am facing "Private Key Not Found" Error in ldaps. The key and the SSL certificate is stored under the same location. The certificate is self signed certificate and in .pem format. When I am trying to install the certifcate through SUN ONE Console it throws the following error
"Either this certificate is for another server, or this certificate was not requested using this server".
can any one help me in this regard.
Regards
Senthil
Edited by: senlog80 on Dec 30, 2008 3:18 AMOr even better, check the note <a href="https://websmp110.sap-ag.de/~form/handler?_APP=01100107900000000342&_EVENT=REDIR&_NNUM=924320&_NLANG=E">924320</a>.
<b>Symptom</b>:
When you execute a query with virtual characteristics or key figures, the system issues the following error message:
Object FIELD I_S_DATA-<key figure> not found
<b>Other terms</b>
RSR00002, RSR_OLAP_BADI
<b>Reason and Prerequisites</b>
This problem is caused by a program error.
<b>Solution</b>
If the virtual characteristics or key figures are implemented using the enhancement RSR00002 (CMOD), implement the corrections.
If the virtual characteristics or key figures were created directly as implementations of the RSR_OLAP_BADI BAdI, compare the source code of the INITIALIZE method with the corresponding source code example. During the call of GET_FIELD_POSITIION_D, <L_S_SK>-VALUE_RETURNNM must be transferred instead of <L_S_SFK>-KYFNM.
Import Support Package 08 for SAP NetWeaver 2004s BI (BI Patch 08 or SAPKW70008) into your BI system. The Support Package is available when Note 0872280"SAPBINews BI 7.0 Support Package 08", which describes this Support Package in more detail, is released for customers.
In urgent cases, you can use the correction instructions.
To provide advance information, the note mentioned above may be available before the Support Package is released. In this case, the short text of the note still contains the words "Preliminary version".
Assign pts if helpful. -
We are having some issues with some user accounts, and I went into the logs to see what I could find. I am getting tons of errors in LDAP alone. Here is from the last 30 minutes. Not sure what is means exactly... Can anybody shed some light on this
Feb 8 12:00:38 server slapd[46]: SASL [conn=86077] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
Feb 8 12:00:39 server slapd[46]: <= bdbequalitycandidates: (sambaSID) index_param failed (18)\n
Feb 8 12:00:39 server slapd[46]: <= bdbequalitycandidates: (sambaSID) index_param failed (18)\n
Feb 8 12:00:56 server slapd[46]: SASL [conn=86083] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
Feb 8 12:00:57 server slapd[46]: SASL [conn=86087] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
Feb 8 12:00:58 server slapd[46]: SASL [conn=86091] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
Feb 8 12:01:01 server slapd[46]: <= bdbequalitycandidates: (uniqueMember) index_param failed (18)\n
Feb 8 12:01:01 server slapd[46]: <= bdbequalitycandidates: (uniqueMember) index_param failed (18)\n
Feb 8 12:01:01 server slapd[46]: <= bdbequalitycandidates: (uniqueMember) index_param failed (18)\n
Feb 8 12:01:01 server slapd[46]: <= bdbequalitycandidates: (uniqueMember) index_param failed (18)\n
Feb 8 12:01:01 server slapd[46]: <= bdbequalitycandidates: (uniqueMember) index_param failed (18)\n
Feb 8 12:01:01 server slapd[46]: <= bdbequalitycandidates: (uniqueMember) index_param failed (18)\n
Feb 8 12:03:48 server slapd[46]: SASL [conn=86106] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
Feb 8 12:08:18 server slapd[46]: SASL [conn=86131] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
Feb 8 12:08:19 server slapd[46]: SASL [conn=86135] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
Feb 8 12:08:19 server slapd[46]: SASL [conn=86139] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
Feb 8 12:08:20 server slapd[46]: SASL [conn=86143] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
Feb 8 12:08:32 server slapd[46]: <= bdbequalitycandidates: (apple-computers) index_param failed (18)\n
Feb 8 12:08:32 server slapd[46]: <= bdbequalitycandidates: (apple-computers) index_param failed (18)\n
Feb 8 12:08:53 server slapd[46]: SASL [conn=86150] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
Feb 8 12:08:54 server slapd[46]: SASL [conn=86154] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
Feb 8 12:08:54 server slapd[46]: SASL [conn=86156] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
Feb 8 12:11:38 server slapd[46]: SASL [conn=86175] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
Feb 8 12:11:39 server slapd[46]: SASL [conn=86179] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
Feb 8 12:13:08 server slapd[46]: connection_read(22): no connection!\n
Feb 8 12:15:32 server slapd[46]: connection_read(28): no connection!\n
Feb 8 12:23:32 server slapd[46]: SASL [conn=86249] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
Feb 8 12:23:33 server slapd[46]: SASL [conn=86253] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
Feb 8 12:23:35 server slapd[46]: SASL [conn=86257] Failure: GSSAPI Error: Miscellaneous failure (No principal in keytab matches desired name)\n
Feb 8 12:30:37 server slapd[46]: connection_read(28): no connection!\nThis article fixed my problem
http://support.apple.com/kb/TS2915 -
hi,
Our idm use HCM, so I try to use LDAP retrieved HR data. The JCo of Our idm and the ABAP RFC typed T run smoothy. When I start LDAP connector, it tells "Error starting LDAP Connector at operating system level". In ST11, it reads follow:
======> JCO.Server could not find server function 'LDAPRFC_LOAD'
ABAP Programm: SAPLSLDAP_CCMS (Transaction: LDAP)
Called function module: LDAPRFC_LOAD
I can't find the funtion LDAPRFC_LOAD.
Is there any one can tell me a good method to solve it? Thanks very much!
lilyForget to install LDAP Client at HCM OS
-
Errors in LDAP configuration with Shared Services
Dear sirs,
we are getting errors in LDAP configuration with Shared Services.
Base DN is ou=Grupos,cn=East,o=SSGH,c=br,o=Grupo East
The group cn is cn=AH
In LDAP log you can see the applications is searching the group:
"ou=Grupos,cn=East,o=SSGH,c=br,o=Grupo"
When it should be:
“ou=Grupos,cn=East,o=SSGH,c=br,o=Grupo East”
We think the problem is with space in Base DN "o=Grupo East", it is not properly considered.
Error Codes
EPMCSS-05145
Thanks in advanceHi.
Could you try to define the Base DN as :
ou=Grupos,cn=East,o=SSGH,c=br,o=Grupo\ East
I don't know if will work fine.. but you can use special characteres using with the "\"
Good luck.
Best regards! -
Create external LDAP authentification to SAP via Web Dynpro
Hi Guys,
I have a requirement where I have to create access to SAP via external LDAP authentification. It is similiar how the Enterprise Portal works, but I want to achieve it with out the portal.
The user will enter his LDAP user and password and I will check via LDAP connector to grant access to SAP.
The only Problem I have is to switch to SAP user without knowing the SAP Password. Thats why I need external authentification.
I have been told by an basis expert that I could use java to achieve this. I have also got the java coding what the Enterprise Portal uses.
Am I on the right way? Can anybody advice me.
Thanks and best regards
AliHi,
Refer this link and SAP Note
[SAP GUI for HTML|http://help.sap.com/saphelp_nw04s/helpdata/en/47/4b0902d84818c9e10000000a114a6b/frameset.htm]
SNote: 517484
Regards
Preethish -
Error updating LDAP properties: An internal error has occurred in the secLdap plugin
Post Author: kbd_vijey
CA Forum: Authentication
Hi,
We are using Environment / Tools : BusinessObjects Enterprise XI R2 ,Sun Soloris 10,Active Directory.
To Configure the LDAP, we have done from CMC - > Authentication -> LDAP.
The below steps we have followed.
1) Please enter the LDAP hosts you are using. => Here, we have entered our AD's hostname:port (Ex: 192.168.0.8:389) (Is it correct?)
2) We have passed all the required informations for all other tabs.
3) SSL - Basic(no SSL), Authentication - Basic(no SSO)
Finally its providing the error as " Error updating LDAP properties: An internal error has occurred in the secLdap plugin."
If any one have solution or faced same problem, Kindly help us to resolve it.
Thanks & Best Rgds,VijeyPost Author: TAZ
CA Forum: Authentication
There are 3 things needed to get the LDAP plugin configured.
1) Host:port
2) Base DN, usually dc=domain, dc=com
3) LDAP Administrator DN (this is not a visible attribute in AD unless you use a tool like ADSIedit or ADExplorer). You probably have to enter the Base DN instead of the username.
There are other AD specific issues when using the LDAP plugin to AD such as picking custom attributes, rules for multi domains, etc
Regards,
Tim -
Error 49: LDAP Invalid credential Supplied when installing Identity Server
I am installing oracle Acess manager with Active directory for windows server 2003. While installing
the identity server we facing the issue with
Error 49: LDAP Invalid credential supplied. Please see the attached screen shot for more details.At which stage are getting this error?
If you are getting this error after specifying LDAP Directory details during identity server install, make sure that your username/password for AD are correct.
if your domain name = example.com
and the user you are using is under cn=users in AD use:
1. cn=your_username,cn=users,dc=example,dc=com
and your password
2. if this doesn't work, try:
[email protected]
and your password. -
LDAP authentification with R/3
hi!
after a long long search I could not found out how to implement LDAP authentification for SAP R/3. To be honest I'm not an expert in R/3 basic, for Web AS / EP i would know how to do it
Due to several network&security reasons we don't like to use the single-sign or the ldap syncronization functionality.
The only thing we would use ldap for is to just authentificate the user. Unfortunately, our LDAP-users are not the same than the SAP-users (8 chars in sap, longer in ldap). What the system should do is:
- ask for username (sap 8-char) and password (ldap)
- map sap-username and ldap-username (e.g. by the sap-aliasname or external username in USR15)
- connect to the ldap-directory, find out whether user/pass is correct
- if correct, log the sap-user in
- that's all
Any Ideas?
Thanks,
MarkusHi,
It can be done. It all depends a bit on what kind of platforms you want to use it.
We're currently in the middle of introducing a shibolet CUA for all our systems, SAP or non SAP. That means that one needs to authenticate to a central server and via SSO, you will have access to the applications.
For SAP, that'll mean that we no longer will login via a SAP Gui, but via the EP that authenticates against this CUA. Once logged in, one can launch a SAP Gui script that allows you to work on the SAP R/3 server.
Have also a look at http://shib.kuleuven.be/
Alternatively, you can set up an UME. See http://help.sap.com/saphelp_nw2004s/helpdata/en/cc/cdd93f130f9115e10000000a155106/frameset.htm for this.
Eddy
PS.
Put yourself on the SDN world map (http://sdn.idizaai.be/sdn_world/sdn_world.html) and earn 25 points.
Spread the wor(l)d! -
EN4093R LDAP authentification and authorization
Hi,i want to configure ldap authentification and authorization. Can anyone help me to configure this. In my test environment – I want to give our Domain Admins access to our switches. I found only basic configuration in the user manual but I got now information to configure groups. Could I configure two or more groups to access the switch?
What thype of ldap server are you using? Microsoft Windows 2012 or 2008. I got a problem with 2012 not give the groups back with some users.
Same problem as
https://supportforums.cisco.com/message/3866327#3866327
debug ldap 255
shows correct value with one user that is workin:
[196] Authentication successful for Administrator to 192.168.20.80
[196] Retrieved User Attributes:
[196] objectClass: value = top
[196] objectClass: value = person
[196] objectClass: value = organizationalPerson
[196] objectClass: value = user
[196] cn: value = Administrator
[196] description: value = Vordefiniertes Konto f..r die Verwaltung des Computers bzw. der Dom..ne
[196] distinguishedName: value = CN=Administrator,CN=Users,DC=xxxx,DC=local
[196] instanceType: value = 4
[196] whenCreated: value = 20081201134058.0Z
[196] whenChanged: value = 20131126141559.0Z
[196] displayName: value = Administrator
[196] uSNCreated: value = 12298
[196] memberOf: value = CN=G_SSLVPN,OU=Service,OU=Groups,OU=XXXXX,DC=XXXX,DC=local
[196] mapped to Group-Policy: value = ssl_admin
[196] mapped to LDAP-Class: value = ssl_admin
One user that is not working:
no entries with memberOf in debug
[190] Authentication successful for sdag to 192.168.20.80
[190] Retrieved User Attributes:
[190] objectClass: value = top
[190] objectClass: value = person
[190] objectClass: value = organizationalPerson
[190] objectClass: value = user
[190] cn: value = sdag
[190] distinguishedName: value = CN=sdag,OU=Lieferanten,OU=Users,OU=xxxx,DC=xxxxxx,DC=local
[190] displayName: value = sdag
[190] homeMTA: value = CN=Microsoft MTA,CN=SRVSBS01,CN=Servers,CN=erste administrative gruppe,CN=Admini
[190] proxyAddresses: value = smtp:sdag@xxxx
[190] proxyAddresses: value = SMTP:sdag@xxxxx -
Java LDAP Authentification - problem!!!
I found application in .NET (C#), and it's work perfectly! (http://www.codeproject.com/KB/system/arbauthentication.aspx)
I want do this logic in my java web application. All users in our domain in first leg must be log-in in web application!
And it - authetification must be over Active Directory (AD). Help me please.
Hashtable authEnv = new Hashtable();
String userName = "";
String passWord = "";
InputStreamReader converter = new InputStreamReader(System.in);
BufferedReader in = new BufferedReader(converter);
System.out.println("Input your username:");
userName = in.readLine();
System.out.println("Input your password:");
passWord = in.readLine();
base = userName + "@" + "xxxyyyzzz.com";
String ldapURL = "ldap://192.168.0.99:389/";
authEnv.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
authEnv.put(Context.PROVIDER_URL, ldapURL);
authEnv.put(Context.SECURITY_AUTHENTICATION, "simple");
authEnv.put(Context.SECURITY_PRINCIPAL, base);
authEnv.put(Context.SECURITY_CREDENTIALS, passWord);
try {
DirContext authContext = new InitialDirContext(authEnv);
System.out.println("Authentication Success!");
catch (AuthenticationException authEx)
System.out.println("Authentication failed!");
catch (NamingException namEx) {
System.out.println("Something went wrong!");
namEx.printStackTrace();
}This code is not working when truely input username & password. Exception!
javax.naming.AuthenticationException:
[LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece]
And when input truely username, but password is a blank (password="") it's work...
Authentication Success!
may be this is anonymous authentification.If you would have searched through the forum you would have discovered that the Active Directory error code 525 means username not found.
And you may also have discovered that a null password implies an anonymous logon.
Either the user has mistyped their username, or you have made an incorrect assumption when constructing the userPrincipalName and appending the upn suffix "xxxyyyzzz.com". -
Error in LDAP Authentication for Sun One App Server 8..pls help
I need to authenticate my sun java system application server 8 with openldap server.....
i have added ldap realm as given in the administrators guide http://docs.sun.com/source/817-6088/security.html
My settings in the sun app server were like this:
Realm: ldap
Class Name: com.sun.enterprise.security.auth.realm.ldap.LDAPRealm
directory ldap://10.1.1.79:389
base-dn o=stooges
jaas-context ldapRealm
search-bind-dn cn=StoogeAdmin,o=stooges
search-bind-password secret1
My openldap schema is as follows
file : /etc/openldap/slapd.conf
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
database ldbm
suffix "o=stooges"
rootdn "cn=StoogeAdmin,o=stooges"
rootpw secret1
directory /var/lib/ldap/stooges
defaultaccess read
schemacheck off
lastmod on
index cn,sn,st pres,eq,sub
index uid,userPassword eq
file : /var/lib/ldap/stooges/stooges.ldif
dn: o=stooges
objectClass: top
objectClass: organization
o: stooges
description: The Three Stooges
dn: cn=StoogeAdmin,o=stooges
objectClass: organizationalRole
cn: StoogeAdmin
description: LDAP Directory Administrator
dn: ou=MemberGroupA,o=stooges
ou: MemberGroupA
objectClass: top
objectClass: organizationalUnit
description: Members of MemberGroupA
dn: ou=MemberGroupB,o=stooges
ou: MemberGroupB
objectClass: top
objectClass: organizationalUnit
description: Members of MemberGroupB
dn: uid=vikram,ou=MemberGroupA,o=stooges
uid:vikram
givenName:vicky
objectClass:top
objectClass:person
objectClass:organizationalPerson
objectClass:inetorgperson
sn:kone
cn:Kone Vikram
userPassword:glamsham
When i start ldap server and sun server,
the login page for sun server asks for username and password ....
when i give
username : vikram
password : glamsham
Error page comes.....
HTTP Status 403 - Access to the requested resource has been denied
type Status report
message Access to the requested resource has been denied
description Access to the specified resource (Access to the requested resource has been denied) has been forbidden.
Sun-Java-System/Application-Server-PE-8.0
Subsequent attempts to login gives another error page
HTTP Status 500 -
type Exception report
message
description The server encountered an internal error () that prevented it from fulfilling this request.
exception
com.sun.enterprise.tools.guiframework.exception.FrameworkException: Unabled to handle pre-compiled JSP '/jsp/j_security_check'. Expected pre-compiled classname: 'org.apache.jsp.jsp.j_005fsecurity_005fcheck'.
com.sun.enterprise.tools.admingui.servlet.HandlePrecompiledJsp.doPost(HandlePrecompiledJsp.java:59)
javax.servlet.http.HttpServlet.service(HttpServlet.java:768)
javax.servlet.http.HttpServlet.service(HttpServlet.java:861)
sun.reflect.GeneratedMethodAccessor55.invoke(Unknown Source)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:324)
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:289)
java.security.AccessController.doPrivileged(Native Method)
javax.security.auth.Subject.doAsPrivileged(Subject.java:500)
org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:311)
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:205)
note The full stack trace of the root cause is available in the Sun-Java-System/Application-Server-PE-8.0 logs.
Sun-Java-System/Application-Server-PE-8.0
So pls... help as to how to go about this..
P.S. My ldap server runs as "ldap" user not as rootTry with "vikram" as a member of "cn=asadmin" group in your LDAP directory...
-
LDAP error 53002 (LDAP search failre operations error)
Good day all,
When implementing LDAP authentication, I've received this error while configuring LDAP authentication. Here's how it happens:
A) I created LDAP servers in security settings - they test successfully with the settings that I put in ("LDAP server connected successfully")
B) Then I created a variable USER (with blank default initialization and LDAP variable user - (which I created in advanced LDAP server's settings) and Initialization Block - Authentication - after that I wasn't able to successfully test it - I would get the 53002 error.
C) If I check "Use bind parameters" box - I get 53002 error with "Bad Search Filter" message
Can anyone please advice me on which steps i could take to troubleshoot?
Thank youAre you using OID or MSAD? If OID, check my blog entries here
http://oraclebizint.wordpress.com/2007/10/10/oracle-bi-ee-101332-using-ldapoid-authentication/
http://oraclebizint.wordpress.com/2007/10/12/oracle-bi-ee-101332-and-oid-user-and-group-phase-2/
I think your variable for the LDAP user is not correct.
Thanks,
Venkat
http://oraclebizint.wordpress.com -
SLD error after LDAP integration
Hello All,
I integrated Corporate LDAP with EP 7.0 ,after that I have SLD error when I click on the ESS tab which says:
Caused by: com.sap.tc.webdynpro.services.exceptions.WDRuntimeException: Failed to resolve JCO destination name 'SAP_R3_SelfServiceGenerics' in the SLD. No such JCO destination is defined in the SLD.
When I go to content Admin->Webdynpro ,the SLD service is stopped and the 'Maintain Jco's' tab is greyed out.
This keeps on happening regularly.
When I go to the SLD log it says 'Server certificate rejected by ChainVerfier' ,I wonder if we need to implement SSL when we have the turned LDAP on.
Any help would be really appreciated
ThanksHi Subhash,
I think u didnt configure your SLD properly.
open this link
Configuring SLD in Sneak Preview SAP NetWeaver '04 Sneak
which gives the porcedure to configure SLD
for JCO destinations
http://help.sap.com/saphelp_nw04/helpdata/en/77/931440a1c32402e10000000a1550b0/frameset.htm
Administration manual->server administration->Administration/Configuration of Web Dynpro Runtime Environment ->Web Dynpro Content Administrator
rgds
srinivas -
Hi Expert,
I have set up my user in LDAP today. Earlier it was in UME database, because of Two ID, I have deleted UME database .
Now I am getting error like
An unexpected error occurred while retrieving user mapping data for system "WebEx".
Someone can help me to resolve this error?
Thanks,
KundanHi,
the change of UME datasource went fine? Everything is working? Logon, logoff, user <-> group <-> roles?
Where do you get the error? Did you configure user mapping for your users before changing the datasource to LDAP? Have you tried to recreate the user mapping for the WebEX system?
br,
Tobias
Maybe you are looking for
-
How do I delete an app store app from my computer?
I downloaded a useless app from the app store and I want to delete from my computer. Is there a way to do this? Thanks, Lou
-
Satellite A300-1N9 - Where can I download Windows 7 drivers and tools?
Welcome At the outset I want to thank you for any help or steer me to an idea about the drivers for this model, for a moment I will describe what exactly it. I bought this laptop with Vista I got him a CD with the system and on this record were alrea
-
Hello, We are doing a 2-way version control sync between TFS 2013 servers. TFS A - Project A is getting synched with TFS B - Project A. TFS A - Project A has got all the code and files, whereas TFS B - Project A is empty. Previously we have synced T
-
Is this a bug? create view lost a comma and succeeded
Is this a bug? create view lost a comma and succeeded. oracle 10.2.0.1.0 try the following sql. create table test id int, dataa varchar2(20), datab varchar2(20) insert into test values(1,'a1','a2'); insert into test values(2,'b1','b2'); insert into t
-
Dynamically Change Company Logo
I want to create one form used by both of our companies. When the user selects their location, the cooresponding company logo displays at the top of the form including all new pages generated. I was able to get this working with JavaScript but ran in