IDispatch error #19876 - LDAP Authentication Source - User Unique Name Attribute
Hi,
we have troubles with the User Unique Name Attribute:
As 'cn' and 'dn' may change we want to use the EmployeeID ('workforceID') as unique identifier for our user synchronisation. This attribute exists and is also imported in the profile service. But when we add 'workforceID' to the 'User Unique Name Attribute' in the LDAP Settings of the Remote Authentication Source (LDAP AWS) the job fails and throws the error at the end of this message in the history log.
When we remove 'workforceID' everything works fine. If we set the user unique name attribute to 'cn' or 'dn' everything works fine, too. If we enter not existing names the same error is thrown. It seems like 'workforceID' could not be read/found? What are we doing wrong? Thanks in advance.
1/17/06 12:37:01- (34432) CPTSyncAgent::ProcessUsers: Call to retrieve the users on this auth source failed. Please check that the authentication source server is online.
*** COM exception was: IDispatch error #19876 (0x80044fa4): [SOAP fault: faultcode='ns1:Server.userException' faultstring='java.rmi.RemoteException: Unknown error occured in internalGetUsers null
com.plumtree.remote.ServiceException: Unknown error occured in internalGetUsers nullat com.plumtree.ldap.aws.LDAPSyncProvider.internalGetUsers(LDAPSyncProvider.java:671)at com.plumtree.ldap.aws.LDAPSyncProvider.getUsers(LDAPSyncProvider.java:504)at com.plumtree.remote.auth.NativeSyncProvider.GetUsers(Unknown Source)at com.plumtree.remote.auth.xp.XPSyncProvider.GetUsers(Unknown Source)at com.plumtree.remote.auth.soap.SyncProviderSoapBindingImpl.GetUsers(Unknown Source)at com.plumtree.remote.auth.soap.SyncProviderSoapBindingSkeleton.GetUsers(Unknown Source)at sun.reflect.GeneratedMethodAccessor1024.invoke(Unknown Source)at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)at java.lang.reflect.Method.invoke(Method.java:324)at org.apache.axis.providers.java.RPCProvider.invokeMethod(RPCProvider.java:372)at org.apache.axis.providers.java.RPCProvider.processMessage(RPCProvider.java:292)at org.apache.axis.providers.java.JavaProvider.invoke(JavaProvider.java:276)at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:71)at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:156)at org.apache.axis.SimpleChain.invoke(SimpleChain.java:126)at org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:437)at org.apache.axis.server.AxisServer.invoke(AxisServer.java:316)at org.apache.axis.transport.http.AxisServlet.doPost(AxisServlet.java:701)at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)at org.apache.axis.transport.http.AxisServletBase.service(AxisServletBase.java:335)at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247)at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:256)at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2422)at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180)at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:171)at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:163)at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:174)at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:199)at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:833)at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:711)at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:584)at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:687)at java.lang.Thread.run(Thread.java:536)']
1/17/06 12:37:01- (34432) *** Job Operation #1 failed: ProcessUsers failed (0x4)
That's the correct place to look for the version.
My guess at what is happening is that some of users do not have the 'workforceID' attribute and that is causing the AWS to fail when it gets to them. Unfortunately there is not great error logging around this in the 2.0 version of the LDAP AWS. In order to find out if this is indeed the case, and to see what user does not have this attribute, do a trial run with workforceID as the User Login Attribute. This case is caught and reported better.
Similar Messages
-
LDAP Profile Source - "Remote Unique Name" oddity
We have an Active Directory that I've set up to use as an Authentication Source, and it also retrieves a few properties from there - not a problem.
We also have an LDAP directory which contains other attributes of users that I need to retrieve.
I set everything up as I thought it should be, however it's querying the LDAP server with the wrong parameters!
An example user I have is IUSER\803244205. ALUI is showing the Login Name as "IUSER\803244205", the Remote Unique Name as "137eb349-7579-4b15-9a68-b1bff296d933" and the Remote Authentication Name as "803244205@IUSER".
When I look at the LDAP job, the error log is showing that it's trying to sync using the Remote Unique Name -
Unable to attach to user 137eb349-7579-4b15-9a68-b1bff296d933, user not found
My LDAP directory only holds (and is keyed on) the numeric portion of the login name (known as EIN to us) - 803244205. I have got this EIN as a property of the user (a seperate Property that I have mapped to the User object), which is held as a seperate attribute on the Active Directory.
So how do I tell the sync job to use the EIN (which happens to be the "User Name Attribute" on the Authentication Source - samAccountName), rather than trying to use the "Remote Unique Name", which it appears to have generated for itself!
CheersArrgh! Just found the option for myself, seconds after posting this! Cheers anyway.
-
Error! No data source found with name 'mynewdsname' (after asking 0 providers)
Hi all,
I am trying out the instructions given below.
http://dev.day.com/docs/en/cq/current/developing/jdbc.html
I followed them exactly but removed <cq:include script="head.jsp"/> line from the jsp since I do not have a head.jsp.
my config node settings are as follows.
But when I go to the page, I get below error message.
error! No data source found with name 'mynewdsname' (after asking 0 providers)
DB is up and running. I could not find any issue with it. Code is as follows.
<%DataSourcePool dspService = sling.getService(DataSourcePool.class);
try {
DataSource ds = (DataSource) dspService.getDataSource("mynewdsname");
%>
Any help will be great. TXDocument is outdated & for now could you please follow http://dev.day.com/content/kb/home/cq5/Development/HowToConfigureSlingDatasource.html
-
LDAP Authentication Failed :user is not a member in any of the mapped group
Hi,
I tried to set up the LDAP Authentication but I failed.
LDAP Server Configuration Summary seems to be well filled.
I managed to add a Mapped LDAP member Group: This group appears correctly in the Group list.
But itu2019s impossible to create a User. Although this user is a member of the mapped group (checked with LDAP Brower) , an error message is displayed when I tried to create it (There was an error while writing data back to the server: Creation of the user User cannot complete because the user is not a member in any of the mapped groups)
LDAP Hosts: ldapserverip:389
LDAP Server Type: Custom
Base LDAP Distinguished Name: dc=vds,dc=enterprise
LDAP Server Administration Distinguished Name: CN=myAdminUser,OU=System Accounts,OU=ZZ Group Global,ou=domain1,dc=vds,dc=enterprise
LDAP Referral Distinguished Name:
Maximum Referral Hops: 0
SSL Type: Basic (no SSL)
Single Sign On Type: None
CMS Log :
trace message: LDAP: No such attribute: supportedControl, assuming no ranging support.
trace message: LDAP: LdapQueryForEntries: QUERY base: dc=vds, dc=enterprise, scope: 2, filter: (samaccountname=KR50162), attribute: dn objectclass
trace message: LDAP: LdapQueryForEntries: QUERY result: 0 took 2453 ms
trace message: LDAP: LdapQueryForEntries() QUERY number of entries returned: 1
trace message: GetParents from plugin for cn=huh\,chen, ou=accounts, ou=users, ou=domain1, dc=vds, dc=enterprise.
trace message: LDAP: De-activating query cache
trace message: LDAP: LdapQueryForEntries: QUERY base: , scope: 0, filter: (objectClass=*), attribute: supportedControl
trace message: LDAP: LdapQueryForEntries: QUERY result: 0 took 0 ms
trace message: LDAP: LdapQueryForEntries() QUERY number of entries returned: 0
trace message: LDAP: query for DSE root returned 89
trace message: LdapQueryForEntries: incr. retries to 1
trace message: LDAP: Updating the graph
trace message: LDAP: Starting Graph Update...
trace message: LDAP: LdapQueryForEntries: QUERY base: , scope: 0, filter: (objectClass=*), attribute: supportedControl
trace message: LDAP: LdapQueryForEntries: QUERY result: 0 took 0 ms
trace message: LDAP: LdapQueryForEntries() QUERY number of entries returned: 0
trace message: LDAP: query for DSE root returned 89
trace message: LdapQueryForEntries: incr. retries to 1
trace message: LDAP: LdapQueryForEntries: QUERY base: , scope: 0, filter: (objectClass=*), attribute: supportedControl
trace message: LDAP: LdapQueryForEntries: QUERY result: 0 took 0 ms
trace message: LDAP: LdapQueryForEntries() QUERY number of entries returned: 1
assert failure: (.\ldap_wrapper.cpp:3066). (pSetAttributes : no message).
trace message: LDAP: No such attribute: supportedControl, assuming no ranging support.
trace message: LDAP: LdapQueryForEntries: QUERY base: dc=enterprise, scope: 2, filter: (&(cn=gp-asia)(objectclass=group)(member=cn=huh
, chen, ou=accounts, ou=users, ou=domain1, dc=vds, dc=enterprise)), attribute: objectclass
trace message: LDAP: LdapQueryForEntries: QUERY base: , scope: 0, filter: (objectClass=*), attribute: supportedControl
trace message: LDAP: LdapQueryForEntries: QUERY result: 0 took 0 ms
trace message: LDAP: LdapQueryForEntries() QUERY number of entries returned: 1
assert failure: (.\ldap_wrapper.cpp:3066). (pSetAttributes : no message).
trace message: LDAP: No such attribute: supportedControl, assuming no ranging support.
trace message: LDAP: LdapQueryForEntries: QUERY base: dc=enterprise, scope: 2, filter: (cn=gp-asia), attribute: member objectclass samaccountname cn
trace message: LDAP: LdapQueryForEntries: QUERY result: 0 took 3109 ms
trace message: LDAP: LdapQueryForEntries() QUERY number of entries returned: 0
trace message: LDAP: query for DSE root returned 0
trace message: Failed to commit user 'KR50162'. Reason: user is not a member in any of the mapped groups.
trace message: [UID=0;USID=0;ID=79243] Update object in database failed
trace message: Commit failed.+
Can you please help?
JoffreyPlease do this after you verify all permission settings for all the groups the account is associated with. Also, make sure you check the NTFS folder permissions before doing this as well.
Since the same result happens on multiple computers, it is not the profile.
I am recommending you delete the AD account (or rename to backup the account).
It will not effect the users Exchange account, but you will need to link it back to the new AD user account.
You can also delete her profile just to remove it, for the "just in case" scenario.
Don't forget to mark the post that solved your issue as "Answered." By marking the Answer you are enabling users with similar issues to find what helped you. Lewis Renwick - IT Professional -
CUP 5.3 SP8 - Authentication Source/User Details Source question
Hello,
Here is another issue I'm noticing with CUP.
Currently we have it configured as such:
Authentication Source: LDAP
Search Data Sourec: SAPHR
User Details Data Source: SAPHR
When a Requestor logs in to create a request for themself, Requestor Username and Email are correctly populated under the Requestor section of the request screen. This Username and Email match identically from SAPHR; and it should, as that is what we have defined as our User Data Source
When a Requestor logs in to create a request for another user, Requestor Username and Email are populated differently under the Requestor section of the request screen; this information in this case appears to be coming from LDAP. This does not seem correct to me. LDAP is only defined as the Authentication Source, not the User Data Source.
1) Why would the Requestor section populate differently when creating a request for yourself vs. another user?
2) Is this a bug in CUP?
3) Has anyone else noticed this or found a fix?
Thanks!!
JesWe are on the same SP level and are configured similarly but don't see this issue.
Data Source - LDAP
Search - SAP
Datasource - Multiple (SAPHR, SAP(BI), LDAP, SAP(SRM))
Also, our LDAP does not carry the email address (yet).
When I create a new request for someone else, all the information is filled in correctly from our SAPHR system, if they are in HR, or from our BI system if they are not in HR but are in BI. However, since we don't carry e-mail address in our LDAP system yet, the requestor e-mail field is left blank and I have to manually fill it in. (We do plan on changing this).
Hope this helps,
Peggy -
Error while creating Data Source for master data attributes
Hi BI Experts,
Well its been some time for me that I have been part of Extraction in BI.I primarily handled reporting in my last assignments.
I was trying extraction with flat files in SAP BI 7(new to sap bi 7 but very much familiar with BW3.5) but failed in the activity during master data attributes and text upload in infoobject (say IOSP_Mat).
Here is the procedure that I did after creation of characteristic IOSP_Mat.I created a source system for flat file followed by data source for Master data attributes, i selected all the parameters correctly.i.e. csv file format, data seperator as ,
and other settings, now when i am trying to look at the proposed data in the next tab using Load example data.its not showing the desired result.The columns that I have maintained in Flat File is MAT_NUMBER and MAT_NAME (with say 100 data in the file)
same is the result when I am trying to load the text data too columns maintained are
(LANGUAGE MAT_NUMBER Short Description)(same 100 data).
now i used to rsa1old transaction to upload the file using 3.5 version.i created info source for master data/text/hierarchies for IOSP_Mat
now when trying to upload it using info package for master and text data,I observe its(the data) not maintained in the characteristic IOSP_Mat.
When I monitored ,I figured the data has not been even uploaded to the PSA level.
Can you BI experts tell me the answer for this.
Thanks,
Srijithapologies to all of you for late response,
was busy with some other activities.
I don't remember the exact message,but I remember it was not loaded to even the PSA level.I will try it again and post the exact message.
Thanks again for your quick response.
Once again sorry to all of you for my late response
Thanks,
Sri -
Here's the complete message:
"The path \C\Users\(my name)\AppData\Local\Apple\Apple Software Update\iTunes64msi.' cannot be found. Verify that you have access to this location and try again, or try to find the installation package 'iTunes64.msi' in a folder in which you can uninstall the product from iTunes."
So I'm stuck in this loop in which I can't download an update, can't remove iTunes to reinstall, and can't use iTunes currently as it shuts down at the drop of a hat. Am I hopeless or is there a fix I can find?See Troubleshooting issues with iTunes for Windows updates. Use the same advice as in note 1 but for iTunes. Try the MS fixit, or leave it in place and go to the next step.
tt2 -
Error in LDAP Authentication for Sun One App Server 8..pls help
I need to authenticate my sun java system application server 8 with openldap server.....
i have added ldap realm as given in the administrators guide http://docs.sun.com/source/817-6088/security.html
My settings in the sun app server were like this:
Realm: ldap
Class Name: com.sun.enterprise.security.auth.realm.ldap.LDAPRealm
directory ldap://10.1.1.79:389
base-dn o=stooges
jaas-context ldapRealm
search-bind-dn cn=StoogeAdmin,o=stooges
search-bind-password secret1
My openldap schema is as follows
file : /etc/openldap/slapd.conf
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
database ldbm
suffix "o=stooges"
rootdn "cn=StoogeAdmin,o=stooges"
rootpw secret1
directory /var/lib/ldap/stooges
defaultaccess read
schemacheck off
lastmod on
index cn,sn,st pres,eq,sub
index uid,userPassword eq
file : /var/lib/ldap/stooges/stooges.ldif
dn: o=stooges
objectClass: top
objectClass: organization
o: stooges
description: The Three Stooges
dn: cn=StoogeAdmin,o=stooges
objectClass: organizationalRole
cn: StoogeAdmin
description: LDAP Directory Administrator
dn: ou=MemberGroupA,o=stooges
ou: MemberGroupA
objectClass: top
objectClass: organizationalUnit
description: Members of MemberGroupA
dn: ou=MemberGroupB,o=stooges
ou: MemberGroupB
objectClass: top
objectClass: organizationalUnit
description: Members of MemberGroupB
dn: uid=vikram,ou=MemberGroupA,o=stooges
uid:vikram
givenName:vicky
objectClass:top
objectClass:person
objectClass:organizationalPerson
objectClass:inetorgperson
sn:kone
cn:Kone Vikram
userPassword:glamsham
When i start ldap server and sun server,
the login page for sun server asks for username and password ....
when i give
username : vikram
password : glamsham
Error page comes.....
HTTP Status 403 - Access to the requested resource has been denied
type Status report
message Access to the requested resource has been denied
description Access to the specified resource (Access to the requested resource has been denied) has been forbidden.
Sun-Java-System/Application-Server-PE-8.0
Subsequent attempts to login gives another error page
HTTP Status 500 -
type Exception report
message
description The server encountered an internal error () that prevented it from fulfilling this request.
exception
com.sun.enterprise.tools.guiframework.exception.FrameworkException: Unabled to handle pre-compiled JSP '/jsp/j_security_check'. Expected pre-compiled classname: 'org.apache.jsp.jsp.j_005fsecurity_005fcheck'.
com.sun.enterprise.tools.admingui.servlet.HandlePrecompiledJsp.doPost(HandlePrecompiledJsp.java:59)
javax.servlet.http.HttpServlet.service(HttpServlet.java:768)
javax.servlet.http.HttpServlet.service(HttpServlet.java:861)
sun.reflect.GeneratedMethodAccessor55.invoke(Unknown Source)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:324)
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:289)
java.security.AccessController.doPrivileged(Native Method)
javax.security.auth.Subject.doAsPrivileged(Subject.java:500)
org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:311)
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:205)
note The full stack trace of the root cause is available in the Sun-Java-System/Application-Server-PE-8.0 logs.
Sun-Java-System/Application-Server-PE-8.0
So pls... help as to how to go about this..
P.S. My ldap server runs as "ldap" user not as rootTry with "vikram" as a member of "cn=asadmin" group in your LDAP directory...
-
Problem with LDAP authentication for users in a group
I've gone through several forums attempting to find a solution, but I still can't get authentication to work for users in a particular group within AD. Our ASA is running 9.1(2), and the domain controller is a Windows Server 2012 R2.
I can configure the VPN connection, so that all users can authenticate just fine; however, when I setup the group, there appears to be success, but I'm reprompted to authenticate, and it eventually fails:
[6707] memberOf: value = CN=VPN Access,OU=COMPANY Groups,DC=COMPANY,DC=com
[6707] mapped to IETF-Radius-Class: value = GroupPolicy_COMPANY_SSL_VPN
[6707] mapped to LDAP-Class: value = GroupPolicy_COMPANY_SSL_VPN
[6707] msNPAllowDialin: value = TRUE
I'd be grateful if anyone can point me into the right direction and show me what I'm doing wrong. Thank you.
ldap attribute-map AuthUsers
map-name memberOf IETF-Radius-Class
map-value memberOf "CN=VPN Access,OU=COMPANY Groups,DC=COMPANY,DC=com" GroupPolicy_COMPANY_SSL_VPN
aaa-server LDAP protocol ldap
aaa-server LDAP (COMPANY_PROD_INTERNAL) host 10.10.100.110
ldap-base-dn DC=COMPANY,DC=com
ldap-scope subtree
ldap-naming-attribute sAMAccountName
ldap-login-password *****
ldap-login-dn CN=LDAPAuth,CN=Users,DC=COMPANY,DC=com
server-type microsoft
ldap-attribute-map AuthUsers
group-policy NOACCESS internal
group-policy NOACCESS attributes
vpn-simultaneous-logins 0
vpn-tunnel-protocol ikev1 ssl-client ssl-clientless
webvpn
anyconnect ask none default anyconnect
group-policy GroupPolicy_COMPANY_SSL_VPN internal
group-policy GroupPolicy_COMPANY_SSL_VPN attributes
wins-server none
dns-server value 10.10.100.102
vpn-tunnel-protocol ikev1 ikev2 ssl-client
split-tunnel-policy tunnelspecified
split-tunnel-network-list value SPLIT-TUNNEL
default-domain value net.COMPANY.com
webvpn
anyconnect profiles value COMPANY_SSL_VPN_client_profile type user
tunnel-group COMPANY_SSL_VPN type remote-access
tunnel-group COMPANY_SSL_VPN general-attributes
address-pool COMPANY-SSL-VPN-POOL
authentication-server-group LDAP
authorization-server-group LDAP
authorization-server-group (COMPANY_PROD_INTERNAL) LDAP
default-group-policy NOACCESS
authorization-required
tunnel-group COMPANY_SSL_VPN webvpn-attributes
group-alias COMPANY_SSL_VPN enable
tunnel-group COMPANY_SSL_VPN ipsec-attributes
ikev1 pre-shared-key *****I just figured it out. Under "group-policy GroupPolicy_COMPANY_SSL_VPN attributes", I had to add "vpn-simultaneous-logins 15". Apparently, it was using the value "vpn-simultaneous-logins 0" under the NOACCESS group policy.
-
G6: Consolidating Multiple Authentication Sources
Hello everyone!
When our development environment was setup an Authentication Source was created to go against 1 of the 4 containers in our Active Directory. The containers correspond to different regions of our organization (North, South, East West). At the time we just wanted to test the North people so we set the OU to that container.
This past week I wanted to expand our user base to include the 3 other containers. Unsure of the exact procedure to do this, I copied the original AuthSource and created 3 new ones. The users were successfully pulled in, however at the login screen there are now 5 authentication sources (Plumtree Users, North, South, East, West). I realize now that a mistaken was made from the start in pulling from a container rather than the root, or in my second step of creating new sources rather than manipulating the original. (chalk it up to a learning curve!)
The Authentication Sources are tied directly to the users that they have loaded and can't be deleted unless the associated users/groups are "removed".
Would I be correct in assuming that the only way to consolidate our login Authentication Sources would be to delete all of our users followed by all of the Auth Sources and then create a single source to query the root? Is there any way to change the users Auth Source?
Are there was any other "best practices" or pitfalls that I should be aware of? Especially things that can't be modified after the initial import as in this case?
Thanks for any help,
Geoff
Geoff Garcia
Producer, Enterprise Portal
March of Dimes National Office
1275 Mamaroneck Ave.
White Plains, NY 10605
914 997.4275 (Office)
908 531.6364 (Cell)
[email protected]
Improving the health of babies by preventing birth defects, premature birth, and infant mortalityI would do this:
Delete the "new" (South, West, East) users, groups, then delete the corresponding authentication sources
Modify the "original" (North) authentication source's User Query Base (and Query Filter if necessary) Rename the authentication source if you like. Do not change the User Unique Name attribute.
Sync the original authentication souce. This should just add the users from the modifed root, and assuming that the original users are still included in the modified base and query, they should just stay right there. -
LDAP authenticator setting in Weblogic 10
Hi there,
I am a newbie to weblogic. I am migrating an application from OAS to Weblogic 10. The application is using LDAP for login. I am havng a trouble to set up those users in weblogic console.
Here is what I did:
in web.xml:
<security-constraint>
<display-name>Example Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<url-pattern>*</url-pattern>
<http-method>*</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>UserRole</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>RegularUser</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/loginerror.jsp</form-error-page>
</form-login-config>
</login-config>
<role-name>UserRole</role-name>
</security-role>
In Weblogic.xml
<?xml version="1.0" encoding="windows-1252"?>
<weblogic-web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.bea.com/ns/weblogic/weblogic-web-app http://www.bea.com/ns/weblogic/weblogic-web-app/1.0/weblogic-web-app.xsd" xmlns="http://www.bea.com/ns/weblogic/weblogic-web-app">
<security-role-assignment>
<role-name>UserRole</role-name>
<externally-defined/>
</security-role-assignment>
</weblogic-web-app>
In Weblogic console, I created a new realm called RegularUser and setup LDAP authenticator. User Base DN is ou=axxx,dc=bxxx,dc=cxx. I can see those users already in the user list.
Did I miss any step?
ThanksThanks, Faisal.
Here is my config.xml. Do I need to select Custom Roles at the time of deployment? I manually deployed the application in console.
<?xml version='1.0' encoding='UTF-8'?>
<domain xmlns="http://xmlns.oracle.com/weblogic/domain" xmlns:sec="http://xmlns.oracle.com/weblogic/security" xmlns:wls="http://xmlns.oracle.com/weblogic/security/wls" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.oracle.com/weblogic/security/xacml http://xmlns.oracle.com/weblogic/security/xacml/1.0/xacml.xsd http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator/1.0/passwordvalidator.xsd http://xmlns.oracle.com/weblogic/domain http://xmlns.oracle.com/weblogic/1.0/domain.xsd http://xmlns.oracle.com/weblogic/security http://xmlns.oracle.com/weblogic/1.0/security.xsd http://xmlns.oracle.com/weblogic/security/wls http://xmlns.oracle.com/weblogic/security/wls/1.0/wls.xsd">
<name>myTestDomain</name>
<domain-version>10.3.3.0</domain-version>
<security-configuration>
<name>myTestDomain</name>
<realm>
<sec:authentication-provider xsi:type="wls:default-authenticatorType"></sec:authentication-provider>
<sec:authentication-provider xsi:type="wls:default-identity-asserterType">
<sec:active-type>AuthenticatedUser</sec:active-type>
</sec:authentication-provider>
<sec:authentication-provider xsi:type="wls:ldap-authenticatorType">
<sec:name>RegularUsers</sec:name>
<sec:control-flag>OPTIONAL</sec:control-flag>
<wls:host>holdap1.abc.org</wls:host>
<wls:user-object-class>user</wls:user-object-class>
<wls:user-name-attribute>sAMAccountName</wls:user-name-attribute>
<wls:principal>ldapviewsd</wls:principal>
<wls:user-base-dn>ou=a,dc=b,dc=c</wls:user-base-dn>
<wls:credential-encrypted>{AES}5dVfr76v1nSUvb8iMBO5e1WxZG5BA/M3MWZvNxDVMO4=</wls:credential-encrypted>
<wls:user-from-name-filter>(&(sAMAccountName=%u)(objectclass=user))</wls:user-from-name-filter>
<wls:group-base-dn>ou=a,dc=b,dc=c</wls:group-base-dn>
<wls:group-from-name-filter>(&(cn=%g)(objectclass=group))</wls:group-from-name-filter>
<wls:static-group-object-class>group</wls:static-group-object-class>
<wls:static-member-dn-attribute>member</wls:static-member-dn-attribute>
<wls:static-group-dns-from-member-dn-filter>(&(member=%M)(objectclass=group))</wls:static-group-dns-from-member-dn-filter>
</sec:authentication-provider>
<sec:role-mapper xmlns:xac="http://xmlns.oracle.com/weblogic/security/xacml" xsi:type="xac:xacml-role-mapperType"></sec:role-mapper>
<sec:authorizer xmlns:xac="http://xmlns.oracle.com/weblogic/security/xacml" xsi:type="xac:xacml-authorizerType"></sec:authorizer>
<sec:adjudicator xsi:type="wls:default-adjudicatorType"></sec:adjudicator>
<sec:credential-mapper xsi:type="wls:default-credential-mapperType"></sec:credential-mapper>
<sec:cert-path-provider xsi:type="wls:web-logic-cert-path-providerType"></sec:cert-path-provider>
<sec:cert-path-builder>WebLogicCertPathProvider</sec:cert-path-builder>
<sec:name>myrealm</sec:name>
<sec:password-validator xmlns:pas="http://xmlns.oracle.com/weblogic/security/providers/passwordvalidator" xsi:type="pas:system-password-validatorType">
<sec:name>SystemPasswordValidator</sec:name>
<pas:min-password-length>8</pas:min-password-length>
<pas:min-numeric-or-special-characters>1</pas:min-numeric-or-special-characters>
</sec:password-validator>
</realm>
<realm>
<sec:authentication-provider xsi:type="wls:active-directory-authenticatorType">
<sec:name>RewardsUser</sec:name>
<sec:control-flag>SUFFICIENT</sec:control-flag>
<wls:host>holdap1.abc.org</wls:host>
<wls:user-name-attribute>sAMAccountName</wls:user-name-attribute>
<wls:principal>ldapviewsd</wls:principal>
<wls:user-base-dn>ou=a,dc=b,dc=c</wls:user-base-dn>
<wls:credential-encrypted>{AES}6mfAIvAqFASMkZ4yHygBe3AODqNyzYyLLePzCI2HTE0=</wls:credential-encrypted>
<wls:user-from-name-filter>(&(sAMAccountName=%u)(objectclass=user))</wls:user-from-name-filter>
<wls:group-base-dn>ou=a,dc=bdc=c</wls:group-base-dn>
<wls:max-sid-to-group-lookups-in-cache>1500</wls:max-sid-to-group-lookups-in-cache>
</sec:authentication-provider>
<sec:deploy-role-ignored>false</sec:deploy-role-ignored>
<sec:deploy-policy-ignored>false</sec:deploy-policy-ignored>
<sec:deploy-credential-mapping-ignored>false</sec:deploy-credential-mapping-ignored>
<sec:security-dd-model>CustomRoles</sec:security-dd-model>
<sec:combined-role-mapping-enabled>true</sec:combined-role-mapping-enabled>
<sec:name>RewardsUser</sec:name>
<sec:delegate-m-bean-authorization>false</sec:delegate-m-bean-authorization>
</realm>
<default-realm>myrealm</default-realm>
<credential-encrypted>{AES}AOnncmyo+t9U78VAJHcbv8uiDUVggDlU55WY5xh6NukBIg3m2MK0In76UwCRuKdlVzHp9uWx/4uYZpkVQmq9Hqk3fTRZRx4dIuyU07siwupmYdq1UHttcgTIwqqKoaWn</credential-encrypted>
<node-manager-username>weblogic</node-manager-username>
<node-manager-password-encrypted>{AES}Yx0pabvYpXxQr7K7YRVB5B0f3Kyy8Lpn0cu1WQCXve8=</node-manager-password-encrypted>
</security-configuration>
<server>
<name>AdminServer</name>
<server-debug>
<debug-scope>
<name>weblogic.security.atn</name>
<enabled>true</enabled>
</debug-scope>
<debug-scope>
<name>weblogic.security.atz</name>
<enabled>true</enabled>
</debug-scope>
<debug-security-atn>true</debug-security-atn>
<debug-security-atz>true</debug-security-atz>
<debug-security-saml-atn>true</debug-security-saml-atn>
<debug-security-saml2-atn>true</debug-security-saml2-atn>
</server-debug>
<listen-address></listen-address>
</server>
<embedded-ldap>
<name>myTestDomain</name>
<credential-encrypted>{AES}Iidvc9S3UqScbvwktaeOZMYr4V9BQ4aU/T5z+npeFwiYEzUZi6iLF59pfpCNI0DQ</credential-encrypted>
</embedded-ldap>
<configuration-version>10.3.3.0</configuration-version>
<app-deployment>
<name>rewards</name>
<target>AdminServer</target>
<module-type>ear</module-type>
<source-path>servers\AdminServer\upload\rewards.ear</source-path>
<security-dd-model>DDOnly</security-dd-model>
</app-deployment>
<admin-server-name>AdminServer</admin-server-name>
</domain> -
Open LDAP Authenticator Configuration on WLSSP5
I have problems in the open LDAP authenticator configuration on Weblogic Server with Service Pack 5. I have users on OpenLDAP Server that do not belong to any group. My LDIF file contents are as given below.
dn: dc=my-domain,dc=com
dc: my-domain
objectClass: dcObject
objectClass: organization
o: MYABC, Inc
dn: cn=Manager, dc=my-domain,dc=com
userPassword:: c2VjcmV0
objectClass: person
sn: Manager
cn: Manager
dn: cn=myabcsystem, dc=my-domain,dc=com
userPassword:: dmVuZGF2b3N5c3RlbQ==
objectClass: person
sn: myabcsystem
cn: myabcsystem
dn: cn=Philippe, dc=my-domain,dc=com
userPassword:: UGhpbGlwcGU=
objectClass: person
sn: Philippe
cn: Philippe
dn: cn=mlrick, dc=my-domain,dc=com
userPassword:: bWxyaWNr
objectClass: person
sn: mlrick
cn: mlrick
All these users appear in the Users tab after configuration on the console only if LDAP Server is up. While I select group tab, I get errors indicating BAD SEARCH Filter.
Inspite of me not having any groups in the ldap as indicated in ldif contents.
While I try to login t the application with this LDAP configuration, I do not get any errors. LDAP authentication is not happening with just the LDAP authenticator in place. Even if I stop the LDAP server, I do nto get any exceptions while trying ot login. The config params for the Open LADP are as given below
<weblogic.security.providers.authentication.OpenLDAPAuthenticator
AllGroupsFilter="objectclass=*"
Credential="{3DES}rGCpYmhaIorI99BjZ2u6Fg=="
GroupBaseDN="dc=my-domain,dc=com"
GroupFromNameFilter="(cn=%u)"
Name="Security:Name=MYABCAuthenticationOpenLDAPAuthenticator"
Principal="cn=myabcsystem,dc=my-domain,dc=com"
Realm="Security:Name=MYABCAuthentication"
StaticGroupDNsfromMemberDNFilter=""
StaticGroupNameAttribute="" StaticGroupObjectClass=""
StaticMemberDNAttribute="" UserBaseDN="dc=my-domain, dc=com"/>
####<Mar 3, 2006 4:21:34 PM IST> <Debug> <SecurityDebug> <hemalatha> <myserver> <ExecuteThread: '49' for queue: 'default'> <<WLS Kernel>> <> <000000> <LDAP ATN LoginModule initialized>
####<Mar 3, 2006 4:21:34 PM IST> <Debug> <SecurityDebug> <hemalatha> <myserver> <ExecuteThread: '49' for queue: 'default'> <<WLS Kernel>> <> <000000> <LDAP Atn Login>
####<Mar 3, 2006 4:21:34 PM IST> <Debug> <SecurityDebug> <hemalatha> <myserver> <ExecuteThread: '49' for queue: 'default'> <<WLS Kernel>> <> <000000> <LDAP Atn Login username: bob>
####<Mar 3, 2006 4:21:34 PM IST> <Debug> <SecurityDebug> <hemalatha> <myserver> <ExecuteThread: '49' for queue: 'default'> <<WLS Kernel>> <> <000000> <getConnection return conn:LDAPConnection { ldapVersion:2 bindDN:""}>
####<Mar 3, 2006 4:21:34 PM IST> <Debug> <SecurityDebug> <hemalatha> <myserver> <ExecuteThread: '49' for queue: 'default'> <<WLS Kernel>> <> <000000> <authenticate user:bob>
####<Mar 3, 2006 4:21:34 PM IST> <Debug> <SecurityDebug> <hemalatha> <myserver> <ExecuteThread: '49' for queue: 'default'> <<WLS Kernel>> <> <000000> <getDNForUser search("ou=people,ou=MYABCAuthentication,dc=myabc", "(&(uid=bob)(objectclass=person))", base DN & below)>
####<Mar 3, 2006 4:21:34 PM IST> <Debug> <SecurityDebug> <hemalatha> <myserver> <ExecuteThread: '49' for queue: 'default'> <<WLS Kernel>> <> <000000> <returnConnection conn:LDAPConnection { ldapVersion:2 bindDN:""}>
CAN ANYONE HELP ME IDENTIFY WHAT IS THE ISSUE. Why is the authentication not happening?Hi Amol,
I've seen this happen at least two times in 11.1.1.1 installs. You can safely restart and then add the service back again. Suggest you reboot after you re-add the service back or cycle all the Hyperion services.
I was not aware you could install the service with that command.
I used the below command instead:
sc create OpenLDAP-slapd start= auto binPath= "D:\Hyperion\...\slapd.exe service" DisplayName= "Hyperion Shared Services OpenLAP"
Regards,
-John -
CUC 8.5.1 IMAP - LDAP Authentication
I have Unity Connection 8.5.1. It is setup for LDAP Sync. It's set to use LDAP Authentication for users. The passwords and search bases are correct becasue I can authenticate for inbox/PCA and admin. It's using SSL and I have changed the Server information to the host name to match the certificate installed. There are no custom filters.
I am trying to get CUPC Voicemail configured and it keeps telling me credentials are rejected.
I connect to IMAP using telnet <server ip> 143
attempting to login using 02 login username password
it returns 02 NO Logon Failure: unknown user or incorrect password.
If I create a user not linked to ldap I can login with username and web password.
I have even restarted the servers after changing ldap server to hostname.
The LDAP user has the same COS that is assigned to non-ldap user that I am able to log in with.
Any other suggestions?Hi,
Sounds like you're hitting
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtr94356
Brad -
CUP 5.2 - LDAP Authentication error - "User credentials not valid."
Hi Experts ,
I have set up LDAP "SUN ONE" as a authentication source for our CUP 5.2 SP11 Patch1 (Build-62316). But when I try to logon with my network id,I receive error "User credentials not valid."
Please find the log below.
Thank you for your help,
Regards,
Abderrahim
2011-03-01 12:07:57,232 [SAPEngine_Application_Thread[impl:3]_27] ERROR Failed to log in a867168
com.virsa.ae.service.umi.AuthenticationFailureException: No user details found
at com.virsa.ae.service.umi.ldap.LDAPAuthenticator.validate(LDAPAuthenticator.java:140)
at com.virsa.ae.actions.LoginAction.requestorLoginHandler(LoginAction.java:847)
at com.virsa.ae.actions.LoginAction.execute(LoginAction.java:82)
at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:256)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:423)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(AccessController.java:207)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
Caused by:
com.virsa.ae.service.umi.UMIException: SUNONE error reading search results
at com.virsa.ae.service.umi.ldap.LDAPSearchUser.getUsers(LDAPSearchUser.java:698)
at com.virsa.ae.service.umi.ldap.LDAPSearchUser.getUserById(LDAPSearchUser.java:760)
at com.virsa.ae.service.umi.ldap.LDAPAuthenticator.validate(LDAPAuthenticator.java:131)
at com.virsa.ae.actions.LoginAction.requestorLoginHandler(LoginAction.java:847)
at com.virsa.ae.actions.LoginAction.execute(LoginAction.java:82)
at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:256)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:423)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(AccessController.java:207)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
Caused by:
javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object]; remaining name ''
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3030)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2951)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2757)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1828)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1751)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:386)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:347)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:332)
at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:252)
at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:252)
at com.virsa.ae.service.umi.ldap.LDAPSearchUser.getUsers(LDAPSearchUser.java:518)
at com.virsa.ae.service.umi.ldap.LDAPSearchUser.getUserById(LDAPSearchUser.java:760)
at com.virsa.ae.service.umi.ldap.LDAPAuthenticator.validate(LDAPAuthenticator.java:131)
at com.virsa.ae.actions.LoginAction.requestorLoginHandler(LoginAction.java:847)
at com.virsa.ae.actions.LoginAction.execute(LoginAction.java:82)
at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:256)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:423)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(AccessController.java:207)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)My issue is stil not received, i hav send a document to the system team to follow for the integration. The AD configuration for QM shud be very expicit or else integration will not work. I am attachin the doc here. Let me knw if that helps.
-
ERROR: Ldap Authentication failed for dap during installation of iAS 6.0 SP3
I am attempting to install ias Enterprise Edition (6.0 SP3) on solaris 2.8 using typical in basesetup. I am trying to install new Directory server as I don't have an existing one.
During the installation I got the following error.
ERROR: Ldap Authentication failed for url ldap://hostname:389/o=NetScape Root user id admin (151: Unknown Error)
Fatal Slapd did not add Directory server information to config Server.
Warning slapd could'nt populate with ldif file Yes error code 151.
ERROR:Failure installing iPlanet Directory Server.
Do you want to continue: ( I entered yes )
Configuring Administration Server Segmentation fault core dumped.
Error: Failure installing Netscape Administration Server.
Do you want to continue:( I responded with yes).
And during the Extraction I got the following
ERROR:mple_bind: Can't connect to the LDAP server - No route to host
ERROR: Unable to connect to LDAP Directory Server
Hostname: hostname
Port: 389
User: cn=Directory Manager
Password: <password-for-cn=Directory Manager
Please make sure this Directory Server is currently running.
You might need to run 'stop-slapd' and then
'start-slapd' in the Directory Server home directory, in order to restart
LDAP. When finished, press ENTER to continue, or S to skip this step:
Start registering Bootstrap EJB...
javax.naming.NameNotFoundException
at java.lang.Throwable.fillInStackTrace(Native Method)
at java.lang.Throwable.fillInStackTrace(Compiled Code)
at java.lang.Throwable.<init>(Compiled Code)
at java.lang.Exception.<init>(Compiled > Code)
at javax.naming.NamingException.<init>(NamingException.java:114)
at javax.naming.NameNotFoundException.<init>(NameNotFoundException.java: 48)
at com.netscape.server.jndi.RootContext.resolveCtx(Unknown Source)
"ldaperror" 76 lines, 2944 characters
at com.netscape.server.jndi.RootContext.resolveCtx(Unknown Source)
at com.netscape.server.jndi.RootContext.bind(Unknown Source)
at com.netscape.server.jndi.RootContext.bind(Unknown Source)
at javax.naming.InitialContext.bind(InitialContext.java:371)
at com.netscape.server.deployment.EjbReg.deployToNaming(Unknown Source)
at com.netscape.server.deployment.EjbReg.registerEjbJar(Compiled Code)
at com.netscape.server.deployment.EjbReg.registerEjbJar(Compiled Code)
at com.netscape.server.deployment.EjbReg.run(Compiled Code)
at com.netscape.server.deployment.EjbReg.main(Unknown Source)
Start registering iAS 60 Fortune Application...
Start iPlanet Application Server
Start iPlanet Application Server
Start Web Server iPlanet-WebServer-Enterprise/6.0SP1 B08/20/200100:58
warning: daemon is running as super-user
[LS ls1] http://gedemo1.plateau.com, port 80 ready
to accept requests
startup: server started successfully.
After completion of installation, I tried to start the console. But I got the following error;
"Cant connect ot the admin server. The url is not correct or the server is not running.
Finally,when I started the admintool(iASTT),it shows the iAS1
was registered( marked with a red cross mark) and says "cant login. make sure the user
name & passwdord are correct" when i click on it.
Thanks in advance for any help
MadhaviHi,
Make sure that the directory server is installed first. If it is running
ok, then you can try adding an admin user, please check the following
technote.
http://knowledgebase.iplanet.com/ikb/kb/articles/4106.html
regards
Swami
madhavi korupolu wrote:
I am attempting to install ias Enterprise Edition (6.0 SP3) on
solaris 2.8 using typical in basesetup. I am trying to install new
Directory server as I don't have an existing one.
During the installation I got the following error.
ERROR: Ldap Authentication failed for url
ldap://hostname:389/o=NetScape Root user id admin (151: Unknown
Error)
Fatal Slapd did not add Directory server information to config
Server.
Warning slapd could'nt populate with ldif file Yes error code 151.
ERROR:Failure installing iPlanet Directory Server.
Do you want to continue: ( I entered yes )
Configuring Administration Server Segmentation fault core dumped.
Error: Failure installing Netscape Administration Server.
Do you want to continue:( I responded with yes).
And during the Extraction I got the following
ERROR:mple_bind: Can't connect to the LDAP server - No route to host
ERROR: Unable to connect to LDAP Directory Server
Hostname: hostname
Port: 389
User: cn=Directory Manager
Password: <password-for-cn=Directory Manager
Please make sure this Directory Server is currently running.
You might need to run 'stop-slapd' and then
'start-slapd' in the Directory Server home directory, in order to
restart
LDAP. When finished, press ENTER to continue, or S to skip this
step:
Start registering Bootstrap EJB...
javax.naming.NameNotFoundException
at java.lang.Throwable.fillInStackTrace(Native Method)
at java.lang.Throwable.fillInStackTrace(Compiled Code)
at java.lang.Throwable.<init>(Compiled Code)
at java.lang.Exception.<init>(Compiled > Code)
at javax.naming.NamingException.<init>(NamingException.java:114)
at
javax.naming.NameNotFoundException.<init>(NameNotFoundException.java:
48)
at com.netscape.server.jndi.RootContext.resolveCtx(Unknown Source)
"ldaperror" 76 lines, 2944 characters
at com.netscape.server.jndi.RootContext.resolveCtx(Unknown Source)
at com.netscape.server.jndi.RootContext.bind(Unknown Source)
at com.netscape.server.jndi.RootContext.bind(Unknown Source)
at javax.naming.InitialContext.bind(InitialContext.java:371)
at com.netscape.server.deployment.EjbReg.deployToNaming(Unknown
Source)
at com.netscape.server.deployment.EjbReg.registerEjbJar(Compiled
Code)
at com.netscape.server.deployment.EjbReg.registerEjbJar(Compiled
Code)
at com.netscape.server.deployment.EjbReg.run(Compiled Code)
at com.netscape.server.deployment.EjbReg.main(Unknown Source)
Start registering iAS 60 Fortune Application...
Start iPlanet Application Server
Start iPlanet Application Server
Start Web Server iPlanet-WebServer-Enterprise/6.0SP1 B08/20/200100:58
warning: daemon is running as super-user
[LS ls1] http://gedemo1.plateau.com, port 80 ready
to accept requests
startup: server started successfully.
After completion of installation, I tried to start the console. But I
got the following error;
"Cant connect ot the admin server. The url is not correct or the
server is not running.
Finally,when I started the admintool(iASTT),it shows the iAS1
was registered( marked with a red cross mark) and says "cant login.
make sure the user
name & passwdord are correct" when i click on it.
Thanks in advance for any help
Madhavi
Try our New Web Based Forum at http://softwareforum.sun.com
Includes Access to our Product Knowledge Base!
Maybe you are looking for
-
Hi I have upgraded to Leopard and tried to install bootcamp last night only to get the same message as above. +"the disk cannot be partitioned because some files cannot be moved"+ It goes on to say..... +back up disk and use disk utility to format it
-
Best way to read text files at multiple production sites
Need to write a solution to read txt files that contain binary data on multiple SQL Servers. I have no control over the SQL servers, they are not mine. Thinking of BULK INSERT or bcp. But must something on the server be turned on for it to work? What
-
Hi, My daughter's laptop has been getting low disk errors for some time, and a Lenovo rep suggested first adding RAM. I purchased 1 GB from a third-party vendor, installed it, but the low disk error message remained. The computer was working fine for
-
I am trying to update my phone, but it tells me that I don't have enough storage. I have deleted almost all of my apps and purchased 15GB more storage, but it still tells me that I don't have enough storage?
-
Error message: 450 [Wrong number of arguments or invalid property assignment]
Hello Support, I have a vbscript which does some database query. i see from the log that script quits with the below error. Error message: 450 [Wrong number of arguments or invalid property assignment] but when i execute the same query directly on da