Installing LDAP realm Problem

Similar Messages

• WL6.0 LDAP Realm problems

  I'm trying out WL6.0 (eval version) LDAP realm support and having trouble
  getting it to work - basic auth just keeps popping the window up 3 times and
  then giving up. Only pertinent message in the log is:
  ####<Mar 16, 2001 12:03:21 PM EST> <Info> <Security> <FOOBAR>
  <examplesServer> <ExecuteThread: '11' for queue: 'default'> <> <> <090021>
  <Locking account, user jdoe.>
  No obvious LDAP info or errors in the log, despite adding the following two
  to the startup script cmd line and restarting the server:
  -Dweblogic.security.realm.debug=true -Dweblogic.security.ldaprealm.verbose=t
  rue
  The HTTP basic-auth dialog box is correctly showing me that I'm trying to
  authenticate to: MyLDAPRealm
  Here's the config info for MyLDAPRealm
  <LDAPRealm AuthProtocol="simple"
  Credential="myserverpasswd"
  GroupDN="o=mycompany,c=us" GroupIsContext="false" GroupNameAttribute="cn"
  GroupUsernameAttribute="uniquemember"
  LDAPURL="ldap://tug:390"
  Name="MyLDAPRealm"
  Principal="cn=myserver,ou=myserverstuff,o=mycompany,c=US"
  UserAuthentication="local"
  UserDN="o=mycompany,c=us" UserNameAttribute="uid"/>
  It's a Netscape 4.1 Directory server, and I've verified that the above
  server account exists AND can authenticate and retrieve account
  userpasswords (yes, the server account is "cn=" while the user accounts are
  "uid=" - don't ask :-)....
  I've tried both "bind" and "local" and get the same results both ways.
  Any ideas???

  Did you use the most recent ldap patch? I could not get it to work fine
  with the default wls6.0sp1, but with the ldap-patch it works fine.
  AND probably even more important... change
  <Realm FileRealm="..." Name=".....">
  to
  <Realm CachingRealm"MyCachingRealm" FileRealm="..." Name=".....">
  Hope this helps...
  Ronald
  Sushil Pulikkal wrote:
  Hi Tom,
  I am using iPlanet Directory server with WL6.0 (which I presume is supported as
  Netscape's is) and facing the same problem as Mike was i.e account locking after
  three attempts(bottom of the message). I have created my own caching realm with
  the basic realm being MyLDAPRealm.
  The log gives no info other than the one about account locking.
  My config.xml looks something like this -
  <CachingRealm BasicRealm="MyLDAPRealm" CacheCaseSensitive="true" Name="MyCachingRealm"/>
  <PasswordPolicy Name="wl_default_password_policy"/>
  <LDAPRealm AuthProtocol="simple" Credential="enslaved"
  GroupDN="ou=Aussies,dc=timerasolutions,dc=com"
  GroupUsernameAttribute="uniquemember"
  LDAPURL="ldap://DJ-SUSHILP.timerasolutions.com:389"
  Name="MyLDAPRealm"
  Principal="uid=admin, ou=Administrators,
  ou=TopologyManagement, o=NetscapeRoot"
  UserAuthentication="bind"
  UserDN="ou=Aussies,dc=timerasolutions,dc=com"
  UserNameAttribute="uid"/>
  The browser window does pop up, but the user id doesn't get authenticated. Is
  there a way to know whether WLS is actually going to the LDAP server for authentication?
  Any insight into this?
  Thanks in advance,
  Sushil
  "Tom Moreau" <[email protected]> wrote:
  Mike,
  I haven't had any trouble getting the LDAPRealm to work
  in WLS 6.0. Could it be that while you've created the LDAPRealmMBean,
  you haven't told WLS to use it?
  In other words, you can create many realm configurations then
  you need to activate the one you want. If you haven't, the
  we just use the file realm. The file realm won't be able
  to authenticate you (since you put the info in LDAP!) and
  after 3 failures, will lock out the account.
  The instructions for selecting the realm are at:
  http://e-docs.bea.com/wls/docs60/adminguide/index.html
  See:
  12. Managing Security
  Specifying a Security Realm
  Configuring the Caching Realm
  The basic idea is:
  1) create your LDAP Realm (you've already done this)
  2) create a CachingRealm
  3) set the CachingRealm's BasicRealm to your LDAP Realm
  4) set the Security Realm's CachingRealm to your Caching Realm
  5) reboot
  It's pretty easy to do this through the admin console.
  Otherwise, you can edit config.xml by hand.
  Here's how:
  <Domain>
  <Security
  Name="mydomain"
  Realm="myRealm"
  />
  <Realm
  Name="myRealm"
  FileRealm="myFileRealm"
  CachingRealm="myCachingRealm"
  />
  <FileRealm
  Name="myFileRealm"
  />
  <CachingRealm
  Name="myCachingRealm"
  BasicRealm="myLDAPRealm"
  />
  <LDAPRealm
  Name="myLDAPRealm"
  />
  -Tom
  "Mike" <[email protected]> wrote:
  BTW, before someone suggests it, I found Tom Moreau's
  suggestion to use:
  <ServerDebug Name="examplesServer" DebugSecurityRealm="true"
  />
  under the <Server> element in config.xml and restarted
  with this and still
  no additional
  info from the LDAP realm printed about why it's not working
  (nothing but the
  same
  locking account message mentioend below).
  Is the source for the LDAP realm available so I can debug
  it myself or has
  anybody
  written their own LDAP realm that they'd be willing to
  share with the group?
  Thanks again,
  ...Mike
  "Mike" <[email protected]> wrote in message
  news:[email protected]...
  Ok I've verified that the -Dweblogic.security.ldaprealm.verbose
  probably
  won't
  work with 6.0 (old 5.x and previous style property),
  but I can't figure
  out
  what
  replaced it, to figure out why the LDAP realm isn't
  working for me...
  The property mapping guide at:
  http://e-docs.bea.com/wls/docs60///////config_xml/properties.html
  shows that things like weblogic.security.ldaprealm.url
  changed to LDAPURL in config.xml (without telling
  you that this resides as an XML attribute of
  <Domain><LDAPRealm ... /></Domain> although that's
  easy enough to find by looking through the example
  LDAP realm.
  It then says that weblogic.security.ldaprealm.verbose
  has changed to "Debug" in config.xml, but doesn't
  say whether that's a "Debug" XML attribute on one
  of the XML elements in there, or whether it's an
  XML node itself, or where in the config.xml doc
  it goes... It doesn't work as an attribute of
  <LDAPRealm ...> (server won't start with it there)
  and it doesn't show up at all in the DTD for config.xml
  so I'm assuming the mapping doc at the above url is
  wrong. Anybody know what this really became in 6.0?
  I've tried setting StdoutDebugEnabled="true" in config.xml
  and turning the logging level all the way up to see
  everything, but even
  then all I
  get is the account locked message, not why it's failing
  to authenticate
  via
  LDAP...
  Any other ideas?
  "Mike" <[email protected]> wrote in message
  news:[email protected]...
  I'm trying out WL6.0 (eval version) LDAP realm support
  and having
  trouble
  getting it to work - basic auth just keeps popping
  the window up 3 times
  and
  then giving up. Only pertinent message in the log
  is:
  ####<Mar 16, 2001 12:03:21 PM EST> <Info> <Security>
  <FOOBAR>
  <examplesServer> <ExecuteThread: '11' for queue: 'default'>
  <> <>
  <090021>
  <Locking account, user jdoe.>
  No obvious LDAP info or errors in the log, despite
  adding the following
  two
  to the startup script cmd line and restarting the
  server:
  -Dweblogic.security.realm.debug=true -Dweblogic.security.ldaprealm.verbose
  =t
  rue
  The HTTP basic-auth dialog box is correctly showing
  me that I'm trying
  to
  authenticate to: MyLDAPRealm
  Here's the config info for MyLDAPRealm
  <LDAPRealm AuthProtocol="simple"
  Credential="myserverpasswd"
  GroupDN="o=mycompany,c=us" GroupIsContext="false"
  GroupNameAttribute="cn"
  GroupUsernameAttribute="uniquemember"
  LDAPURL="ldap://tug:390"
  Name="MyLDAPRealm"
  Principal="cn=myserver,ou=myserverstuff,o=mycompany,c=US"
  UserAuthentication="local"
  UserDN="o=mycompany,c=us" UserNameAttribute="uid"/>
  It's a Netscape 4.1 Directory server, and I've verified
  that the above
  server account exists AND can authenticate and retrieve
  account
  userpasswords (yes, the server account is "cn=" while
  the user accounts
  are
  "uid=" - don't ask :-)....
  I've tried both "bind" and "local" and get the same
  results both ways.
  Any ideas???

• Install ldap server problems

  ok, maybe here its the right place to post my question:
  i am trying to install sun one directory server, and othe ldaps as well, on my windows xp home edition notebook that uses a dsl connection, with no domain name, and i am having trouble doing so.
  i installed the same server (and other ldaps) on my windows 2000 with no problem, but this 2000 machine is on a domain network.
  maybe the domain is what is required. i am not sure though. i am new on ldap, please help.

  Typically, installing an ldap server will require a fully-qualified domain name and a static IP address.
  You are probably using DHCP to obtain an IP address since you mention that you are at home and on DSL.
  You should refer to the installation guide for Directory Server. Docs can be found at docs.sun.com, search on the product name, titles only and you should be able to find the right one for the version you are using.
  If you are mainly doing this to evaluate tools and servers, you might want to try the new version of Sun Java Studio Enterprise (6 2004Q1), which bundles the directory server (and other useful Sun Java servers). This product will be released at the end of this month.
  Watch this web site for an announcement soon (~ 3-29-04) http://wwws.sun.com/software/product_categories/application_development.html
  The full product name is Sun Java Studio Enterprise 6 2004Q1 (although Windows XP Home edition is not
  a supported platform). Typically, you would probably find Win XP Pro to have more of the networking features necessary for installing and using servers.

• Problem configure Ldap realm with multi master Ldap server

  I have a multimaster Directory Server (Ldap) eg: LdapMaster01 & LdapMaster02.
  I configured the realm Ldap:
  realm= myLdapRealm
  class name =com.sun.enterprise.security.auth.realm.ldap.LDAPRealm
  jaas-context = myLdapRealm
  directory = ldap://LdapMaster01:389
  base-dn = ou=my_APP, ou=Applications, dc=devinc, dc=com
  search-bind-dn = cn=Directory Manager
  search-bind-password = 99999999So how can i configure realm to automatically switch to LdapMaster02 when the LdapMaster01 is not up?
  Thanks in advance

  Probably you need an external intelligent
  loadbalancer unit, that receives all requests for an
  DNS like 'LdapMaster' and reroutes the traffic to
  LdapMaster01 or LdapMaster02.
  If one LdapMaster ist not available then the
  loadbalancer is responsible to route all requests
  only to the available server.Thank you very much. :)
  I found other post on the internet about this, and yes, probably the only way is a loadbalancer.
  Another way is to write a custum realm impl that receives the server list and try to connect until an available server is found.

• Trying to setup a LDAP Realm

  I'm runing WLS6.0 SP2 and I'm trying to set up a LDAP realm to talk to a openldap
  server. I'm on Win2k and have it installed as a service.
  I can connect to the server via a ldap browser, and I have a user in the ldap
  tree with a clear text password.
  I created a LDAP realm but I can't find where to configure WebLogic to use that
  LDAP realm for authentication.
  thanks
  joe

  I guess they don't use the LDAP Realm in Weblogic, you should create your custom
  realm that access to AD and return user/group enumerations, acl's, etc...
  I'm able to access to AD using jdk1.4, and I have my custom realm, the only
  problem is wl uses jdk1.3 (+jaas) and I couldn't connect to AD with the old jaas,
  because it didn't support kerberos authentication. A more complete jaas it's included
  in jdk1.4
  Regards,
  Marc
  "Roy Cornell" <[email protected]> wrote:
  Great news, Scott. I hope you don't mind answering the three questions
  below:
  1. Which LDAP realm ***version*** did you use : V1 or V2?
  2. Which LDAP realm type did you specify during the configuration: "MS
  Site
  Server" or other ?
  3. Did you encounter any problems during the integration?
  Thanks a lot.
  Roy
  "Scott Harger" <[email protected]> wrote in message
  news:3b794a7c$[email protected]..
  We have been able to get the LDAP realm (6.0 SP1) to work with Active
  Directory.
  Scott
  "Roy Cornell" <[email protected]> wrote in message
  news:3b72eb32$[email protected]..
  I've got the same question (posted it yesterday). Please, Please,
  Please,
  could somebody reply.
  "Andrew Wallace" <[email protected]> wrote in message
  news:3b72ce38$[email protected]..
  Somehow my last message got truncated. Here's the full deal:
  We're trying to setup an LDAP realm in a microsoft-centric environment
  (Windows 2000). All the documentation from BEA that I've found
  talks
  about MS Site Server, which, as near as I can find, is not an LDAPserver.
  So - can I use MS Active Directory on Win2k? Is it functionally
  the
  same
  thing? Does the MS template in LDAP Realm V2 support it? Does anyone
  have success or horror stories about using AD?
  thanks,
  andy

• LDAP realm in Weblogic

  I am using Netscape Directory Service 4.2. I want to use LDAP realm for authentication from Weblogic 5.1. I have created a principal(kevink - username and cambridge - group) in NDS. I have created a servlet and registered in Weblogic giving permission to execute the servlet to the above username and group. I have the following entry in my weblogic properties file weblogic.allow.execute.weblogic.servlet.helloWorld=\ kevink, cambridge
  I have also created the LDAPRealm.properties file in my weblogic home directory.
  When I start weblogic with the LDAP debug mode on, I get the following messages
  Mon May 01 14:38:52 EDT 2000:<W> <CachingRealm> ACL "weblogic.servlet.helloWorld" contains non existent principal "kevink" - ignoring principal ******** Error: ACL "weblogic.servlet.helloWorld" contains non-existent principal "kevink" - i noring principal
  Mon May 01 14:38:52 EDT 2000:<W> <CachingRealm> ACL "weblogic.servlet.helloWorld" contains non- existent principal "cambridge" - ignoring principal ******** Error: ACL "weblogic.servlet.helloWorld" contains non-existent principal "cambridge" - ignoring principal
  Any ideas to solve this problem are welcome Ram

  Yep. And if your LDAP realm is hooked up correctly, you'll see groups from your ldap realm
  in the weblogic console, under the Security->Groups tab on the frame to the left.
  Keep in mind that you will not see users from your LDAP server under the Security->Users
  tab. This is expected behavior. But if you see the groups, then you've most likely hooked
  up the LDAP realm the right way ...
  Joe Jerry
  Vishwanath Kumar wrote:
  Hello Kumar,
  I am attaching a small portion of config.xml which contains LDAP settings . Please change
  this according to your LDAP server configuration and test it . I hope this should help
  you out.
  You also need to create a caching realm and then hook up that caching realm to this LDAP
  realm .
  For more information this URL should be helpful:
  http://e-docs.bea.com/wls/docs61/adminguide/cnfgsec.html#1071872
  here is portion of config.xml
  <LDAPRealm AuthProtocol="simple" Credential="dropdead"
  GroupDN="o=beasys.com,ou=Groups" GroupIsContext="false"
  GroupNameAttribute="cn" GroupUsernameAttribute="uniquemember"
  LDAPURL="ldap://mmanson:389"
  Name="defaultLDAPRealmForNetscapeDirectoryServer"
  Notes="This is provided as an example. Before enabling this Realm, you must edit
  the configuration parameters as appropriate for your environment."
  Principal="uid=admin, ou=Administrators, ou=TopologyManagement, o=NetscapeRoot"
  UserAuthentication="bind" UserDN="o=beasys.com,ou=People"
  UserNameAttribute="uid" UserPasswordAttribute="userpassword"/>
  kumar wrote:
  Hi,
  I have tried to configure LDAP realm in weblogic, but I think it is not configured
  correctly. And I don't know how to test it. Can anybody send me the sample config.xml
  having LDAP realm configured correctly. Please send me a sample program to access
  LDAP realm via weblogic.
  Thx--
  Vishwanath Kumar
  Developer Relations Engineer
  BEA Systems, Inc.

• LDAP realm with Active Directory

  Hello,
  In the sun one app server admin console i have set the security role to LDAP.
  I have set up security roles in my web.xml such as this:
  <security-role>
  <description>This role represents administrators of the system, see actor administrators</description>
  <role-name>administrators</role-name>
  </security-role>
  ..and mapped the roles to groups in sun-application as follows:
  <security-role-mapping>
  <role-name>administrators</role-name>
  <group-name>CMS_PM</group-name>
  <principal-name>rlancett</principal-name>
  </security-role-mapping>
  My user and group information is stored in Active Directory so I have tried to configure the ldap realm in the admin console to get it working. These are the settings i have put in:
  directory: ldap://earth.tier2consulting.com:389
  base-dn: cn=Users,dc=tier2consulting,dc=com
  jaas-context: ldapRealm
  search-bind-dn: cn=administrator,cn=Users,dc=domain,dc=com
  search-bind-password: ******
  search-filter: sAMAccountName=%s
  I get the error message :javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 525, v893
  WARNING: va:850)
  FINEST: JAAS authentication aborted.
  INFO: SEC5046: Audit: Authentication refused for [administrator].
  I am pretty stuck on this having looked arounds all the forums:
  Has anyone got sun one app server using Active Directory to get user/group information for security roles?
  Thanks.

  Howdy,
  I don't have a solution to your problem, but maybe this tid-bit will help in debugging with Active Directory error messages. I'm new to AD, so excuse me if everyone already knows this, but...
  The error message you get back from the directory contains an error code in hexidecimal:
  LDAP: error code 49 - 80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 525, v893
  If you translate '525' from hex to decimal you get '1317' which is the error message you can look up here:
  http://msdn.microsoft.com/library/default.asp?url=/library/en-us/debug/base/system_error_codes.asp
  1317 - ERROR_NO_SUCH_USER - The specified user does not exist.
  It took me a while to find this tip, so I thought I'd share it. Oh, and the easy way to get decimal from hexidecimal is:
  System.out.println( "Here is 525 in decimal: " + Integer.parseInt("525", 16));
  Okay, hope this helps somebody.
  Now it's up to you to find out why it can't find the administrator!
  Craig

• BASIC/LDAP Realm Authentication

  I am trying to protect access to my Web Application using BASIC
  Authentication based on an LDAPRealm that I have configured. I want all
  users that try to access anything in my Web App to have to log in first,
  based on their information in the LDAP server.
  My web.xml file looks as such.
  <web-app>
  <display-name>LDAPSpike</display-name>
  <servlet>
  <servlet-name>TestServlet</servlet-name>
  <servlet-class>test.TestServlet</servlet-class>
  </servlet>
  <servlet-mapping>
  <servlet-name>TestServlet</servlet-name>
  <url-pattern>/test</url-pattern>
  </servlet-mapping>
  <login-config>
  <auth-method>BASIC</auth-method>
  <realm-name>ActiveDirectoryCachingRealm</realm-name>
  </login-config>
  </web-app>
  Do I need to setup a <security-constraint> tag or a <security-role> tag? if
  so what role do I use? I just want ANY user the be authenticated by using
  the LDAP Realm (in this case ActiveDirectory as an LDAP Server)
  Thanks in advance for the help...
  Frank
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  Frank Febbraro
  Senior Software Engineer

  Plamen Petrov wrote:
  I am having similar problem. I managed to grant access
  to individual users and groups in the LDAP server, but
  what I want to do is to give access to everyone in
  the LDAP directory without explicitly specifiyng his
  name or group membership.Create a group "everyone" in LDAP as a workaround.
  Cheers,
  Alexander Petrushko
  mailto:[email protected]
  Consulting Services available
  Freemarker vs JSP:
  http://javaworld.com/javaworld/jw-01-2001/jw-0119-freemarker.html

• HTTP Basic Autnetication - LDAP Realm

  Hi,
  I have developed a SOAP webservice in BPEL 2.0 [ JBI ] and added the HTTP basic authentication on top of it ( added the policy ). I have used LDAP realm to authenticate the users from the LDAP server and its working fine.
  Below is the code snippet of the WSDL used to point to LDAP realm.
      <service name="casaService1">
          <port name="casaPort1" binding="tns:casaBinding1">
              <soap:address
  location="http://localhost:9080/SOAPWSService/SOAPWS"/>
              <wsp:PolicyReference URI="#HttpBasicAuthBindingLdapRealmPolicy"/>
          </port>
      </service>
          <wsp:Policy wsu:Id="HttpBasicAuthBindingLdapRealmPolicy">
          <mysp:MustSupportBasicAuthentication on="true">
              <mysp:BasicAuthenticationDetail>
                 <mysp:Realm realmName="LdapRealm" />
              </mysp:BasicAuthenticationDetail>
          </mysp:MustSupportBasicAuthentication>
      </wsp:Policy>
  The LDAP realm details from the Glassfish Server are as below:
  JAAS Context - ldapRealm
  Directory - ldap://localhost:389
  Based DN - dc=example,dc=com
  Bind DN - cn=Directory Manager
  Password - ldap123
  Now i would like to provide access to only users in a particular group. I have updated the Assigned Groups in the LDAP realm ( admin console ) to the group for which i would like to provide access to. But its not working.
  For webservices developed using EJB,we can use the web.xml , sun-web.xml,deployment descriptor files to add roles and map groups to this roles.
  But how do we implement the same in OpenESB ( service assemblies ). Do we have to modify the WSDL ? Please share some info if anyone has worked on this before.
  Thanks,
  Kris.

  Plamen Petrov wrote:
  I am having similar problem. I managed to grant access
  to individual users and groups in the LDAP server, but
  what I want to do is to give access to everyone in
  the LDAP directory without explicitly specifiyng his
  name or group membership.Create a group "everyone" in LDAP as a workaround.
  Cheers,
  Alexander Petrushko
  mailto:[email protected]
  Consulting Services available
  Freemarker vs JSP:
  http://javaworld.com/javaworld/jw-01-2001/jw-0119-freemarker.html

• Ldap realm won't recognise group members...

  I've modified the defaultLDAPRealmForNovellDirectoryServices to talk to
  Novell e-directory v8.6.
  The Weblogic console correctly displays my Ldap groups. I have custom ACL's
  defined (in the filerealm, (Jerry - I'm also baffled how to do this in
  Ldap)) with permissions granted to my Ldap groups of which my Ldap user is a
  memeber. This user is authenticated (can logon) correctly but can't perform
  actions that their group permissions permit. (Users defined in the file
  realm with this permission have no problem).
  I can only think that the Ldap group is not recognising its members. This
  is, of course, impossible to test as listing members of a group has been
  disabled in Ldap realm v2....
  If anyone has encountered such a problem, or can see an obvious solution,
  cheers, very grateful.
  <CustomRealm
  ConfigurationData="user.filter=(&(cn=%u)(objectclass=person));user.dn=ou
  =people, dc=ftid,
  dc=com;server.principal=cn=Admin,dc=ftid,dc=com;membership.filter=(&(uni
  queMember=%M)(objectclass=groupOfNames));group.filter=(&(cn=%g)(objectcl
  ass=groupOfNames));server.host=localhost
  server.port=389;server.ssl=false;group.dn=ou=Groups, dc=ftid, dc=com"
  Name="defaultLDAPRealmForNovellDirectoryServices"
  Notes="No notes" Password="{3DES}q4+IymeHqO2H/zvRdQK5oA=="
  RealmClassName="weblogic.security.ldaprealmv2.LDAPRealm"/>
  Ldif export for my group.
  dn: cn=LdapUpdaterPrincipal, ou=Groups, dc=ftid, dc=com
  equivalentToMe: cn=tom,ou=people,dc=ftid,dc=com
  objectClass: groupOfNames
  objectClass: top
  uniqueMember: cn=tom,ou=people,dc=ftid,dc=com
  uniqueMember: cn=andy,ou=people,dc=ftid,dc=com
  ACL: 2#entry#[Root]#uniqueMember
  cn: LdapUpdaterPrincipal
  I'm using wl6.1 sp2.
  Cheers,
  Alan.

  solved, sorry, it was a problem with the principal-name in the
  weblogic-ejb-jar file not mapping to the correct group name...
  Alan
  "Alan Phillips" <alan.phillips@|remove|ftid.com> wrote in message
  news:3c690985$[email protected]..
  I've modified the defaultLDAPRealmForNovellDirectoryServices to talk to
  Novell e-directory v8.6.
  The Weblogic console correctly displays my Ldap groups. I have customACL's
  defined (in the filerealm, (Jerry - I'm also baffled how to do this in
  Ldap)) with permissions granted to my Ldap groups of which my Ldap user isa
  memeber. This user is authenticated (can logon) correctly but can'tperform
  actions that their group permissions permit. (Users defined in the file
  realm with this permission have no problem).
  I can only think that the Ldap group is not recognising its members. This
  is, of course, impossible to test as listing members of a group has been
  disabled in Ldap realm v2....
  If anyone has encountered such a problem, or can see an obvious solution,
  cheers, very grateful.
  <CustomRealm
  ConfigurationData="user.filter=(&(cn=%u)(objectclass=person));user.dn=ou
  =people, dc=ftid,
  dc=com;server.principal=cn=Admin,dc=ftid,dc=com;membership.filter=(&(uni
  >
  queMember=%M)(objectclass=groupOfNames));group.filter=(&(cn=%g)(objectcl
  ass=groupOfNames));server.host=localhost
  server.port=389;server.ssl=false;group.dn=ou=Groups, dc=ftid, dc=com"
  Name="defaultLDAPRealmForNovellDirectoryServices"
  Notes="No notes" Password="{3DES}q4+IymeHqO2H/zvRdQK5oA=="
  RealmClassName="weblogic.security.ldaprealmv2.LDAPRealm"/>
  Ldif export for my group.
  dn: cn=LdapUpdaterPrincipal, ou=Groups, dc=ftid, dc=com
  equivalentToMe: cn=tom,ou=people,dc=ftid,dc=com
  objectClass: groupOfNames
  objectClass: top
  uniqueMember: cn=tom,ou=people,dc=ftid,dc=com
  uniqueMember: cn=andy,ou=people,dc=ftid,dc=com
  ACL: 2#entry#[Root]#uniqueMember
  cn: LdapUpdaterPrincipal
  I'm using wl6.1 sp2.
  Cheers,
  Alan.

• How to configure Netscape LDAP realm for WLS6.1

  I 've installed NDS 3.1 on my machine & created users & groups using Netscape admin
  console.
  dn='uid=abc,ou=AMITOrg,o=Airius.com'
  What information should be entered in the 'Properties' of V2 LDAP realm?
  Where should i specify server, port of my NDS?
  Please let me know the sample settings.
  Thanks & regards,
  Amit

  Which version of Netscape Directory Server ?
  NDS development has stopped several years ago.
  Regards,
  Ludovic.

• OptimizeIt and LDAP realm

  I have problems running WebLogic 5.1 SP10 with a LDAP realm configured
  I have used the script supplied with my OptimizeIt installation, but WebLogic can't find the ldaprealm.properties file but instead assumes the LDAP hostname ldapserver:389

  We ran into a similar situation where our users were stored in SiteMinder/LDAP.
  So we are going to bulk load all the users into WLI and then synchronize the users
  nightly for any activated and deactivated users. We kept the roles in LDAP different
  from the roles in WLI though. Would like to know if you guys addresses this differently
  Thanks
  Sreeram
  "Peter Giesin" <[email protected]> wrote:
  >
  I am curious to know if anyone is actually running WLI with a LDAP Realm.
  I would
  like to know how you dealt with the fact that the users still need to
  be defined
  in the WLI database so that they can be added to the organization.
  Thanks,
  Pete

• Selecting LDAP Realm V2

  My environment is WL 6.1 SP2.
  I am currently using the LDAP Realm V1 (deprecated) and would like to switch to LDAP
  Realm V2. The problem is that my WL console does not give me the option to configure
  a LDAP Realm V2 when creating a new security realm. The only options I get are: LDAP
  Realm V1, NT Realm, UNIX Realm, RDBMS Realm and Custom Realm.
  I would appreciate it if anybody can tell me what needs to be done to get the configure
  LDAP Realm V2 option.
  Thanks
  Charl

  I have had a custom realm that handles ACLs since 5.1. My question is I want to
  mix it with the out-of-the box ldaprealm v2. I was hoping for a failover mechanism
  where I can supply a custom realm that knows how to authorize and leave it up
  to the canned ldaprealm to authenticate. The filerealm behaves in such a manner,
  does it not.
  I will try your idea about extending the ldaprealm. But, the challenge will be
  in dealing with the delegate.
  "Utpal" <[email protected]> wrote:
  If you extend the weblogic.security.ldaprealmv2.LDAPRealm and implements
  newAcl, deleteAcl, newPermission,
  setPermission etc, I think it's doable.
  =========
  public class weblogic.security.ldaprealmv2.LDAPRealm extends
  weblogic.security.a
  cl.AbstractListableRealm implements weblogic.security.acl.DebuggableRealm
  =========
  -utpal
  "Utpal" <[email protected]> wrote in message
  news:[email protected]..
  Why don't you use the Custom Security Realm? You can construct an ACLin a
  custom seecurity realm.
  http://edocs.beasys.com/wls/docs61/security/prog.html#1042361
  -utpal
  "Ziad Kurdi" <[email protected]> wrote in message
  news:3c9b4c80$[email protected]..
  Is there a way in 6.1 to use the supplied LDAP Realm V2 for
  authentication
  and
  managing groups, but enhance it with ACL's (stored in a database)
  for
  authorization?
  Obviously, I would like to take advantage of the server's caching
  realm
  capabilities.
  I currently running a custom realm (from 5.1 which works in 6.1)
  that
  mixes LDAP
  authentication, group management, and DB ACL's for authorization,
  but I
  no
  longer
  wish to capture the user's password (due to sorporate policies) and
  would
  like
  to avoid maitaining the authentication code.
  Thanks in advance for any assistance.

• Have CS 5 Installed on my iMac and works ok. But installed on my new MacBook Pro it won't open NEF files from my Nikon D810. Displays NEF icons, but when I try and open them the response is: Make sure latest RAW updates are installed. If problem persists

  Have CS 5 Installed on my iMac and works ok. But installed on my new MacBook Pro it won't open NEF files from my Nikon D810. Displays NEF icons, but when I try and open them the response is: Make sure latest RAW updates are installed. If problem persists follow link: http://www.adobe.com/go/kb407111. Have installed Bridge 5.0.2.4; Raw Ref Version 7.0.0.308; DNG converter_8_7_1.dmg; Bridge 5.0.2 Update 2. Also same problem with Lightroom which I don't normally use. Lightroom_3_LS11_mac_3_6.dmg installed.

  In the link you posted it states that the Nikon 810 requires ACR 8.6 or newer.
  Version of ACR are specific to versions of Photoshop. You cannot use 8.6 nor even 7.0.in CS5.
  I believe that ACR 6.7 is the latest that will work with CS5, so make sure you have this installed and get rid of ACR 7.
  Having 2 versions of ACR will cause problems.
  You have already downloaded DNG Converter 8.7.1.
  Have you double clicked the DMG file to allow you to install DNG Converter on your computer?
  Be aware that DNG converter is a stand-along application and not a plug-in.
  You need to open DNG converter at select the FOLDER that contain your .NEF files.
  Don't open the folder and try to select individual files, it doesn't work that way.
  After converting your D810 files to DNGs you can then open the DNGs in CS5
  The problem is your camera didn't exist when CS5 & its version of ACR was developed.
  i don't use Lightroom, but the list mentions Lightroom 5.6 as needed to open D819 so your 3.6 version of LR won't cut it.

• I am a CC subscriber and trying to update lr5.7 and I am told to got to my CC folder and click on install. The problem is, LR is not in my file. I guess I have been using my original lr that I bought years ago. What now? How do i get lr into the CC file?

  I am a CC subscriber and trying to update lr5.7 and I am told to got to my CC folder and click on install. The problem is, LR is not in my file. I guess I have been using my original lr that I bought years ago. What now? How do i get lr into the CC file?

  Gary116 please remove and reinstall Lightroom by following the steps listed in CC desktop lists applications as "Up to Date" when not installed.  The version of Photoshop Lightroom available through the Creative Cloud Desktop application supports your Creative Cloud Membership.