IPlanet LDAP configuration in Weblogic 8.1 SP3

We use iPlanet LDAP provider for app authentication. We need only the authentication and no authorization. However when we do not specify information in Groups and Membership tabs, and provide only User information, authentication fails. Does iPlanet provider need Group and Membership information for simple authemtication?

Similar Messages

WLST IPlanet LDAP configuration

Is it possible to configure IPlanet LDAP Authenticator using WLST offline mode ? If so, can any one say how to configure it in offline mode.
Thanks,
Gopal

No this is not supoorted in Offline mode, you should use online WLST.
Thanks,
-satya

Iplanet LDAP Configuration in Portal

Hi All,
I was trying to configure my UME with LDAP - iplanet. (Sun one Directory Server) in SAP Netweaver CE. I downloaded the xml file using config tool.
1. dataSourceConfiguration_iplanet_readonly_db
2. dataSourceConfiguration_iplanet_not_readonly_db
3. dataSourceConfiguration_iplanet_deep_readonly_db
while one should i use? How do i know whether iplanet uses a deep or Flat Hierarchy? When i try to use the
dataSourceConfiguration_iplanet_not_readonly_db. on click of save changes, it gives me some "Technical error". But Validate connection in LDAP Server Properties is working fine.
"Test Connection successful".
But server not starting after restart. How else do i change the UME Configurationfrom Database to LDAP? What is the xml file to use? Is there some other configurations to be done?
Thanks,
Divya
Edited by: Divya V on Nov 19, 2010 10:23 AM

Hi Divya,
Try to contact the systems team who is responsible for maintaining the LDAP in your company. Then call tell you if you use deep or flat hierarchy.
The you need to decide if you want to connect to LDAP only for read only purposes or if you want to update any thing on the LDAP from the portal and have write access.
1. dataSourceConfiguration_iplanet_readonly_db - FOR READ ONLY ACCESS TO LDAP WITH FLAT HIERARCHY
2. dataSourceConfiguration_iplanet_not_readonly_db - FOR WRITEABLE ACCESS TO LDAP
3. dataSourceConfiguration_iplanet_deep_readonly_db - FOR READ ONLY ACCESS TO LDAP WITH DEEP HIERARCHY
You are getting the error when using dataSourceConfiguration_iplanet_not_readonly_db.xmL most likely because the system user that is used to connect to your LDAP might not have write access on the LDAP.
Also, please note that some LDAPs will require an SSL connection between portal and LDAP for writing any thing to the LDAP.
In that case, you will have to setup SSL between EP and LDAP.
Read the documentation for further help:
http://help.sap.com/saphelp_nw70ehp1/helpdata/en/48/d1d13f7fb44c21e10000000a1550b0/frameset.htm
Hope that helps !!
Thanks,
Shanti Mupkala

LDAP Configuration in weblogic server

Hi,
This is chirumalla,
I am working on the task for configuring the LDAP on weblogic 9.2 MP2.
Could anybody help me on how to start on this task.
Thanks in advance.

I'm not sure what you want to achieve, but I guess that you want to use the Oracle Internet Directory for authentication?
Usually there would be some place in the Weblogic setup where you can configure this. Needed for the connectivity to the OID are usually the DN of the user that can connect (cn=orcladmin,dc=users,dc=acme,dc=com) and the hostname and port where the OID is running.
cu
Andreas

LDAP Configuration in Weblogic 9.1 on HP-UX

Application unable to login, getting invalid login user.
LDAP in Windows Box. In log file following lines we getting, Suggest how to resolve this issue:
<XACML Authorization isAccessAllowed(): returning DENY>
####<Oct 26, 2006 11:07:42 AM IST> <Debug> <SecurityAdjudicator> <> <[ACTIVE] ExecuteThread: '12' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1161841062279> <000000> <DefaultAdjudicatorImpl.adjudicate results: DENY >
####<Oct 26, 2006 11:07:42 AM IST> <Debug> <SecurityAtz> <> <[ACTIVE] ExecuteThread: '12' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1161841062279> <000000> <AuthorizationManager.isAccessAllowed returning adjudicated: false>

Rahul,
Can you try viewing the console from a different machine with a
different browser?
Raj Alagumalai
Rahul Kumar wrote:
Hi All,
I installed weblogic 6.1 on HP-UX 11.0 successfully.
I conect to the http://myserver:7001/console give ib the user nam and
password.
But i am not able to see the java applet initialized on the left frame of
the browser window.
Although i am able to see normal applet initialized but this specific applet
is notvisible on HP-UX browser..
This window is accessible from any other windows ie or netscape.
I am using netscape 4.78 on HP ux 11.0
Somebody help

Iplanet LDAP with Weblogic

Hello All,
I forgot the subject line. I'm trying to set up iPlanet Directory 4.1 with
WebLogic 5.1 Sp3 on Solaris7. Weblogic will see the users I specify
(username,groupname) but not
the group, additionally it will allow you to login if you know the
username and anypassword. I get the following error when loading the
http://localhost:port/AdminRealm. I've gone through the LDAP
properties file a million times. Lastly, now it does a core - dump
while trying to start.
Please help.
Richard
################# Begin Error ###############################3
java.lang.NullPointerException
at weblogic.security.ldaprealm.LDAPDelegate.magicBunny(Compiled Code)
at weblogic.security.ldaprealm.LDAPDelegate.addGroupMember
(Compiled Code)
at weblogic.security.ldaprealm.LDAPDelegate.getGroupMembers
(Compiled Code)
at weblogic.security.ldaprealm.LDAPDelegate.getGroupMembers
(LDAPDelegate.java:518)
at weblogic.security.ldaprealm.LDAPRealm.getGroupMembersInternal
(LDAPRealm.java:81)
at weblogic.security.acl.AbstractListableRealm.getGroupMembers
(AbstractListableRealm.java:302)
at weblogic.security.acl.FlatGroup.ensureFreshness
(FlatGroup.java:149)
at weblogic.security.acl.FlatGroup.members(FlatGroup.java:236)
at admin.AdminRealm.composePage(Compiled Code)
at admin.AdminServlet.service(AdminServlet.java:257)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:865) at
weblogic.servlet.internal.ServletStubImpl.invokeServlet
(ServletStubImpl.java:123)
at weblogic.servlet.internal.ServletContextImpl.invokeServlet
(ServletContextImpl.java:744)
at weblogic.servlet.internal.ServletContextImpl.invokeServlet
(ServletContextImpl.java:692)
at weblogic.servlet.internal.ServletContextManager.invokeServlet
(ServletContextManager.java:251)
at weblogic.socket.MuxableSocketHTTP.invokeServlet
(MuxableSocketHTTP.java:363)
at weblogic.socket.MuxableSocketHTTP.execute
(MuxableSocketHTTP.java:263)
at weblogic.kernel.ExecuteThread.run(Compiled Code)

I have the same requirement too. I have been looking at many sources and havent
come across any that mentions anything related to this. If you come across anything
please do let me know.
Regards
Vijay
"Licheng" <[email protected]> wrote:
>
I also face the similar problem. In our case, one of the business requirements
for the authentication process is that when a user is authenticated,
but his password
expires, the system should force the user to change password.
With JAAS and WebLogic 7.0, I don't know the standard or "preferred"
approach
to this problem
regards
Licheng

LDAP groups and WebLogic Roles - Urgent ( weblogic 6.1 sp1, iPLanet 5.1)

I have 2 questions and these are very urgent :-
1. Where the mapping can be defined between LDAP groups and WebLogic Roles. I have
2 groups in iPLanet :- Contarctors and employees and I have 2 security roles in weblogic:-
contractactors and employess. How do I map LDAP group contractors to weblogic security
Role contractors? Similarly for employees ?
2. I have not defined contarctors and employeees under People container in IPlanet.
e.g. The RDN for contractor is
uid=1234,ou=dir,dc=orams,dc=com
Can I still use the defualt security realm of weblogic (the WebLogic Security Realm
under People ) OR I have to write my own custom code ?
3. I am planning to use Roles insetad of groups to manage the logical grouping in
iPLant. Can I still use the groups in WebLogic security realm ( in the configuratin
parameters ?)
This is very urgent ....so if any of you can throw any hints that will be greatly
appreciated.
--Sunita

Hi Ariel,
The driver is bundled with the product in WLS 6.1sp1. you don't have to
download any additional driver. Use it as you normally would only thing to
remember is if you are trying to write standalone java code then you have to
have weblogic.jar in your classpath. For the rest of the info follow the wls
docs for 6.1
HTH
sree
"Ariel" <[email protected]> wrote in message
news:3bb4a643$[email protected]..
We want to connect our Weblogic 6.1 sp1 server to a SQLServer 2000 db. We
downloaded the JDriver from bea.com, but all the istructions that camewith
it are for WLserver 5.1.
What has to be done to do this with 6.1 sp1?
Thanks,
Ariel

Please let me know LDAP Configuration in Oracle Weblogic Server 10.3.2

Hi,
Please let me know LDAP Configuration in Oracle Weblogic Server 10.3.2.Please give me the steps to configure the LDAP in weblogic 10.3.2.

Hi,
You can check http://download.oracle.com/docs/cd/E15523_01/doc.1111/e14142/console.htm#i1075285

WebLogic 6.1 and iPlanet LDAP v5

Per a proof of concept, I am having trouble getting WL6.1 to see
group members as defined in iPlanet LDAP. I can see the groups,
but modifies to create groups only create them in the local DB.
Created users also only get placed in the local DB. I can bind
for searches as Directory Manager via ldapsearch and run queries,
and the DS gateway works fine. I can dump the LDIF file and the
entries look fine.
I copied and modified the template for the Netscape server and
have the realm setup per the GUI.
For sanity, everything is very generic as:
the Root DN is "o=test.org"
and my "Configuration" part from the config.xml looks like:
server.authprotocol=simple;
server.host=localhost;
membership.filter=(&(uniquemember=%M)(objectclass=groupofuniquenames));
server.port=390;
group.dn=o=test.org;
group.filter=(&(cn=%g)(objectclass=groupofuniquenames));
server.principal=cn=Directory Manager;
user.dn=o=test.org;
server.groupiscontext=false;
user.filter=(&(uid=%u))
I added the "authprotocol" as a guess. Note that the server is
running on port 390, this is not a typo.
Any ideas what is going wrong?

hi,
there are two versions of ldap supported in wls6.1 , ldapv1 and ldavp2
ldap v1 only has the functionality of listing groups.
but where ldapv2 doesn't have that functionality,
by looking at your config , it seems you are using ldap v2..
if u need that functionality u can use ldapv1.
thanks
kiran
"Bert Cliche" <[email protected]> wrote in message
news:[email protected]..
Per a proof of concept, I am having trouble getting WL6.1 to see
group members as defined in iPlanet LDAP. I can see the groups,
but modifies to create groups only create them in the local DB.
Created users also only get placed in the local DB. I can bind
for searches as Directory Manager via ldapsearch and run queries,
and the DS gateway works fine. I can dump the LDIF file and the
entries look fine.
I copied and modified the template for the Netscape server and
have the realm setup per the GUI.
For sanity, everything is very generic as:
the Root DN is "o=test.org"
and my "Configuration" part from the config.xml looks like:
server.authprotocol=simple;
server.host=localhost;
membership.filter=(&(uniquemember=%M)(objectclass=groupofuniquenames));
server.port=390;
group.dn=o=test.org;
group.filter=(&(cn=%g)(objectclass=groupofuniquenames));
server.principal=cn=Directory Manager;
user.dn=o=test.org;
server.groupiscontext=false;
user.filter=(&(uid=%u))
I added the "authprotocol" as a guess. Note that the server is
running on port 390, this is not a typo.
Any ideas what is going wrong?

Use of external LDAP server in Weblogic Commerce Server

I'm using the following software:
Iplanet Directory Server v5
Weblogic Application Server v6
Weblogic Commerce v3.5
I need to configure Weblogic Commerce Server to use Iplanet Directory Server directory
services. How do I do that?
I have a couple of questions related to this:
1) As Weblogic Commerce Server runs on top of Weblogic v6, does it mean that to
use an external LDAP server, I need to configure weblogic v6 to do that and not
Weblogic Commerce Server?
2) Whatever may be the case above, how do I do that?
3) config.xml (weblogic application server v6) contains information that needs
to be modified to point to an external JNDI source provider but what information
do I need to modify?
I'd really appreciate if someone can help me out here. Thanks!

"JP" <[email protected]> wrote in message news:[email protected]..
Hi,
I'm looking for someone who has used the Lotus LDAP server for WLP7
authentication.
I connect my portal to the Domino LDAP, User and Groups are working
fine, but the membership of a user to a group is not.
I assume that it's related to the parameters I use (especially the
membership.filter ?):
"user.filter=(&(uid=%u)(objectclass=person));
user.dn=O=Apac;
membership.filter=(&(uniquemember=%M)(objectclass=groupOfNames));
group.filter=(&(cn=%g)(objectclass=groupOfNames));
server.host=jpgal01.apac.bea.com;
group.dn="
Any help would be appreciate, because I just don't where to look for.
Try setting the com.netscape.ldap.trace property.
\* When -D command line option is used, defining the property with
* no value will send the trace output to the standard error. If the
* value is defined, it is assumed to be the name of an output file.
* If the file name is prefixed with a '+' character, the file is
* opened in append mode.
This will create a ldap trace file of the requests that WLS is making on the
LDAP server. You can then see
where the filters are not returning the correct value for the group
membership.

Using IPlanet LDAP Server!!!

Hi, i'm using IPlanet LDAP Server 5.0 and Weblogic 6.0 SP1.
After succeeding in connecting the LDAP server, i want to list all the users
and groups, then the following exception came up. Does anyone know the
reason?
I don't know why we should define the "Users" & "Groups" information when we
try to connect to a LDAP server. Please help me. Thanks!
Exception
weblogic.management.configuration.RealmException: RealmManager.listUsers -
with nested exception:
[weblogic.security.ldaprealm.LDAPException: could not get user list - with
nested exception:
[javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object];
remaining name 'dc=crcc,ou=People,cn=eric lu']]
     at
weblogic.management.configuration.RealmManager.listUsers(RealmManager.java:1
63)
     at
weblogic.management.console.pages._domain._usertable._jspService(_usertable.
java:346)
     at weblogic.servlet.jsp.JspBase.service(JspBase.java:27)
     at
weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
:213)
     at
weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletCo
ntext.java:1265)
     at
weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java
:1622)
     at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:137)
     at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
* Name: Gary Wang
* Tele: 010-65546668-8119
* Mail: [email protected]

When you use the LDAP v1 realms you have to supply four primary sets of information
1) The URL of the LDAP server
2) The principal and credentials you use to bind with ... this will usually be
the distinguished name and user password for a user that is set with administrative
rights
3) The User information that indicates (a) what node to look for users ... for
example ou=People,dc=crcc and (b) the attribute that maps to the login ID (typically,
uid)
4) The Group information that indicates (a) what node to look for groups ... for
exampel ou=Groups,dc=crcc and the attribute in each group that represents the
member dn typically either uniquemember or uniquename
Hope this helps.
"Gary" <[email protected]> wrote:
Hi, i'm using IPlanet LDAP Server 5.0 and Weblogic 6.0 SP1.
After succeeding in connecting the LDAP server, i want to list all the
users
and groups, then the following exception came up. Does anyone know the
reason?
I don't know why we should define the "Users" & "Groups" information
when we
try to connect to a LDAP server. Please help me. Thanks!
Exception
weblogic.management.configuration.RealmException: RealmManager.listUsers
with nested exception:
[weblogic.security.ldaprealm.LDAPException: could not get user list -
with
nested exception:
[javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object];
remaining name 'dc=crcc,ou=People,cn=eric lu']]
     at
weblogic.management.configuration.RealmManager.listUsers(RealmManager.java:1
63)
     at
weblogic.management.console.pages._domain._usertable._jspService(_usertable.
java:346)
     at weblogic.servlet.jsp.JspBase.service(JspBase.java:27)
     at
weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
:213)
     at
weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletCo
ntext.java:1265)
     at
weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java
:1622)
     at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:137)
     at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
* Name: Gary Wang
* Tele: 010-65546668-8119
* Mail: [email protected]

How can i config WLS7 and iPlanet LDAP

How can i config WLS7 and iPlanet LDAP?
failed during initialization. Exception:java.lang.SecurityException: Authenticat
ion for user weblogic denied
java.lang.SecurityException: Authentication for user weblogic denied
at weblogic.security.service.SecurityServiceManager.doBootAuthorization(
SecurityServiceManager.java:978)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
erviceManager.java:1116)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:703)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:588)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:276)
at weblogic.Server.main(Server.java:31)
>

Yos:
Series of steps to get WLS working with some external LDAP server follows:
I. create a new domain /mydomain
II. start server
III. open WebLogic console in a browser
IV. in left frame, go to
security->realms->myrealm->providers->AuthenticationProviders and click
V. in right frame, click on “Configure a new iPlanet Authenticator”
VI. In the new screen, under General, make sure the Control Flag is set to Required,
select a name for this authenticator, and click Create.
VII. Select iPlanet LDAP tab and fill in values for Host, Port, Principal where
these values reflect the settings for your LDAP server. (Note: the default
principal for an iPlanet LDAP server is uid=admin, ou=Administrators,
ou=TopologyManagement, o=NetscapeRoot). Click Apply.
VIII. Click on Credential: Change. At the new screen, enter the credential
associated with the Principal that you entered in step VII in both boxes. This will
be the password that is used to do a bind to your LDAP server with the principal.
Click Apply.
IX. Select Users tab and make sure these properties accurately reflect the structure
of your LDAP server. Most of the time the only property that needs to be changed is
the User Base DN property, from ou=people,o=example.com to
ou=people,o=myCompany.com. Click Apply.
X. Select Groups tab and make sure these properties accurately reflect the structure
of your LDAP server. Most of the time the only property that needs to be changed is
the Groups Base DN property, from ou=people,o=example.com to
ou=groups,o=myCompany.com. Click Apply.
XI. Now, the boot identity of your server absolutely must be a user that exists on
your LDAP server. You must also have an “Administrators” group on your LDAP server,
and the boot identity must be a user that exists in this “Administrators” group, or
the server will not start. So open your LDAP console (this will be a console that
is specific to the LDAP server you are using) and use the management tools to create
the “Administrators” group and a user that you place in the “Administrators” group
that is the boot identity that you use to start WebLogic.
XII. Make these changes and restart the server.
XIII. You can verify that the LDAP setup is correct by doing a thread dump. You
should see a thread like:
“LDAPConnThread localhost:389" daemon prio=5 tid=0x8d9b308 nid=0x8f8 runnable
[0x9e2f000..0x9e2fdbc]
at java.net.SocketInputStream.socketRead(Native Method)
at java.net.SocketInputStream.read(SocketInputStream.java:86)
at java.io.BufferedInputStream.fill(BufferedInputStream.java:186)
at java.io.BufferedInputStream.read(BufferedInputStream.java:204)
- locked <3281d98> (a java.io.BufferedInputStream)
at netscape.ldap.ber.stream.BERElement.getElement(BERElement.java:101)
at netscape.ldap.LDAPConnThread.run(LDAPConnThread.java:420)
where “localhost:389” is the server name and port of your LDAP
server. This means that your Authenticator has been set up correctly.
XIV. Now you can delete your default authenticator. Open the WebLogic console and
go to security->realms->myrealm->providers->AuthenticationProviders in the left
frame, and click
XV. In the right frame, look for DefaultAuthenticator and click on the trash can to
the far right. Say “Yes” when it asks if you are sure, then click Continue.
XVI. Restart the WebLogic server. If the server boots correctly, you’re done.
Everything is working correctly.
Please note that the "default authenticator" refers to the embedded LDAP server that
ships with WebLogic.
Hope this helps.
Joe Jerry
Yos wrote:
How can i config WLS7 and iPlanet LDAP?
failed during initialization. Exception:java.lang.SecurityException: Authenticat
ion for user weblogic denied
java.lang.SecurityException: Authentication for user weblogic denied
at weblogic.security.service.SecurityServiceManager.doBootAuthorization(
SecurityServiceManager.java:978)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
erviceManager.java:1116)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:703)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:588)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:276)
at weblogic.Server.main(Server.java:31)
>

I'm having iPlanet LDAP problems too! Can someone give this admin a hand?

I've created the iPlanet Authenticator in my existing "myrealm" and have configured
everything. Now when I startup my Weblogic 7, I don't see anything related to
the initialization of the external iplanet LDAP directory server. Can someone
help? I just see one thing,
####<Oct 16, 2003 5:39:05 PM PDT> <Info> <Security> <serverr> <myadmin_svr> <Execut
eThread: '1' for queue: '__weblogic_admin_html_queue'> <kernel identity> <> <0905
16> <The Authenticator provider has preexisting LDAP data.>
What are my next steps to make WLS 7.0 to iplanet directory a reality?

"VetteMan" <[email protected]> wrote:
>
"Kai" <[email protected]> wrote:
Hi,
Check if you can see users and groups from the directory server in the
console.
Kai
"VetteMan" <[email protected]> wrote:
I've created the iPlanet Authenticator in my existing "myrealm" andhave
configured
everything. Now when I startup my Weblogic 7, I don't see anything
related
to
the initialization of the external iplanet LDAP directory server. Can
someone
help? I just see one thing,
####<Oct 16, 2003 5:39:05 PM PDT> <Info> <Security> <serverr> <myadmin_svr>
<Execut
eThread: '1' for queue: '__weblogic_admin_html_queue'> <kernel identity>
<> <0905
16> <The Authenticator provider has preexisting LDAP data.>
What are my next steps to make WLS 7.0 to iplanet directory a reality?Kai, should I be able to go to the "Users" for that realm and seach the
LDAP server?
Didn't think that was possible. If I had multiple authentication providers,
how
would WL know which provider to use?
Also, I looked at my config.xml and it doesn't seem to have the changes....should
it be in there?
thanks,
mr. C5
Hi,
The users page lists all users and provides in an additional column the source
(auth.prov.) from where the user has been sourced. If you don't see the users
from the LDAP directory it's not working properly. There is also a bug where the
users page is not loading if the number of users is too big. I'm working with
8 at the moment, but it should be the same with 7. The authentication provider
configuration of the default provider by BEA are stored in the internal LDAP.
Kai

IPLANET LDAP config

I'm trying to connect to an Iplanet 4.1 from wls7, i configured it everything, but
I couldn't see groups or users...I read in older posts here that talk about the config.xml,
but there´s nothing in there, where wls save the info about ldap config?
besides..is necesary to setup below Providers all the items..or just the Authentication
providers?
I'm using Directory manager by principal.
people -> base dn=o=sunat.gob.pe, ou=People
groups -> base dn=o=sunat.gob.pe, ou=Groups
thanks by any help...

Hi Amitabha,
I have faced the same problem some time back. Weblogic keeps it security information
under
"%BEA_HOME%\user_projects\zionsbank\userConfig\Security" directory. You must must
have known the time you created the new realm, remove all the folders under security/
created at that time. You configuration will be restored back to the one you had
before creating the new realm.
Hope it will work.
Amir
"Amitabha Mitra" <[email protected]> wrote:
>
Hi,
We have created a new realm with the provider as the iplanet LDAP. There
was no
problem creating the realm. We have set this realm as the default realm
for the
domain. But when we start up the server(with userid and password as weblogic
the default administrator uid/pwd with which it was working fine before
changing
the default realm) is now giving the following error :
java.lang.SecurityException: Authentication for user weblogic denied
at weblogic.security.service.SecurityServiceManager.doBootAuthorization(SecurityServiceManager.java:978)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:1116)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:703)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:588)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:276)
at weblogic.Server.main(Server.java:31)
The server is thus not starting up.
We tried with creating a user called 'weblogic' under a group called
'Administrators'
in the iPlanet LDAP but it is giving the same error.
Is there any other configuration that needs to be done ?
Is the Administrator,developer and application level security controlled
from
the same place.
Rgds,
Amitabha

Session Timeout in weblogic 6.1 SP3-- Urgent

Hi
We are currently using weblogic 6.1 SP3 and iPlanet for our application. The session timeout in web.xml is set to 100 mins but the session doesn't timeout, i.e., we can still access the application without being locked out. How can I fix this??
What is happening is that a new session is being created automatically after the sesion timeout. our application doesn't validate the user.. the authentication is done by some PKI tokens. can that be the reason for this behavior??? If so, how can we fix it??

What is the heap size ? How many useres are hitting the system ? What is the approx size of the session? Turn on -verbose:gc and monitor the GC activity. Are the sessions really inactive ?
Make the timeout 30 secs and the InvalidationIntervalSecs to 20 secs and see if it makes a difference.
If you still have the same results attach the pofiler trace here. A test case would be good too.
Rakesh Aggarwal wrote:
We are running a J2EE servlet in Weblogic 6.1 SP3 on Windows NT. The test client to this servlet opens a new Http session on every request.
The server containing the servlet does not seem to be releasing memory associated with the session. The server eventually runs out of memory due to this. We verified this with a profiler tool. It shows Strings allocated with ServletRequestImpl.getSession() (weblogic.servlet.internal.session.RSID.getID()) not freed. We have set the session invalidation timeout to 1 min using:
1) session-timeout=1 in web.xml,
2) TimeoutSecs=60, InvalidationIntervalSecs=60 in weblogic.xml for the web-app containing the servlet.
We have also tried setting session.setMaxInactiveInterval(60secs) for the servlet. The latter setting does seem to work as verified from a UI client. We are wondering whether weblogic server is not cleaning up the session even after invalidating it.
We are not saving any reference to the Http session in our servlet. So we would think that the weblogic server should cleanp the inactive session after 1 min according to the above setting.
Any help regarding this will be sincerely appreciated. Thanks.
-Rakesh--
Rajesh Mirchandani
Developer Relations Engineer
BEA Support

IPlanet LDAP configuration in Weblogic 8.1 SP3

Similar Messages

Maybe you are looking for