IPlanet LDAP Maintenance
I'm looking for maintenance commands for iplanets ldap. I got a core file in my log directory for iplanet ldap and I had to restart the service completely. The database is VERY heavily used, so I figured a bit maintenance work would work wonders. Any thoughts?
Hi,
jchutch2 wrote:
I'm looking for maintenance commands for iplanets ldap. I got a core file in my log directory for iplanet ldap and I had to restart the service completely. The database is VERY heavily used, so I figured a bit maintenance work would work wonders. Any thoughts?A few thoughts:
=> This is not the appropriate forum for directory server questions, this forum deals with messaging/calendar/instant messaging server.
=> If you have a core file you need to log a Sun support case to have that core analysed and get a bug-fix/patch. This of course assumes you have a support contract.
=> Please provide the version of directory server you are running in future posts.
=> iPlanet directory server doesn't need regular 'maintenance'. The only operation you may need to perform is a reindex of the caches (if you have done a lot of changes).
Regards,
Shane.
Similar Messages
-
Urgent: mapping between OID and iplanet ldap
I am trying to configure the mapping between my iplanet ldap server (source) and OID (destination) . My iplanet dn is uid=sharam,ou=People,dc=xsj,dc=xilinx,dc=com and my OID dn is cn=sharam,cn=users,dc=xsj,dc=xilinx,dc=com
My mapping file looks like this:
DomainRules
dc=xilinx,dc=com:cn=users,dc=xsj,dc=xilinx,dc=com:cn=%,cn=users,dc=xsj,dc=xilinx
AttributeRules
givenname
facsimiletelephonenumber
departmentnumber
mail
uid::::cn
telephonenumber
pager
employeenumber
l
sn
title
When I load this using ldapUploadAgentFile.sh, I am getting the following error in ldap/odi/log/IPlanet.trc file. Any ideas what I am doing wrong??
Trace Log Started at Mon Jul 08 11:28:47 PDT 2002
IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
ODIException: DIP_GEN_UNKNOWN_FAILURE
at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
Updated Attributes
orclodipLastExecutionTime: 20020708112903
orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
orclOdipSynchronizationErrors: Unknown Error Encountered
IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
ODIException: DIP_GEN_UNKNOWN_FAILURE
at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
Updated Attributes
orclodipLastExecutionTime: 20020708112917
orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
orclOdipSynchronizationErrors: Unknown Error Encountered
IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
ODIException: DIP_GEN_UNKNOWN_FAILURE
at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
Updated Attributes
orclodipLastExecutionTime: 20020708112933
orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
orclOdipSynchronizationErrors: Unknown Error Encountered
IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
ODIException: DIP_GEN_UNKNOWN_FAILURE
at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
Updated Attributes
orclodipLastExecutionTime: 20020708112948
orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
orclOdipSynchronizationErrors: Unknown Error Encountered
IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
ODIException: DIP_GEN_UNKNOWN_FAILURE
at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
Updated Attributes
orclodipLastExecutionTime: 20020708113003
orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
orclOdipSynchronizationErrors: Unknown Error Encountered
IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
ODIException: DIP_GEN_UNKNOWN_FAILURE
at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
Updated Attributes
orclodipLastExecutionTime: 20020708113018
orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
orclOdipSynchronizationErrors: Unknown Error Encountered
IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
ODIException: DIP_GEN_UNKNOWN_FAILURE
at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
Updated Attributes
orclodipLastExecutionTime: 20020708113033
orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
orclOdipSynchronizationErrors: Unknown Error Encountered
IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
ODIException: DIP_GEN_UNKNOWN_FAILURE
at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
Updated Attributes
orclodipLastExecutionTime: 20020708113048
orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
orclOdipSynchronizationErrors: Unknown Error Encountered
IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
ODIException: DIP_GEN_UNKNOWN_FAILURE
at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
Updated Attributes
orclodipLastExecutionTime: 20020708113103
orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
orclOdipSynchronizationErrors: Unknown Error Encountered
IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
ODIException: DIP_GEN_UNKNOWN_FAILURE
at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
Updated Attributes
orclodipLastExecutionTime: 20020708113118
orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
orclOdipSynchronizationErrors: Unknown Error Encountered
IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
ODIException: DIP_GEN_UNKNOWN_FAILURE
at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
Updated Attributes
orclodipLastExecutionTime: 20020708113133
orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
orclOdipSynchronizationErrors: Unknown Error Encountered
IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
ODIException: DIP_GEN_UNKNOWN_FAILURE
at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
Updated Attributes
orclodipLastExecutionTime: 20020708113148
orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
orclOdipSynchronizationErrors: Unknown Error Encountered
IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
ODIException: DIP_GEN_UNKNOWN_FAILURE
at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
Updated Attributes
orclodipLastExecutionTime: 20020708113203
orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
orclOdipSynchronizationErrors: Unknown Error Encountered
IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
ODIException: DIP_GEN_UNKNOWN_FAILURE
at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
Updated Attributes
orclodipLastExecutionTime: 20020708113217
orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
orclOdipSynchronizationErrors: Unknown Error Encountered
IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
ODIException: DIP_GEN_UNKNOWN_FAILURE
at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
Updated Attributes
orclodipLastExecutionTime: 20020708113233
orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
orclOdipSynchronizationErrors: Unknown Error Encountered
IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
ODIException: DIP_GEN_UNKNOWN_FAILURE
at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
Updated Attributes
orclodipLastExecutionTime: 20020708113248
orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
orclOdipSynchronizationErrors: Unknown Error Encountered
IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
ODIException: DIP_GEN_UNKNOWN_FAILURE
at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
Updated Attributes
orclodipLastExecutionTime: 20020708113303
orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
orclOdipSynchronizationErrors: Unknown Error Encountered
IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
ODIException: DIP_GEN_UNKNOWN_FAILURE
at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
Updated Attributes
orclodipLastExecutionTime: 20020708113317
orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
orclOdipSynchronizationErrors: Unknown Error Encountered
IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
ODIException: DIP_GEN_UNKNOWN_FAILURE
at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
Updated Attributes
orclodipLastExecutionTime: 20020708113333
orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
orclOdipSynchronizationErrors: Unknown Error Encountered
IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
ODIException: DIP_GEN_UNKNOWN_FAILURE
at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
Updated Attributes
orclodipLastExecutionTime: 20020708113348
orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
orclOdipSynchronizationErrors: Unknown Error EncounteredStart the odisrv with the debug flag set to 16. This should give you a more detailed trace which might help you sort this.
Hope this helps
Vinodh R. -
IPlanet LDAP configuration in Weblogic 8.1 SP3
We use iPlanet LDAP provider for app authentication. We need only the authentication and no authorization. However when we do not specify information in Groups and Membership tabs, and provide only User information, authentication fails. Does iPlanet provider need Group and Membership information for simple authemtication?
We use iPlanet LDAP provider for app authentication. We need only the authentication and no authorization. However when we do not specify information in Groups and Membership tabs, and provide only User information, authentication fails. Does iPlanet provider need Group and Membership information for simple authemtication?
-
Hi, i'm using IPlanet LDAP Server 5.0 and Weblogic 6.0 SP1.
After succeeding in connecting the LDAP server, i want to list all the users
and groups, then the following exception came up. Does anyone know the
reason?
I don't know why we should define the "Users" & "Groups" information when we
try to connect to a LDAP server. Please help me. Thanks!
Exception
weblogic.management.configuration.RealmException: RealmManager.listUsers -
with nested exception:
[weblogic.security.ldaprealm.LDAPException: could not get user list - with
nested exception:
[javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object];
remaining name 'dc=crcc,ou=People,cn=eric lu']]
at
weblogic.management.configuration.RealmManager.listUsers(RealmManager.java:1
63)
at
weblogic.management.console.pages._domain._usertable._jspService(_usertable.
java:346)
at weblogic.servlet.jsp.JspBase.service(JspBase.java:27)
at
weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
:213)
at
weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletCo
ntext.java:1265)
at
weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java
:1622)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:137)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
* Name: Gary Wang
* Tele: 010-65546668-8119
* Mail: [email protected]When you use the LDAP v1 realms you have to supply four primary sets of information
1) The URL of the LDAP server
2) The principal and credentials you use to bind with ... this will usually be
the distinguished name and user password for a user that is set with administrative
rights
3) The User information that indicates (a) what node to look for users ... for
example ou=People,dc=crcc and (b) the attribute that maps to the login ID (typically,
uid)
4) The Group information that indicates (a) what node to look for groups ... for
exampel ou=Groups,dc=crcc and the attribute in each group that represents the
member dn typically either uniquemember or uniquename
Hope this helps.
"Gary" <[email protected]> wrote:
Hi, i'm using IPlanet LDAP Server 5.0 and Weblogic 6.0 SP1.
After succeeding in connecting the LDAP server, i want to list all the
users
and groups, then the following exception came up. Does anyone know the
reason?
I don't know why we should define the "Users" & "Groups" information
when we
try to connect to a LDAP server. Please help me. Thanks!
Exception
weblogic.management.configuration.RealmException: RealmManager.listUsers
with nested exception:
[weblogic.security.ldaprealm.LDAPException: could not get user list -
with
nested exception:
[javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object];
remaining name 'dc=crcc,ou=People,cn=eric lu']]
at
weblogic.management.configuration.RealmManager.listUsers(RealmManager.java:1
63)
at
weblogic.management.console.pages._domain._usertable._jspService(_usertable.
java:346)
at weblogic.servlet.jsp.JspBase.service(JspBase.java:27)
at
weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
:213)
at
weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletCo
ntext.java:1265)
at
weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java
:1622)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:137)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
* Name: Gary Wang
* Tele: 010-65546668-8119
* Mail: [email protected] -
Using iPlanet LDAP to just authenticate name/pwd
I'm experimenting with setting up an LDAPAuthenticator, using iPlanet LDAP, for
some application security. Our LDAP record has a name and password, but nothing
about groups or roles. It's likely that I won't be able to add any fields to
our LDAP structure in order to support the LDAPAuthenticator.
The application I'm targeting will allow anyone in the LDAP directory into the
application, but one part of the application will only be available for a select
few (also in the LDAP directory).
I'm looking for options for how to arrange this. It almost appears that I'll need
a custom authenticator that merges the LDAPAuthenticator with a database lookup,
or perhaps merging the external LDAP with the WL internal LDAP, where the only
records in the internal LDAP will be ones with "special" access.
What are straightforward and/or correct ways to get this done?I'm experimenting with setting up an LDAPAuthenticator, using iPlanet LDAP, for
some application security. Our LDAP record has a name and password, but nothing
about groups or roles. It's likely that I won't be able to add any fields to
our LDAP structure in order to support the LDAPAuthenticator.
The application I'm targeting will allow anyone in the LDAP directory into the
application, but one part of the application will only be available for a select
few (also in the LDAP directory).
I'm looking for options for how to arrange this. It almost appears that I'll need
a custom authenticator that merges the LDAPAuthenticator with a database lookup,
or perhaps merging the external LDAP with the WL internal LDAP, where the only
records in the internal LDAP will be ones with "special" access.
What are straightforward and/or correct ways to get this done? -
How can i config WLS7 and iPlanet LDAP
How can i config WLS7 and iPlanet LDAP?
failed during initialization. Exception:java.lang.SecurityException: Authenticat
ion for user weblogic denied
java.lang.SecurityException: Authentication for user weblogic denied
at weblogic.security.service.SecurityServiceManager.doBootAuthorization(
SecurityServiceManager.java:978)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
erviceManager.java:1116)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:703)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:588)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:276)
at weblogic.Server.main(Server.java:31)
>Yos:
Series of steps to get WLS working with some external LDAP server follows:
I. create a new domain /mydomain
II. start server
III. open WebLogic console in a browser
IV. in left frame, go to
security->realms->myrealm->providers->AuthenticationProviders and click
V. in right frame, click on “Configure a new iPlanet Authenticator”
VI. In the new screen, under General, make sure the Control Flag is set to Required,
select a name for this authenticator, and click Create.
VII. Select iPlanet LDAP tab and fill in values for Host, Port, Principal where
these values reflect the settings for your LDAP server. (Note: the default
principal for an iPlanet LDAP server is uid=admin, ou=Administrators,
ou=TopologyManagement, o=NetscapeRoot). Click Apply.
VIII. Click on Credential: Change. At the new screen, enter the credential
associated with the Principal that you entered in step VII in both boxes. This will
be the password that is used to do a bind to your LDAP server with the principal.
Click Apply.
IX. Select Users tab and make sure these properties accurately reflect the structure
of your LDAP server. Most of the time the only property that needs to be changed is
the User Base DN property, from ou=people,o=example.com to
ou=people,o=myCompany.com. Click Apply.
X. Select Groups tab and make sure these properties accurately reflect the structure
of your LDAP server. Most of the time the only property that needs to be changed is
the Groups Base DN property, from ou=people,o=example.com to
ou=groups,o=myCompany.com. Click Apply.
XI. Now, the boot identity of your server absolutely must be a user that exists on
your LDAP server. You must also have an “Administrators” group on your LDAP server,
and the boot identity must be a user that exists in this “Administrators” group, or
the server will not start. So open your LDAP console (this will be a console that
is specific to the LDAP server you are using) and use the management tools to create
the “Administrators” group and a user that you place in the “Administrators” group
that is the boot identity that you use to start WebLogic.
XII. Make these changes and restart the server.
XIII. You can verify that the LDAP setup is correct by doing a thread dump. You
should see a thread like:
“LDAPConnThread localhost:389" daemon prio=5 tid=0x8d9b308 nid=0x8f8 runnable
[0x9e2f000..0x9e2fdbc]
at java.net.SocketInputStream.socketRead(Native Method)
at java.net.SocketInputStream.read(SocketInputStream.java:86)
at java.io.BufferedInputStream.fill(BufferedInputStream.java:186)
at java.io.BufferedInputStream.read(BufferedInputStream.java:204)
- locked <3281d98> (a java.io.BufferedInputStream)
at netscape.ldap.ber.stream.BERElement.getElement(BERElement.java:101)
at netscape.ldap.LDAPConnThread.run(LDAPConnThread.java:420)
where “localhost:389” is the server name and port of your LDAP
server. This means that your Authenticator has been set up correctly.
XIV. Now you can delete your default authenticator. Open the WebLogic console and
go to security->realms->myrealm->providers->AuthenticationProviders in the left
frame, and click
XV. In the right frame, look for DefaultAuthenticator and click on the trash can to
the far right. Say “Yes” when it asks if you are sure, then click Continue.
XVI. Restart the WebLogic server. If the server boots correctly, you’re done.
Everything is working correctly.
Please note that the "default authenticator" refers to the embedded LDAP server that
ships with WebLogic.
Hope this helps.
Joe Jerry
Yos wrote:
How can i config WLS7 and iPlanet LDAP?
failed during initialization. Exception:java.lang.SecurityException: Authenticat
ion for user weblogic denied
java.lang.SecurityException: Authentication for user weblogic denied
at weblogic.security.service.SecurityServiceManager.doBootAuthorization(
SecurityServiceManager.java:978)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
erviceManager.java:1116)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:703)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:588)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:276)
at weblogic.Server.main(Server.java:31)
> -
LDAP performance vs iPlanet LDAP?
We have 20,000 worklist users, and wonder if we should put them in the embedded
WLS LDAP, or the iPlanet LDAP. Is there performance benchmark numbers to compare
WLS LDAP with other 3rd party LDAP? Thanks.I researched a similar issue for several days. I finally found a fix by adjusting the following keep-alive params in the magnus.conf. Of course, you will want to monitor performance and adjust accoriding to your load:
KeepAliveQueryMeanTime 1
KeepAliveQueryMaxSleepTime 0
Check this doc for more details:
http://sunsolve6.sun.com/search/document.do?assetkey=1-9-68380-1&searchclause=web%20performance -
I'm having iPlanet LDAP problems too! Can someone give this admin a hand?
I've created the iPlanet Authenticator in my existing "myrealm" and have configured
everything. Now when I startup my Weblogic 7, I don't see anything related to
the initialization of the external iplanet LDAP directory server. Can someone
help? I just see one thing,
####<Oct 16, 2003 5:39:05 PM PDT> <Info> <Security> <serverr> <myadmin_svr> <Execut
eThread: '1' for queue: '__weblogic_admin_html_queue'> <kernel identity> <> <0905
16> <The Authenticator provider has preexisting LDAP data.>
What are my next steps to make WLS 7.0 to iplanet directory a reality?"VetteMan" <[email protected]> wrote:
>
"Kai" <[email protected]> wrote:
Hi,
Check if you can see users and groups from the directory server in the
console.
Kai
"VetteMan" <[email protected]> wrote:
I've created the iPlanet Authenticator in my existing "myrealm" andhave
configured
everything. Now when I startup my Weblogic 7, I don't see anything
related
to
the initialization of the external iplanet LDAP directory server. Can
someone
help? I just see one thing,
####<Oct 16, 2003 5:39:05 PM PDT> <Info> <Security> <serverr> <myadmin_svr>
<Execut
eThread: '1' for queue: '__weblogic_admin_html_queue'> <kernel identity>
<> <0905
16> <The Authenticator provider has preexisting LDAP data.>
What are my next steps to make WLS 7.0 to iplanet directory a reality?Kai, should I be able to go to the "Users" for that realm and seach the
LDAP server?
Didn't think that was possible. If I had multiple authentication providers,
how
would WL know which provider to use?
Also, I looked at my config.xml and it doesn't seem to have the changes....should
it be in there?
thanks,
mr. C5
Hi,
The users page lists all users and provides in an additional column the source
(auth.prov.) from where the user has been sourced. If you don't see the users
from the LDAP directory it's not working properly. There is also a bug where the
users page is not loading if the number of users is too big. I'm working with
8 at the moment, but it should be the same with 7. The authentication provider
configuration of the default provider by BEA are stored in the internal LDAP.
Kai -
WebLogic 6.1 and iPlanet LDAP v5
Per a proof of concept, I am having trouble getting WL6.1 to see
group members as defined in iPlanet LDAP. I can see the groups,
but modifies to create groups only create them in the local DB.
Created users also only get placed in the local DB. I can bind
for searches as Directory Manager via ldapsearch and run queries,
and the DS gateway works fine. I can dump the LDIF file and the
entries look fine.
I copied and modified the template for the Netscape server and
have the realm setup per the GUI.
For sanity, everything is very generic as:
the Root DN is "o=test.org"
and my "Configuration" part from the config.xml looks like:
server.authprotocol=simple;
server.host=localhost;
membership.filter=(&(uniquemember=%M)(objectclass=groupofuniquenames));
server.port=390;
group.dn=o=test.org;
group.filter=(&(cn=%g)(objectclass=groupofuniquenames));
server.principal=cn=Directory Manager;
user.dn=o=test.org;
server.groupiscontext=false;
user.filter=(&(uid=%u))
I added the "authprotocol" as a guess. Note that the server is
running on port 390, this is not a typo.
Any ideas what is going wrong?hi,
there are two versions of ldap supported in wls6.1 , ldapv1 and ldavp2
ldap v1 only has the functionality of listing groups.
but where ldapv2 doesn't have that functionality,
by looking at your config , it seems you are using ldap v2..
if u need that functionality u can use ldapv1.
thanks
kiran
"Bert Cliche" <[email protected]> wrote in message
news:[email protected]..
Per a proof of concept, I am having trouble getting WL6.1 to see
group members as defined in iPlanet LDAP. I can see the groups,
but modifies to create groups only create them in the local DB.
Created users also only get placed in the local DB. I can bind
for searches as Directory Manager via ldapsearch and run queries,
and the DS gateway works fine. I can dump the LDIF file and the
entries look fine.
I copied and modified the template for the Netscape server and
have the realm setup per the GUI.
For sanity, everything is very generic as:
the Root DN is "o=test.org"
and my "Configuration" part from the config.xml looks like:
server.authprotocol=simple;
server.host=localhost;
membership.filter=(&(uniquemember=%M)(objectclass=groupofuniquenames));
server.port=390;
group.dn=o=test.org;
group.filter=(&(cn=%g)(objectclass=groupofuniquenames));
server.principal=cn=Directory Manager;
user.dn=o=test.org;
server.groupiscontext=false;
user.filter=(&(uid=%u))
I added the "authprotocol" as a guess. Note that the server is
running on port 390, this is not a typo.
Any ideas what is going wrong? -
What Netscape iPlanet LDAP Version does WLS7.0 supports?
Hi,
What version of Netscape iplanet LDAP is supported by Weblogic7.0 now?. In the
documentaion it is saying Netscape iplanet version 4.1.3. But the latest version
is 5.1.
Any reply greatly appreciated.
Thanks
Venkat"Venkat" <[email protected]> wrote:
>
Hi,
What version of Netscape iplanet LDAP is supported by Weblogic7.0 now?.
In the
documentaion it is saying Netscape iplanet version 4.1.3. But the latest
version
is 5.1.
Any reply greatly appreciated.
Thanks
Venkat -
Hi,
Could I configure iPLanet LDAP as a security
provider? or I have only to use OID?
thanks
Ahmedi don't know about iPlanet but you could try:
Configuring External LDAP Providers:http://matrix.csustan.edu/docs/oracle/oas/web.1012/b14013/ldap3rdparty.htm -
Does iPlanet LDAP SDK for C, version 5.8 support TLS?
thanx!
"The Netscape LDAP SDK for C only supports SSL 3.0 and does not support the
Start Transport Layer Security (TLS) Operation."
-- from Netscape LDAP SDK for C 4.1
so, i want to know whether iPlanet LDAP SDK for C 5.08 support TLS? -
WLST IPlanet LDAP configuration
Is it possible to configure IPlanet LDAP Authenticator using WLST offline mode ? If so, can any one say how to configure it in offline mode.
Thanks,
GopalNo this is not supoorted in Offline mode, you should use online WLST.
Thanks,
-satya -
I'm trying to connect to an Iplanet 4.1 from wls7, i configured it everything, but
I couldn't see groups or users...I read in older posts here that talk about the config.xml,
but there´s nothing in there, where wls save the info about ldap config?
besides..is necesary to setup below Providers all the items..or just the Authentication
providers?
I'm using Directory manager by principal.
people -> base dn=o=sunat.gob.pe, ou=People
groups -> base dn=o=sunat.gob.pe, ou=Groups
thanks by any help...Hi Amitabha,
I have faced the same problem some time back. Weblogic keeps it security information
under
"%BEA_HOME%\user_projects\zionsbank\userConfig\Security" directory. You must must
have known the time you created the new realm, remove all the folders under security/
created at that time. You configuration will be restored back to the one you had
before creating the new realm.
Hope it will work.
Amir
"Amitabha Mitra" <[email protected]> wrote:
>
Hi,
We have created a new realm with the provider as the iplanet LDAP. There
was no
problem creating the realm. We have set this realm as the default realm
for the
domain. But when we start up the server(with userid and password as weblogic
the default administrator uid/pwd with which it was working fine before
changing
the default realm) is now giving the following error :
java.lang.SecurityException: Authentication for user weblogic denied
at weblogic.security.service.SecurityServiceManager.doBootAuthorization(SecurityServiceManager.java:978)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:1116)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:703)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:588)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:276)
at weblogic.Server.main(Server.java:31)
The server is thus not starting up.
We tried with creating a user called 'weblogic' under a group called
'Administrators'
in the iPlanet LDAP but it is giving the same error.
Is there any other configuration that needs to be done ?
Is the Administrator,developer and application level security controlled
from
the same place.
Rgds,
Amitabha -
Iplanet LDAP | Necessary Details
Hi All,
We are planning to upgrade Team Site as well as OS to Solaris 10 on all LDAP Machines. As apart of this activity we need to check the compatibility issues of iplanet LDAP with the new OS (solaris10), detailed approach on the activities to be followed for LDAP migration. Could you please any one can help and proved me necessary details for the same.
Please check the below URL for reference:
http://docs.sun.com/app/docs/doc/817-0552/6mgbi4fgr?a=viewWe are planning to upgrade 5.1 Service Pack 4 proved me necessary documents.
http://docs.sun.com/source/819-1814/relnotes_ds51sp4.html
Maybe you are looking for
-
Should I use a macbook pro as my laptop and desktop, or have a macbook pro and an iMac?
i was wondering if i should use my macbook pro as a laptop and desktop, or if i should go ahead and buy a mac desktop too?
-
How to query Process Status from database in Project Server 2010
Hello All, I am using Project Server 2010. I need to query Process Status from SQL. where can I find Process Status in Database. Thanks, Rohit
-
Organizational reassignment not possible
Hi, When i am trying to change the employee group from active(1) to terminated(5) in the transaction code PAL3 i am getting the error "Organizational reassignment not possible".So please guide me to solve this problem.I am with ECC 6.0 Regards Ravi
-
Don't want to save files online.
Hello... My computer is Mac. As I downloaded a PDF file, I clicked File --> Save As. Then I got 3 lines: Line 1: Save as (file name) Line 2: Where (desktop) Line 3: save to "online account"/ "acrobat.com" / "new account" Without noticing being given
-
Itunes 11.3 quits unexpectedly after no longer than a minute opened, please help
It's been a month now that every time I open my itunes (11.3), it automatically quits after about 1 minute. This is really bothering because it means I can't backup or sync my iPhone to my iTunes as I usually do in case anything happens to my phone.