JAAS LDAP OID JBO-33021

We have deployed the BC4J as an EJB session bean to a standalone oc4j.
Running it with the user admin/welcome is fine.
But if we change the jazn.xml to use the LDAP provider we cannot login anymore.
(<jazn provider="LDAP" default-realm="empl" location="ldap://empldev1.bxl:4032" />)
----- LEVEL 1: DETAIL 0 -----
(oracle.jbo.common.ampool.ApplicationPoolException) JBO-30003: The application pool (MyPackageModuleLoc11) failed to checkout an application module due to the following exception:
----- LEVEL 2: DETAIL 0 -----
(oracle.jbo.JboException) JBO-25222: Unable to create application module.
----- LEVEL 3: DETAIL 0 -----
(javax.naming.NamingException) null
----- LEVEL 3: DETAIL 0 -----
javax.naming.NamingException. Root exception is java.lang.reflect.InvocationTargetException: oracle.jbo.JboException: JBO-33021: Failed authenticate user MILLER
I created the user "Miller" on our infrastructure. (http://empldev1.bxl:7777/oiddas)
With this LDAP provider we even get the error when using the local deployment profile:
<AppModuleConfig name="MypackageModuleLoc11">
<DeployPlatform>LOCAL</DeployPlatform>
<DBconnection>jdbc:oracle:thin:@empldev1:1521:EMPLD2</DBconnection>
<JDBCName>secjEmplti1</JDBCName>
<jbo.pers.max.active.nodes>3000</jbo.pers.max.active.nodes>
<jbo.security.enforce>Must</jbo.security.enforce>
<java.naming.security.credentials>MILLER123</java.naming.security.credentials>
<java.naming.security.principal>MILLER</java.naming.security.principal>
<AppModuleJndiName>mypackage.MypackageModule</AppModuleJndiName>
<ApplicationName>mypackage.MypackageModule</ApplicationName>
</AppModuleConfig>
java -jar jazn.jar -listusers
empl/MILLER
I Read the following "Remote EJB clients require the RMI login permission in order to be able to access objects on the OC4J server."
Is this the problem why I can't connect with the ldap users?
if so, how can I give the users the permission?
I tried the following but it gives me Insufficient Access Rights
java -jar jazn.jar -grantperm empl MILLER com.evermind.server.rmi.RMIPermission loginoracle.security.jazn.JAZNNamingException: [LDAP: error code 50 - Insufficient Access Rights]

Bert,
Before you switch JAZN provider to LDAP, are you able to run remote EJB after you add empl/MILLER to jazn-data.xml?
I don't know whether you are aware that JAZN admintool, which is the java -jar jazn.jar, with -listuser, -grantperm, etc., only affect the XML provider, which is the jazn-data.xml. It is not a tool for managing user on OiD, LDAP provider.
It is also not clear to me which security group MILLER belongs to (e.g. users or administrators) and if you have given method permission to this group. Check the EJB security role topics in the Help.
Try to first test remote EJB with user MILLER before switching provider to LDAP. You can also temporary disable BC4J JAAS security by setting jbo.security.enforce to None.
Thanks,
Yvonne

Similar Messages

LDAP (OID) integration with java appilcation

OID issue Urgent
Currently we are using the OID-LDAP as the repository for storing username, passwds
and other attributes. All applications that need authentication will essentially
be using the OID.
In our effort to do the same we are encountering the following problems
- Creation of an identity corresponding the application
- Giving this identity certain LDAP authorizations (Which authorizations are these)
We have been successful creating LDAP entries for users and getting the initial
JNDI contexts to do the lookups.
When we are creating the user lookup from java code using oracle.ldap.util.User pakage ,
at the run time it's throwing error(no classfound oracle/net/config/ConfigException ).
why and where this is needed and how to resolve that. is that because we haven't added
the application in oid and configured authorizations for it.
Need an urgent answer to this since all applications will be using LDAP(OID).
here is code of java which tries to connect to OID.
================================================================================================
import oracle.ldap.util.*;
import oracle.ldap.util.jndi.*;
import java.io.*;
import java.util.*;
import javax.naming.*;
import java.Exception.*;
import javax.naming.directory.*;
public class hello {
public static void main(String argv[])
throws NamingException {
// Create InitialDirContext
     System.out.println("INSIDE SERVLET");
InitialDirContext ctx = ConnectionUtil.getDefaultDirCtx( "hire11.kmfl.kg","4032","cn=orcladmin", "ias123" );
// Create Subscriber object
     System.out.println("GOT CONTEXT" +ctx);
Subscriber mysub = null;
/* commented for time being -----------------------------
try {
// Creation using DN
System.out.println("CREATING subscriber");
     mysub = new Subscriber( ctx, Util.IDTYPE_DN, "o=oracle,dc=com", false
     System.out.println("GOT subscriber");
catch (UtilException e) {
          System.out.println("error");
// Create User Objects
User myuser = null, myuser1 = null;
try {
// Create User using a subscriber DN and the User DN
     System.out.println("CREATING USERl");
myuser = new User ( ctx,Util.IDTYPE_DN,           "cn=abhishek,cn=users,dc=kmfl,dc=kg",Util.IDTYPE_DN,"dc=kmfl,dc=kg", true );
     System.out.println("GOT USER");
// Create User using a subscriber object and the User
// simple name
// commented for time being -----------------------------
myuser1 = new User ( ctx, Util.IDTYPE_SIMPLE, "abhishek", mysub, true );
catch ( UtilException e ) {
System.out.println("COUDN'T GET USER"+e.toString());
// Authenticate User
try {
     System.out.println("gOING FOR AUTHENTICATION");
myuser.authenticateUser(ctx,User.CREDTYPE_PASSWD,"abhi123");
     System.out.println("AUTHENTICATION SuccessFull");
     System.out.println("AUTHENTICATION SUCCESSfULL");
     System.out.println("AUTHENTICATION sUCCESSfULL");
catch ( UtilException e ) {
System.out.println("AUTHENTICATION FAILED");
// Perform User operations
/* commented for time being -----------------------------
try {
PropertySetCollection result = null;
// Get telephonenumber of user
String[] userAttrList = {"telephonenumber"};
result = myuser1.getProperties(ctx,userAttrList);
Util.printResults(result);
// Set telephonenumber of user
// Create JNDI ModificationItem
ModificationItem[] mods = new ModificationItem[1];
mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE,
new BasicAttribute("telephonenumber", "444-6789"));
// Perform modification using User object
myuser.setProperties(ctx, mods);
catch ( UtilException e ) {
} // End of SampleUser.java
==============================================================================================================

What about SSL or LDAPS !
Can't seem to find any java examples which would support services of type:
ldapbind -U 1,2 for java API !

LDAP (OID) integration with java appilcation( Urgent imp.)

Currently we are using the OID-LDAP as the repository for storing username, passwds
and other attributes. All applications that need authentication will essentially
be using the OID.
In our effort to do the same we are encountering the following problems
- Creation of an identity corresponding the application
- Giving this identity certain LDAP authorizations (Which authorizations are these)
We have been successful creating LDAP entries for users and getting the initial
JNDI contexts to do the lookups.
When we are creating the user lookup from java code using oracle.ldap.util.User pakage ,
at the run time it's throwing error(no classfound oracle/net/config/ConfigException ).
why and where this is needed and how to resolve that. is that because we haven't added
the application in oid and configured authorizations for it.
Need an urgent answer to this since all applications will be using LDAP(OID).
here is code of java which tries to connect to OID.
================================================================================================
import oracle.ldap.util.*;
import oracle.ldap.util.jndi.*;
import java.io.*;
import java.util.*;
import javax.naming.*;
import java.Exception.*;
import javax.naming.directory.*;
public class hello {
public static void main(String argv[])
throws NamingException {
// Create InitialDirContext
System.out.println("INSIDE SERVLET");
InitialDirContext ctx = ConnectionUtil.getDefaultDirCtx( "hire11.kmfl.kg","4032","cn=orcladmin", "ias123" );
// Create Subscriber object
System.out.println("GOT CONTEXT" +ctx);
Subscriber mysub = null;
/* commented for time being -----------------------------
try {
// Creation using DN
System.out.println("CREATING subscriber");
mysub = new Subscriber( ctx, Util.IDTYPE_DN, "o=oracle,dc=com", false
System.out.println("GOT subscriber");
catch (UtilException e) {
System.out.println("error");
// Create User Objects
User myuser = null, myuser1 = null;
try {
// Create User using a subscriber DN and the User DN
System.out.println("CREATING USERl");
myuser = new User ( ctx,Util.IDTYPE_DN, "cn=abhishek,cn=users,dc=kmfl,dc=kg",Util.IDTYPE_DN,"dc=kmfl,dc=kg", true );
System.out.println("GOT USER");
// Create User using a subscriber object and the User
// simple name
// commented for time being -----------------------------
myuser1 = new User ( ctx, Util.IDTYPE_SIMPLE, "abhishek", mysub, true );
catch ( UtilException e ) {
System.out.println("COUDN'T GET USER"+e.toString());
// Authenticate User
try {
System.out.println("gOING FOR AUTHENTICATION");
myuser.authenticateUser(ctx,User.CREDTYPE_PASSWD,"abhi123");
System.out.println("AUTHENTICATION SuccessFull");
System.out.println("AUTHENTICATION SUCCESSfULL");
System.out.println("AUTHENTICATION sUCCESSfULL");
catch ( UtilException e ) {
System.out.println("AUTHENTICATION FAILED");
// Perform User operations
/* commented for time being -----------------------------
try {
PropertySetCollection result = null;
// Get telephonenumber of user
String[] userAttrList = {"telephonenumber"};
result = myuser1.getProperties(ctx,userAttrList);
Util.printResults(result);
// Set telephonenumber of user
// Create JNDI ModificationItem
ModificationItem[] mods = new ModificationItem[1];
mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE,
new BasicAttribute("telephonenumber", "444-6789"));
// Perform modification using User object
myuser.setProperties(ctx, mods);
catch ( UtilException e ) {
} // End of SampleUser.java
==============================================================================================================

Hi,
Make sure you have the netcfg.jar in the same directory as that of ldapjclnt9.jar (in $ORACLE_HOME/jlib).
Regards
Radhika

JBO-33021: Failed authenticate user null

I am trying to set security on the application module Using jDeveloper 10.1.2 and oracle db 9.2.
Currently testing from the embedded oc4j and a standalone oc4j.
Created an application module to a db table and named it AppModule.
The application module successfully tested using the projects default Business Component Name.
The application module also tested successfully using the Business Component Name "AppModuleLocal".
I then set the jbo.security.enforce application module property to "Auth".
The application module is re-tested using the Business Component Name "AppModuleLocal".
A dialog window prompts for user and password.
Then login using the default admin/welcomr and the below error is generated:
JBO-30003: The application pool (Cuma.model.cumaStateModuleLocal) failed to checkout an application module due to the following exception:oracle.jbo.JboException: JBO-29000: Unexpected exception caught: oracle.jbo.JboException, msg=JBO-33021: Failed authenticate user null
what does mean?
help!!

repost

JBO-33021: Failed authenticate user null HELP!!

I am trying to set security on the application module Using jDeveloper 10.1.2 and oracle db 9.2.
Currently testing from the embedded oc4j and a standalone oc4j.
Created an application module to a db table and named it AppModule.
The application module successfully tested using the projects default Business Component Name.
The application module also tested successfully using the Business Component Name "AppModuleLocal".
I then set the jbo.security.enforce application module property to "Auth".
The application module is re-tested using the Business Component Name "AppModuleLocal".
A dialog window prompts for user and password.
Then login using the default admin/welcomr and the below error is generated:
JBO-30003: The application pool (Cuma.model.cumaStateModuleLocal) failed to checkout an application module due to the following exception:oracle.jbo.JboException: JBO-29000: Unexpected exception caught: oracle.jbo.JboException, msg=JBO-33021: Failed authenticate user null
what does mean?

repost

NLS ISO88595 support for ldap OID C API

Please Help!
How to order from Oracle Internet Directory C API to process single byte
string (ISO-8859-5) instead of
Unicode string ( in input and output parameters values ) ?
#include <ldap.h>
char* base ="cn=��_��, cn=com"; /* in ISO */
ldap_search_s(ld , base .... ); /* not detecting base with russian word */
How to switch NLS ISO support for ldap OID C API ?
If any other approach to solve it problem?
(for example in Oracle OCI C API it solved by setting client NLS_LANG
environment variable .
In my case NLS_LANG not working)

UP plz

LDAP OID Distinguished Name for Groups

Hi, Can I use another "Distinguished Name for Groups" in LDAP (OID) configurazion in BIP Admin?
Watching the user guide http://download.oracle.com/docs/cd/B40078_02/doc/bi.1013/b40017/T421739T475591.htm#T434695
Distinguished Name for Groups
For example: cn=Groups, dc=us,dc=oracle,dc=com
The default value is cn=OracleDefaultDomain,cn=OracleDBSecurity,cn=Products,cn=OracleContext,dc=example,dc=com
If a try to use the dn cn=RoleNames,cn=SIM,dc=example (instead of "example" I use the real name of dc), LDAP integration doesn't function.
Do you know why?
Thank you,
R.

Hi
We're facing a similar issue in our environment in that users authenticate with their SAMAccount names, which are FirstInitial+Lastname, eg. jdoe (John Doe). LDAP requires us to use the full DN name in certain domains (not all) to login, which is rather irritating.
There are several domains. In windows we all login with the samaccount name, which follows the same principle for everyone. So DomainXYZ\jdoe .
In LDAP though, it appears that for DomainABC it needs CN=John Doe, whereas for DomainXYZ it will accept CN=jdoe etc.
Would you mind elaborating on how you managed to search LDAP for your purposes? I hope to get some insights in how to use the package dbms_ldap, because I'm rather new to APEX and with a growing userbase I'd like to move away from Apex user accounts.
Thank you
Tom

OC4J 10.0.3 Standalone LDAP / OID JAZN Authentication

I have tried to setup OID based authentication on OC4J 10.0.3, but I can't get it working. Here is my log output:
==> log/oc4j.err.log <==
04/10/27 16:21:28 java.lang.NoClassDefFoundError: oracle/ldap/util/Guid
04/10/27 16:21:28 at oracle.security.jazn.spi.ldap.LDAPRealmManager.getrealms(Unknown Source)
04/10/27 16:21:28 at oracle.security.jazn.spi.ldap.LDAPRealmManager.getRealms(Unknown Source)
04/10/27 16:21:28 at oracle.security.jazn.oc4j.JAZNUserManager.getUMType(Unknown Source)
04/10/27 16:21:28 at oracle.security.jazn.oc4j.JAZNUserManager.getUM(Unknown Source)
04/10/27 16:21:28 at oracle.security.jazn.oc4j.JAZNUserManager.<init>(Unknown Source)
04/10/27 16:21:28 at com.evermind.server.XMLServerConfig.mkUserManager(XMLServerConfig.java:174)
04/10/27 16:21:28 at com.evermind.server.XMLServerConfig.initUserManager(XMLServerConfig.java:328)
04/10/27 16:21:28 at com.evermind.server.XMLServerConfig.initUserManagers(XMLServerConfig.java:235)
04/10/27 16:21:28 at com.evermind.server.XMLServerConfig.postInit(XMLServerConfig.java:636)
04/10/27 16:21:28 at com.evermind.server.deployment.EnterpriseArchive.postInit(EnterpriseArchive.java:1028)
04/10/27 16:21:28 at com.evermind.xml.XMLConfig.init(XMLConfig.java:187)
04/10/27 16:21:28 at com.evermind.xml.XMLConfig.init(XMLConfig.java:96)
04/10/27 16:21:28 at com.evermind.server.deployment.EnterpriseArchive.init(EnterpriseArchive.java:1685)
04/10/27 16:21:28 at com.evermind.server.ServerComponent.init(ServerComponent.java:181)
04/10/27 16:21:28 at com.evermind.server.XMLApplicationServerConfig.parseApplicationConfig(XMLApplicationServerConfig.java:1701)
04/10/27 16:21:28 at com.evermind.server.XMLApplicationServerConfig.postInit(XMLApplicationServerConfig.java:269)
04/10/27 16:21:28 at com.evermind.xml.XMLConfig.init(XMLConfig.java:187)
04/10/27 16:21:28 at com.evermind.xml.XMLConfig.init(XMLConfig.java:96)
04/10/27 16:21:28 at com.evermind.server.XMLApplicationServerConfig.init(XMLApplicationServerConfig.java:1995)
04/10/27 16:21:28 at com.evermind.server.ApplicationServerLauncher.run(ApplicationServerLauncher.java:70)
04/10/27 16:21:28 at java.lang.Thread.run(Thread.java:534)
04/10/27 16:21:28 oracle.security.jazn.JAZNException: The system is unable to retreive the specified realm(s).
04/10/27 16:21:28 at oracle.security.jazn.spi.ldap.LDAPRealmManager.getrealms(Unknown Source)
04/10/27 16:21:28 at oracle.security.jazn.spi.ldap.LDAPRealmManager.getRealms(Unknown Source)
04/10/27 16:21:28 at oracle.security.jazn.oc4j.JAZNUserManager.getUMType(Unknown Source)
04/10/27 16:21:28 at oracle.security.jazn.oc4j.JAZNUserManager.getUM(Unknown Source)
04/10/27 16:21:28 at oracle.security.jazn.oc4j.JAZNUserManager.<init>(Unknown Source)
04/10/27 16:21:28 at com.evermind.server.XMLServerConfig.mkUserManager(XMLServerConfig.java:174)
04/10/27 16:21:28 at com.evermind.server.XMLServerConfig.initUserManager(XMLServerConfig.java:328)
04/10/27 16:21:28 at com.evermind.server.XMLServerConfig.initUserManagers(XMLServerConfig.java:235)
04/10/27 16:21:28 at com.evermind.server.XMLServerConfig.postInit(XMLServerConfig.java:636)
04/10/27 16:21:28 at com.evermind.server.deployment.EnterpriseArchive.postInit(EnterpriseArchive.java:1028)
04/10/27 16:21:28 at com.evermind.xml.XMLConfig.init(XMLConfig.java:187)
04/10/27 16:21:28 at com.evermind.xml.XMLConfig.init(XMLConfig.java:96)
04/10/27 16:21:28 at com.evermind.server.deployment.EnterpriseArchive.init(EnterpriseArchive.java:1685)
04/10/27 16:21:28 at com.evermind.server.ServerComponent.init(ServerComponent.java:181)
04/10/27 16:21:28 at com.evermind.server.XMLApplicationServerConfig.parseApplicationConfig(XMLApplicationServerConfig.java:1701)
04/10/27 16:21:28 at com.evermind.server.XMLApplicationServerConfig.postInit(XMLApplicationServerConfig.java:269)
04/10/27 16:21:28 at com.evermind.xml.XMLConfig.init(XMLConfig.java:187)
04/10/27 16:21:28 at com.evermind.xml.XMLConfig.init(XMLConfig.java:96)
04/10/27 16:21:28 at com.evermind.server.XMLApplicationServerConfig.init(XMLApplicationServerConfig.java:1995)
04/10/27 16:21:28 at com.evermind.server.ApplicationServerLauncher.run(ApplicationServerLauncher.java:70)
04/10/27 16:21:28 at java.lang.Thread.run(Thread.java:534)
04/10/27 16:21:28 Caused by: java.lang.NoClassDefFoundError: oracle/ldap/util/Guid
04/10/27 16:21:28 ... 21 more
==> log/stdout.log <==
04/10/27 16:21:28 JAAS: Configuration properties={deployment.url=file:/home/users/jamesw/oc4j_10.0.3/j2ee/home/config/application.xml, config=jazn.xml}
04/10/27 16:21:28 JAAS: Configuration file=/home/users/jamesw/oc4j_10.0.3/j2ee/home/config/jazn.xml
04/10/27 16:21:28 JAAS: Configuration file=/home/users/jamesw/oc4j_10.0.3/j2ee/home/config/jazn.xml
04/10/27 16:21:28 JAAS: Configuration properties={ldap.user=cn=orcladmin, location=ldap://oradev.trans.corp:3060, ldap.password={903}R0zophVsScl77An7/urdwMvyvOnenvNI, provider.type=LDAP}
04/10/27 16:21:28 JAAS: Configuration properties={ldap.user=cn=orcladmin, location=ldap://oradev.trans.corp:3060, deployment.url=file:/home/users/jamesw/oc4j_10.0.3/j2ee/home/config/jazn.xml, ldap.password={903}R0zophVsScl77An7/urdwMvyvOnenvNI, provider.type=LDAP}
04/10/27 16:21:28 JAAS: config=jazn.xml path=/home/users/jamesw/oc4j_10.0.3/j2ee/home/config/jazn.xml
04/10/27 16:21:28 JAAS: Verify file=config/jazn.xml
04/10/27 16:21:28 JAAS: Configuration file=config/jazn.xml
04/10/27 16:21:28 JAAS: Configuration file=config/jazn.xml
04/10/27 16:21:28 JAAS: Configuration properties={ldap.user=cn=orcladmin, location=ldap://oradev.trans.corp:3060, ldap.password={903}R0zophVsScl77An7/urdwMvyvOnenvNI, provider.type=LDAP}
04/10/27 16:21:28 JAAS: Configuration properties={ldap.user=cn=orcladmin, location=ldap://oradev.trans.corp:3060, deployment.url=file:/home/users/jamesw/oc4j_10.0.3/j2ee/home/config/jazn.xml, ldap.password={903}R0zophVsScl77An7/urdwMvyvOnenvNI, provider.type=LDAP}
04/10/27 16:21:29 Auto-unpacking /home/users/jamesw/oc4j_10.0.3/j2ee/home/applications/pillar.ear...
==> log/server.log <==
04/10/27 16:21:29 Auto-unpacking /home/users/jamesw/oc4j_10.0.3/j2ee/home/applications/pillar.ear...
==> log/stdout.log <==
done.
04/10/27 16:21:30 Auto-unpacking /home/users/jamesw/oc4j_10.0.3/j2ee/home/applications/pillar/support.war...
==> log/server.log <==
04/10/27 16:21:30 Auto-unpacking /home/users/jamesw/oc4j_10.0.3/j2ee/home/applications/pillar.ear... done.
==> log/stdout.log <==
done.
04/10/27 16:21:31 Auto-unpacking /home/users/jamesw/oc4j_10.0.3/j2ee/home/applications/pillar/intranet.war...
==> log/oc4j.err.log <==
04/10/27 16:21:32 java.lang.NoClassDefFoundError: oracle/ldap/util/Guid
04/10/27 16:21:32 at oracle.security.jazn.spi.ldap.LDAPRealmManager.getrealms(Unknown Source)
04/10/27 16:21:32 at oracle.security.jazn.spi.ldap.LDAPRealmManager.getRealms(Unknown Source)
04/10/27 16:21:32 at oracle.security.jazn.oc4j.JAZNUserManager.getUMType(Unknown Source)
04/10/27 16:21:32 at oracle.security.jazn.oc4j.JAZNUserManager.getUM(Unknown Source)
04/10/27 16:21:32 at oracle.security.jazn.oc4j.JAZNUserManager.<init>(Unknown Source)
04/10/27 16:21:32 at com.evermind.server.XMLServerConfig.mkUserManager(XMLServerConfig.java:174)
04/10/27 16:21:32 at com.evermind.server.XMLServerConfig.initUserManager(XMLServerConfig.java:328)
04/10/27 16:21:32 at com.evermind.server.XMLServerConfig.initUserManagers(XMLServerConfig.java:235)
04/10/27 16:21:32 at com.evermind.server.XMLServerConfig.postInit(XMLServerConfig.java:636)
04/10/27 16:21:32 at com.evermind.server.deployment.EnterpriseArchive.postInit(EnterpriseArchive.java:1028)
04/10/27 16:21:32 at com.evermind.xml.XMLConfig.init(XMLConfig.java:187)
04/10/27 16:21:32 at com.evermind.server.ServerComponent.initDeployment(ServerComponent.java:271)
04/10/27 16:21:32 at com.evermind.server.ServerComponent.initDeployment(ServerComponent.java:245)
04/10/27 16:21:32 at com.evermind.server.XMLApplicationServerConfig.parseApplicationConfig(XMLApplicationServerConfig.java:1702)
04/10/27 16:21:32 at com.evermind.server.XMLApplicationServerConfig.postInit(XMLApplicationServerConfig.java:330)
04/10/27 16:21:32 at com.evermind.xml.XMLConfig.init(XMLConfig.java:187)
04/10/27 16:21:32 at com.evermind.xml.XMLConfig.init(XMLConfig.java:96)
04/10/27 16:21:32 at com.evermind.server.XMLApplicationServerConfig.init(XMLApplicationServerConfig.java:1995)
04/10/27 16:21:32 at com.evermind.server.ApplicationServerLauncher.run(ApplicationServerLauncher.java:70)
04/10/27 16:21:32 at java.lang.Thread.run(Thread.java:534)
04/10/27 16:21:32 oracle.security.jazn.JAZNException: The system is unable to retreive the specified realm(s).
04/10/27 16:21:32 at oracle.security.jazn.spi.ldap.LDAPRealmManager.getrealms(Unknown Source)
04/10/27 16:21:32 at oracle.security.jazn.spi.ldap.LDAPRealmManager.getRealms(Unknown Source)
04/10/27 16:21:32 at oracle.security.jazn.oc4j.JAZNUserManager.getUMType(Unknown Source)
04/10/27 16:21:32 at oracle.security.jazn.oc4j.JAZNUserManager.getUM(Unknown Source)
04/10/27 16:21:32 at oracle.security.jazn.oc4j.JAZNUserManager.<init>(Unknown Source)
04/10/27 16:21:32 at com.evermind.server.XMLServerConfig.mkUserManager(XMLServerConfig.java:174)
04/10/27 16:21:32 at com.evermind.server.XMLServerConfig.initUserManager(XMLServerConfig.java:328)
04/10/27 16:21:32 at com.evermind.server.XMLServerConfig.initUserManagers(XMLServerConfig.java:235)
04/10/27 16:21:32 at com.evermind.server.XMLServerConfig.postInit(XMLServerConfig.java:636)
04/10/27 16:21:32 at com.evermind.server.deployment.EnterpriseArchive.postInit(EnterpriseArchive.java:1028)
04/10/27 16:21:32 at com.evermind.xml.XMLConfig.init(XMLConfig.java:187)
04/10/27 16:21:32 at com.evermind.server.ServerComponent.initDeployment(ServerComponent.java:271)
04/10/27 16:21:32 at com.evermind.server.ServerComponent.initDeployment(ServerComponent.java:245)
04/10/27 16:21:32 at com.evermind.server.XMLApplicationServerConfig.parseApplicationConfig(XMLApplicationServerConfig.java:1702)
04/10/27 16:21:32 at com.evermind.server.XMLApplicationServerConfig.postInit(XMLApplicationServerConfig.java:330)
04/10/27 16:21:32 at com.evermind.xml.XMLConfig.init(XMLConfig.java:187)
04/10/27 16:21:32 at com.evermind.xml.XMLConfig.init(XMLConfig.java:96)
04/10/27 16:21:32 at com.evermind.server.XMLApplicationServerConfig.init(XMLApplicationServerConfig.java:1995)
04/10/27 16:21:32 at com.evermind.server.ApplicationServerLauncher.run(ApplicationServerLauncher.java:70)
04/10/27 16:21:32 at java.lang.Thread.run(Thread.java:534)
04/10/27 16:21:32 Caused by: java.lang.NoClassDefFoundError: oracle/ldap/util/Guid
04/10/27 16:21:32 ... 20 more
==> log/stdout.log <==
done.
04/10/27 16:21:32 JAAS: Configuration properties={ldap.user=cn=orcladmin, location=ldap://oradev.trans.corp:3060, ldap.password={903}RU5sQbqWgXGfQi1gYZq22OM/WsLmyAlF, realm.default=trans, provider.type=LDAP}
04/10/27 16:21:32 JAAS: Configuration properties={ldap.user=cn=orcladmin, location=ldap://oradev.trans.corp:3060, deployment.url=file:/home/users/jamesw/oc4j_10.0.3/j2ee/home/application-deployments/pillar/, ldap.password={903}RU5sQbqWgXGfQi1gYZq22OM/WsLmyAlF, realm.default=trans, provider.type=LDAP}
==> log/server.log <==
04/10/27 16:21:32 10.0.3.0.0 Started
==> log/oc4j.err.log <==
04/10/27 16:21:42 java.lang.UnsupportedOperationException
04/10/27 16:21:42 at oracle.security.jazn.oc4j.AbstractUser.getPassword(Unknown Source)
04/10/27 16:21:42 at oracle.security.jazn.oc4j.FilterUser.getPassword(Unknown Source)
04/10/27 16:21:42 at com.evermind.security.SecuritySensitive.lookup(SecuritySensitive.java:217)
04/10/27 16:21:42 at com.evermind.security.SecuritySensitive.decode(SecuritySensitive.java:114)
04/10/27 16:21:42 at com.evermind.security.SecuritySensitive.decode(SecuritySensitive.java:131)
04/10/27 16:21:42 at com.evermind.server.DataSourceConfig.getPassword(DataSourceConfig.java:570)
04/10/27 16:21:42 at com.evermind.server.Application.initDataSource(Application.java:2105)
04/10/27 16:21:42 at com.evermind.server.Application.initDataSources(Application.java:2635)
04/10/27 16:21:42 at com.evermind.server.Application.preInit(Application.java:638)
04/10/27 16:21:42 at com.evermind.server.Application.preInit(Application.java:526)
04/10/27 16:21:42 at com.evermind.server.Application.setConfig(Application.java:200)
04/10/27 16:21:42 at com.evermind.server.Application.setConfig(Application.java:170)
04/10/27 16:21:42 at com.evermind.server.ApplicationServer.initializeApplications(ApplicationServer.java:1708)
04/10/27 16:21:42 at com.evermind.server.ApplicationServer.setConfig(ApplicationServer.java:1412)
04/10/27 16:21:42 at com.evermind.server.ApplicationServerLauncher.run(ApplicationServerLauncher.java:93)
04/10/27 16:21:42 at java.lang.Thread.run(Thread.java:534)
Has anyone run into this before? Can anyone confirm that this actually works in 10.0.3? Thanks.
-James

I am now running into the exact same message.
Has anybody actually got this working ?

How to do LDAP/OID as datasource in OBIEE

We have a requirement to read data from LDAP in the repository and expose the imported structure to business model and inturn in presentation area. So that we can create simple OBIEE report using the LDAP data.
1. How to add LDAP as datasource/database ?
2. How to define the driver's for LDAP ?
3. Is that possible to have thrid party datasource definition, how to get it listed in the "Database" ?
Thanks
Ayaps

If you are using Oracle then you can use PL/SQL to read LDAP. See the following post which shows a way to do it:
http://oraclebizint.wordpress.com/2007/10/12/oracle-bi-ee-101332-and-oid-user-and-group-phase-2/

LDAP oid 11g

11g rdbms comes with oid ldap? i have to setup oracle net services with that, any notes to setup with 11g would help.

OID is part of the Application Server.
It has been part of the app server for several versions (9i)
It happens to store it's info in an Oracle database. But it is still part of the App Server.
Read the App Server (specifically Identity Management) docs to determine installation.

LDAP (OID) search fails on binary data

Hi People,
I am trying to perform OID search with filter like this:
"(&(cn=test*)(usercertificate=*))" and getting error:
javax.naming.OperationNotSupportedException: [LDAP: error code 53 - Function Not Implemented]; remaining name ''
(if perform programmatically)
and
ldap_search: DSA is unwilling to perform
ldap_search: additional info: Function Not Implemented
(if use ldapsearch utility).
If I remove "(usercertificate=*)" part, everything works fine. I also works for any asterick combinations for text values.
Looks like it doesn't work only for underlying binary data.
Is it? Or I am wrong somewhere?
How to deal with it?
Did anybody else have this problem before?
Please help.
Thanks
Konstantin Teslenko
[email protected]

I stumbled upon this one just recently...
(and it worked on e-Directory ldap ;))
It complains about this because attribute is not indexed. Look in the docs for Catalog Management tool (catalog.sh)

Microsoft LDAP - OID import and syncronization

Our company utilizes LDAP from Microsoft. Can OID import and syncronize with it? We do not want to manually have to enter thousands of accounts. Ideally we'd like to import all of our Oracle accounts from it and have it syncronize so all accounts may be centrally managed.
Thank you!

The integration that Oracle Portal (really the Login Server) has with LDAP is to implement an external authentication module which allows the Login Server to authenticate the user's provided credentials against an external repository -- in this case, an LDAP server.
The External Authentication spec provides 3 interfaces which go against the external repository -- authenticate_user, change_password, and reset_password. The module that is shipped with Login Server implements these interfaces with standard LDAP v3 API calls. The authenticate_user is implemented as an ldap_bind_s, the change_password and reset_password are implemented as ldap_modify_s calls on the userPassword attribute. These work as designed with Oracle Internet Directory.
With Microsoft Active Directory, although ldap_bind_s works fine to do the authentication, the ldap_modify_s calls on the userPassword attribute do not work, since the userPassword is not simply treated as an attribute that can be modified this way on AD. For this reason, and others relating to certification testing, we do not claim any sort of compatibility with Active Directory in this regard.
However, we are in fact fully 100% LDAP v3 compliant.
I might also add, that a modified implementation of the LDAP interface written to the external auth spec, may succeed in implementing the change_password and reset_password in a manner compatible with AD, although we do not supply such a module.
null

LDAP/OID Users granting other users access issue

Hi,
I have created 4 users (User1, User2, User3, User4) and 2 groups (Group1 and Group2)
User1 is the Group1 owner and User2 is a member of Group1
User3 is the Group2 owner and User4 is a member of Group2
I have made both groups private.
I have given User2 manage privilege on a portal page and have logged in as User2 and edited the page.
When User2 tries to Grant access to the page, they can see all the users in the OID ie User1, User3, User4, Portal etc
My thoughts were that User2 would only be able to grant access to other users in his group(s).
Basically, I want to be able to control which users a user can grant access to on a page. Is this possible?
Thanks
Joel.

What about SSL or LDAPS !
Can't seem to find any java examples which would support services of type:
ldapbind -U 1,2 for java API !

Configuring WebLogic 8.1 for Oracle LDAP - OID

I know this may not be the right place to post this question but I'm totally lost. I am not getting any resources on the net or on the bea forum. I hope I get something valuable from this forum :-)
We need to configure WebLogic Server 8.1 SP2 for OID/Oracle LDAP. Unfortunately for us built in config are available for MS Active Dir Service, Open LDAP, etc but not for Oracle LDAP. :-(
Can some one please throw some light on this topic. Does oracle have any downloadable to bridge the gap?
Thank You in advance. :-D.
Regards,
Yazad Khambata

You should use a controller servlet which forwards to the correct JSP. Then the JSP name is not displayed in the address bar.
          With 8.1 you simply could use a Java pageflow to link several JSPs.
          Generated URLs in the browser will look like
          http://localhost:7001/sampleportal/newpageflow1/test.do;jsessionid=BFssBfmdv4Ly1GDG7gJNZH1d3s2ShJG2qpG4KJJMVvSf0JdyG2nQ!1118879021

J2ee implementation with jaas/LDAP

Hi;
          I search a good j2ee implementation or light framework using jaas API and LDAP directory to authentifies and affects a profil to a user.
          I have already analysed the framework : JGuard.
          regards;

If I understand you correctly, you want to have an application deployed in WebLogic (you don't say what version) use standard J2EE JAAS for declarative authentication and authorization, but use an LDAP provider for the actual implementation.
          If that's the case, at least in WebLogic 8.1 (I don't know about older versions), you shouldn't need any third-party packages. You can configure your WebLogic domain with authentication and authorization providers that interface with an LDAP server. This will work with the JAAS implementation in WebLogic. You can go to <http://e-docs.bea.com/wls/docs81/secmanage/> to read about configuring security in WebLogic (including the LDAP authentication provider).

JAAS LDAP OID JBO-33021

Similar Messages

Maybe you are looking for