LDAP correct binding?

To start, I have successfully bound a new "user" into this leaf that has been created. The problem comes when I try to log in as that user onto that leaf. I can login, with only the username, if I add the password, it gives me a javax.naming.AuthenticationException: [LDAP: error code 32 - No Such Object]. I must not be correctly binding the password to the user. How would I do this?
    env.put(Context.PROVIDER_URL,"url");
    env.put(Context.SECURITY_PROTOCOL, "ssl");
    env.put(Context.SECURITY_AUTHENTICATION, "simple");
    env.put(Context.SECURITY_PRINCIPAL,  "uid=admin,ou=company,dc=company,dc=net");
    env.put(Context.SECURITY_CREDENTIALS, "password");
   try{
            DirContext ctx = new InitialDirContext(env);   <-------------connects with my username and password
            // Create attributes to be associated with the object
         BasicAttributes attrs = new BasicAttributes(true);
            attrs.put("cn","username")
            attrs.put("userPassword","No12we3**"
         attrs.put("ou", "people");
         attrs.put("dc", "company");
            attrs.put("dc", "net");
         // Perform bind
            ctx.bind("cn=Name,ou=people,dc=company,dc=net",attrs);
     }....So then when I replace my username and password with the new guys, it doesn't work. And it does work when I don't use a password for him...
Thanks
Edited by: Flavouski on Oct 25, 2007 6:58 PM

It looks like you have a little bit of inconsistency between the user name and the attributes in the entry.
ctx.bind("cn=Name,ou=people,dc=company,dc=net",attrs);
but
attrs.put("cn","username");
Make sure you've changed the Context.SECURITY_PRINCIPAL to "cn=Name,ou=people,dc=company,dc=net"
Beside, i am not sure that the entry was created properly. There is no objectclass attribute, thus it is not sure that you have provided all of the required attributes.
For a Person (or OrganizationalPerson or InetOrgPerson), sn is also mandatory.
Regards,
Ludovic.

Similar Messages

  • LDAP Authenticated Bind

    I have been looking for documentation on LDAP authenticated bind, except there is very little and the stuff that is there doesn't go into any detail. I was able to get authenticated binds to work properly but I wanted to ensure that it was all done correctly.
    I found that the users that you are authenticating have to be in the same OU as the service account that you are using to perform the authenticated bind. For example you have an OU called Wireless. users1, user2 and a service account called WiSA are all in this OU. You can authenticate users1 and user2, but no users out of any other OU.
    Is this really all there is? There appears to be no ability to do memberOf which really limits what you can do with this.
    I am running 6.0.182.0. Any thoughts??

    You can use users in another location for authenticated binding of LDAP, in that case while writing the the username you should mention entire path instead of username.
    for eg: you should specify the username as cn=user,ou=cisco,ou=wireless,dc=com.
    If both your client authentication username and bind username in same location then you can just specify the username controller will pick the path from the LDAP config.
    I hope i answerd your question.

  • PCI Vulnerability Reports LDAP NULL BIND ENABLED

    I’m Running PCI compliance Report on a windows 2008 R2 and the report fails
    The error summary points to LDAP NULL BIND being
    Enabled I thought LDAP NULL BIND was disabled by default.
    How can I test for LDAP NULL BIND being disabled?
    How can I disable LDAP NULL BIND?
    Thanks for your help

    Please start by reading that: http://support.microsoft.com/kb/837964/en-us
    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Get Active Directory User Last Logon
    Create an Active Directory test domain similar to the production one
    Management of test accounts in an Active Directory production domain - Part I
    Management of test accounts in an Active Directory production domain - Part II
    Management of test accounts in an Active Directory production domain - Part III
    Reset Active Directory user password

  • Correct binding and searching -- please look

    Given the following DIT:
    edge.com (Domain)
    |-- Subgroup 1(type Organizational Unit)
    |-- MMC_Users (type Organizational Unit)
    |-- Advisors (type Organizational Unit)
    |-- Person One (type User)
    |-- Person Two (type User)
    |-- Q (type Organizational Unit)
    |-- Person Three (type User)
    |-- Person Four (type User)
    |-- Person Five (type User)
    |-- TNBT (type Organizational Unit)
    |-- Person Six (type User)
    |-- MSU (type Organizational Unit)
    |-- Person Seven (type User)
    How would I bind to find all the user names of people listed in a subgroups of MMC_Users? In other words, what user exist in the Advisors, Q, TNBT, and MSU groups.
    I am using the following search code:
    Hashtable oEnv =new HAshtable();
    oEnv.put(javax.naming.Context.PROVIDER_URL, "ldap://bos-gc01:389/dn=edge,dn=com");
    oEnv.put(Context.SECURITY_AUTHENTICATION, "simple");
    oEnv.put(Context.SECURITY_PRINCIPAL, "user");
    oEnv.put(Context.SECURITY_CREDENTIALS, "pasword");
    DirContext oCTX = new InitialDirContext(oEnv);
    SearchControls constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
    System.out.println("asking for search results....");
    results = oCTX.search("ou=Q,ou=MMC_Users","(uid=*)", constraints);
    System.out.println("@@@ DOES IT GET HERE?");
    while ((results != null) && results.hasMore())
    System.out.println("never get here");
    Any help would be greatly appreciated.

    ARGH! correct spacing wasn't showing is showing on this before....
    edge.com (Domain)
       |-- Subgroup 1(type Organizational Unit)
       |-- MMC_Users (type Organizational Unit)
          |-- Advisors (type Organizational Unit)
            |-- Person One (type User)
            |-- Person Two (type User)
          |-- Q (type Organizational Unit)
            |-- Person Three (type User)
            |-- Person Four (type User)
            |-- Person Five (type User)
          |-- TNBT (type Organizational Unit)
            |-- Person Six (type User)
          |-- MSU (type Organizational Unit)
            |-- Person Seven (type User)

  • LDAP Search/Bind function

    I'm trying to create an authentication function that can perform a search/bind.
    The algorithm for this is as follows:
    1) Bind to the LDAP server as the application (ie: admin username and password)
    2) Search the LDAP directory for the sign-in username %userid%
    3) Get the DN of that entry
    4) Unbind as the application
    5) Bind as the sign-in username %userid% with the DN from above
    I'm pretty sure that this is possible with the DBMS_LDAP and DBMS_LDAP_UTL packages, but I'm not sure how to put it all together. Does anyone out there know if a function such as this already exists?
    Thanks,
    Logan

    Well, I figured it out.
    create or replace FUNCTION F_Authenticate (p_username in varchar2, p_password in varchar2)
          RETURN BOOLEAN
       IS
          CURSOR ldap_param_cur
          IS
             SELECT *
               FROM ldap_parameters;
          ldap_param_rec   ldap_param_cur%ROWTYPE;
          l_session        DBMS_LDAP.SESSION;
          l_srch_attr      DBMS_LDAP.STRING_COLLECTION;
          l_attr_values    DBMS_LDAP.STRING_COLLECTION;
          l_result         DBMS_LDAP.MESSAGE;
          l_entry          DBMS_LDAP.MESSAGE;
          l_dn             VARCHAR2 (200);
          l_retval         PLS_INTEGER;
          multiple_uid     EXCEPTION;
          no_ldap_entry    EXCEPTION;
       BEGIN
          -- get parameters from uvic_ldap_parameters table
          OPEN ldap_param_cur;
          FETCH ldap_param_cur
           INTO ldap_param_rec;
          -- if the cursor returns no records display error message and exit
          IF ldap_param_cur%NOTFOUND
          THEN
             DBMS_OUTPUT.PUT_LINE
                 ( 'LDAP Parameters not configured in UVIC_LDAP_PARAMETERS table'
             CLOSE ldap_param_cur;
             RETURN FALSE;
          END IF;
          CLOSE ldap_param_cur;
          DBMS_LDAP.use_exception := TRUE;
          BEGIN
             -- open session to ldap server
             l_session :=
                DBMS_LDAP.init (ldap_param_rec.ldap_host,
                                ldap_param_rec.ldap_port
             -- bind with credentials from cursor
             l_retval :=
                DBMS_LDAP.simple_bind_s (l_session,
                                         ldap_param_rec.search_credential,
                                         ldap_param_rec.search_passwd
             -- run ldap search
             l_retval :=
                DBMS_LDAP.search_s (l_session,
                                    ldap_param_rec.search_base,
                                    DBMS_LDAP.SCOPE_SUBTREE,
                                    ldap_param_rec.search_filter || p_username,
                                    l_srch_attr,
                                    0,
                                    l_result
             -- count the search result records
             l_retval := DBMS_LDAP.count_entries (l_session, l_result);
             -- if multiple search result records raise exception
             -- the userid should be unique and only return 1 search record
             IF l_retval > 1
             THEN
                RAISE multiple_uid;
             ELSIF NVL (l_retval, 0) = 0
             THEN
                RAISE no_ldap_entry;
             END IF;
             -- select first entry from ldap search record
             l_entry := DBMS_LDAP.first_entry (l_session, l_result);
             -- get the distinguished name from the ldap record
             l_dn := DBMS_LDAP.get_dn (l_session, l_entry);
             -- close ldap session used to retrieve search results
             l_retval := DBMS_LDAP.unbind_s (l_session);
             -- open session to ldap server
             l_session :=
                DBMS_LDAP.init (ldap_param_rec.ldap_host,
                                ldap_param_rec.ldap_port);
             -- bind using ldap search results distinguished name and password
             -- if the bind is successful the user can login
             l_retval := DBMS_LDAP.simple_bind_s (l_session, l_dn, p_password);
             -- close ldap session
             l_retval := DBMS_LDAP.unbind_s (l_session);
             RETURN TRUE;
          EXCEPTION
             WHEN multiple_uid
             THEN
                l_retval := DBMS_LDAP.unbind_s (l_session);
                DBMS_OUTPUT.PUT_LINE('Multiple LDAP entries found.'
                RETURN FALSE;
             WHEN no_ldap_entry
             THEN
                l_retval := DBMS_LDAP.unbind_s (l_session);
                DBMS_OUTPUT.PUT_LINE ('No LDAP records found.'
                RETURN FALSE;
             WHEN OTHERS
             THEN
                l_retval := DBMS_LDAP.unbind_s (l_session);
                DBMS_OUTPUT.PUT_LINE ('LDAP Error. Unknown type.');
                RETURN FALSE;
          END;
       EXCEPTION
          WHEN OTHERS
          THEN
             l_retval := DBMS_LDAP.unbind_s (l_session);
             DBMS_OUTPUT.PUT_LINE ('LDAP Error. Unknown type.');
             RETURN FALSE;
       END F_Authenticate;

  • LDAP client binding failure stops TimerTask thread

    Hi There,
    I try to schedule a TimerTask once ldap binding fails, but the binding failure prevents the TimerTask thread to start. Any idea? or any work around?
    Thanks.
    try{
    ctx = new InitialLdapContext(envs[ctx_idx], null);
    }catch(NamingException ne){
    START();
    public static void start() {
    timer = new Timer();
    timer.schedule(new TimerTask() {
    public void run(){
    System.out.println(".... Visit moniter ....");
    }, 10, 1000) ;
    } // end of start
    ...

    Problem Fixed. Windows XP client did not have WINS server IP address is TCP/IP properties.

  • Correct binding order in a Cluster with logical switches, NIC teams, and vNICs on the host.

    I have seen many recommendations to set the network binding order on you Hyper-V hosts to something similar to:
    Management NIC
    Cluster NICs
    iSCSI NICS
    However, all of  these recommendations are for scenarios where the NICs are all physical NICs in the host.
    Using Server 2012 R2, I am building converged networks with logical switches, NIC Teams, and vNICs on the host.  So when I go set the network binding order, I now have all these components to deal with as well.  For example, on a 4 adapter blade,
    I might typically have the following items in the binding order drop-down.
    4 - physical NICs (2- teamed for the 1 virtual switch, the other 2 used for iSCSI)
    1 - Team interface (Datacenter_Switch)
    5 - vNICs (Management, Cluster, LiveMigration, iSCSI-1, iSCSI-2)
    So, should you only worry about order of the vNICS (placed at the top) and let the other components just fall to the bottom of the list?  This seems to be likely to me, since the binding order applies to service access to the resources, and the other
    components are not being directly accessed by network services?
    Or, should the order start out with the physical resources needed to access the vNICs, followed by any intermediate resources (switches or team interfaces, then the vNICS themselves, to ensure that the resources are available to the subcompnents accessing
    them?
    Any help would be appreciated.
    Thanks.
    -Tim Reid

    If by 'network binding order' you mean the order set in the Advanced Settings of the Network Connections of the Control Panel, then the most important one is to make sure the domain network is at the top of the list.  Whichever network is at the top
    of the list is used first for auth functions.  So auth functions perform best when the proper network is placed first in the binding order.  After that, I don't know that it makes much difference at all.  (If it does, I'm sure my statement will
    start a lively discussion. <grin>)
    . : | : . : | : . tim

  • LDAP Simple Bind - Authetication?

    Hi
    We have requirement to authenticate LDAP user id and password in a BSP.
    In function module LDAP_SIMPLEBIND we have the parameters Usr_string and pwd_string.
    Is these parameters for LDAP user id and password? If user details are incorrect it is supposed to return code LDAPRC as 49.
    I need to know whether we can use this method to authenticate LDAP user.
    Please provide your views.
    Thanks
    Rakesh

    ok got the point.
    to be able to connect to check the uid/pwd
    here is how you have to pass the password
    CALL FUNCTION 'LDAP_SIMPLEBIND'
          EXPORTING
           serverid     = p_serv                               
               usr      = wf_base
               pwd      = pwd
          IMPORTING
               ldaprc       = wf_error
    where for p_serv you pass the server alias defined in transaction LDAP
    and for wf_base (passed to parameter usr)
    you have pass it with its path
    CONCATENATE 'uid=' user_id ','  'ou=people,dc=domain,dc=com,o=internet' INTO wf_base.
    this syntax will change based on the setup of your LDAP server.
    Regards
    Raja

  • SharePoint 2010 with LDAP authentication, using NOVELL eDirectory

    One of my customers needs a SharePoint application that allows people to authenticate with either an Active Directory account (internal staff) or a Novell eDirectory account (external customers).
    Using the following article as a base guide (http://blogs.technet.com/b/speschka/archive/2009/11/05/configuring-forms-based-authentication-in-sharepoint-2010.aspx)
    I configured a claims-based test application that had Windows authentication enabled and Forms based authentication (FBA) enabled (this is on a Windows 2008 server and not a domain controller)
    In the Membership provider name text box I entered "LdapMember"
    In the Role provider name  text box I entered "LdapRole"
    In the web.config for the SharePoint Central Admin, I modified/added the following details right before </system.web>
    <membership>
    <providers>
    <add name="LdapMember"
    type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
    server="ldap.server.address"
    port="389"
    useSSL="false"
    connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
    connectionPassword= "validpassword"
    userDNAttribute="dn"
    userNameAttribute="cn"
    userContainer="OU=people,O=validobject"
    userObjectClass="person"
    userFilter="(ObjectClass=person)"
    scope="Subtree"
    otherRequiredUserAttributes="sn,givenname,cn" />
    </providers>
    </membership>
    <roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider" >
    <providers>
    <add name="LdapRole"
    type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
    server="ldap.server.address"
    port="389"
    useSSL="false"
    connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
    connectionPassword= "validpassword"
    groupContainer="OU=people,O=validobject"
    groupNameAttribute="cn"
    groupNameAlternateSearchAttribute="samAccountName"
    groupMemberAttribute="member"
    userNameAttribute="sAMAccountName"
    dnAttribute="distinguishedName"
    groupFilter="((ObjectClass=group)"
    userFilter="((ObjectClass=person)"
    scope="Subtree" />
    </providers>
    </roleManager>
    I modified the SecurityTokenServiceApplication web.config with these details
    <system.web>
    <membership>
    <providers>
    <add name="LdapMemebr"
    type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
    server="ldap.server.address"
    port="389"
    useSSL="false"
    connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
    connectionPassword= "validpassword"
    userDNAttribute="dn"
    userNameAttribute="cn"
    userContainer="OU=people,O=validobject"
    userObjectClass="person"
    userFilter="(ObjectClass=person)"
    scope="Subtree"
    otherRequiredUserAttributes="sn,givenname,cn" />
    </providers>
    </membership>
    <roleManager enabled="true">
    <providers>
    <add name="LdapRole"
    type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
    server="ldap.server.address"
    port="389"
    useSSL="false"
    connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
    connectionPassword= "validpassword"
    groupContainer="OU=people,O=validobject"
    groupNameAttribute="cn"
    groupNameAlternateSearchAttribute="samAccountName"
    groupMemberAttribute="member"
    userNameAttribute="sAMAccountName"
    dnAttribute="distinguishedName"
    groupFilter="(&amp;(ObjectClass=group))"
    userFilter="(&amp;(ObjectClass=person))"
    scope="Subtree" />
    </providers>
    </roleManager>
    </system.web>
    I modified the web.config of the test application I created with these details
    <roleManager defaultProvider="c" enabled="true" cacheRolesInCookie="false">
    <providers>
    <add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
    <add name="LdapRole" type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
    server="ldap.server.address"
    port="389"
    useSSL="false"
    connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
    connectionPassword= "validpassword"
    groupContainer="OU=people,O=validobject"
    groupNameAttribute="cn"
    groupNameAlternateSearchAttribute="samAccountName"
    groupMemberAttribute="member"
    userNameAttribute="cn"
    dnAttribute="dn"
    groupFilter="(&amp;(ObjectClass=group))"
    userFilter="(&amp;(ObjectClass=person))"
    scope="Subtree" />
    </providers>
    </roleManager>
    <membership defaultProvider="i">
    <providers>
    <add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
    <add name="LdapMember" type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
    server="ldap.server.address"
    port="389"
    useSSL="false"
    connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
    connectionPassword= "validpassword"
    useDNAttribute="true"
    userDNAttribute="dn"
    userNameAttribute="cn"
    userContainer="OU=people,O=validobject"
    userObjectClass="person"
    userFilter="(ObjectClass=person)"
    scope="Subtree"
    otherRequiredUserAttributes="sn,givenname,cn" />
    </providers>
    </membership>
    With all of this configured, I can go to the new test site, I do see the form where I can choose either Windows authentication or Forms authentication. I can successfully login with Windows authentication, but forms authentication gives me me an error.
    The server could not sign you in. Make sure your user name and password are correct, and then try again.
    I can successfully login to a LDAP management tool, using the same credentials I entered on the form, so I know the username and password being submitted are correct. I get the following items in the event viewer
    8306 - SharePoint Foundation - The security token username and password could not be validated.
    in the SharePoint trace logs - Password check on 'testuser' generated exception: 'System.ServiceModel.FaultException`1[Microsoft.IdentityModel.Tokens.FailedAuthenticationException]: The security token username and password could not be validated. and
    then this:
    Request for security token failed with exception: System.ServiceModel.FaultException: The security token username and password could not be validated.
    at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.ReadResponse(Message response)
    at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr)
    at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst)
    at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo)
    I monitored the LDAP server and did a packet-trace on the communication happening between the SharePoint server and the LDAP server and it is a bit odd. It goes like this:
    The SharePoint server successfully connects to the LDAP server, binding the ldapserviceid+password
    The LDAP server tells the SharePoint server it is ready to communicate
    the SharePoint server sends an LDAP query to the LDAP server, asking if the name entered in the form authentication page can be found.
    The LDAP server does the query, successfully finds the entered name and sends a success message back to SharePoint
    The LDAP server sends notification that it is done and is closing the connection that was bound to theldapserviceid+password
    The SharePoint server acknowledges the connection is closing
    ... and then nothing happens, except the error on SharePoint
    What I understand is that the SharePoint server, once it gets confirmation that the submitted username exists in LDAP, should attempt to make a new LDAP connection, bound to the username and password submitted in the form (rather than the LDAP service account
    specified in the web.config). That part does not seem to be happening.
    I am at a standstill on this and any help would be greatly appreciated.

    OK, our problem was resolved by removing any information about the ASP.NET role manager. Initially, we had information about a role manager defined in three different web.config files, as well as in the SharePoint Central Administration site, where there
    is the checkbox to Enable Forms Based Authentication (you see this when you first create the new SharePoint app, or afterwards by modifying the Authentication Provider for the app.) In either case, you will see two text boxes, underneath the checkbox item
    for enabling Forms Based Authentication:
    "ASP.NET Membership provider name"
    "ASP.NET Role manager name"
    We entered a name for Membership provider, and left Role manager blank.
    In the web.config for the SharePoint Central Administration site, the SecurityTokenServiceApplication app, and the web app we created with FBA enabled, we entered the following:
    <membership>
    <providers>
    <add name="LdapMember"
    type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
    server="ldap.server.address"
    port="389"
    useSSL="false"
    connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
    connectionPassword="validpassword"
    useDNAttribute="false"
    userDNAttribute="dn"
    userNameAttribute="cn"
    userContainer="OU=people,O=validobject"
    userObjectClass="person"
    userFilter="(ObjectClass=person)"
    scope="Subtree"
    otherRequiredUserAttributes="sn,givenname,cn" />
    </providers>
    </membership>
    <roleManager>
    <providers>
    </providers>
    </roleManager>
    useDNAttribute="false" turned out to be important as well.
    So, for us to get LDAP authentication working between SharePoint 2010 and Novel eDirectory, we had to:
    leave anything related to the role provider blank
    configure the web.config in three different applications, with the proper connection information to reach our Novel eDir
    Ensure that useDNAttribute="false" was used in all three on the modified web.config files.
    Since our eDir is flat and used pretty much exclusively for external users, we had never done any sort of advanced role management configuration in eDir. So, by having role manager details in the web.config files, SharePoint was waiting for information from
    a non-existent role manager.

  • ServletContainerAdapter manager not initialized correctly wls11g

    Hi,
    I am using the weblogic 11g(10.3.1 version) to connect with LDAP server.
    I created the new authenticatior provider.in provider specific tab of this Authenticator Provider,
    i gave the settings for LDap server.
    then,i restarted the weblogic server.and check for the users in security realm,then i am not getting any users from Ldap.
    The base_domain.log is :
    ####<Oct 3, 2009 6:13:20 PM GMT+05:30> <Notice> <Security> <d2i3pc002> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1254573800182> <BEA-090082> <Security initializing using security realm myrealm.>
    ####<Oct 3, 2009 6:13:22 PM GMT+05:30> <Warning> <Deployer> <d2i3pc002> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1254573802964> <BEA-149617> <Non-critical internal application uddi was not deployed. Error: [Deployer:149158]No application files exist at 'C:\oracle\MIDDLE~1\WLS103~1.0\WLSERV~1.3\server\lib\uddi.war'.>
    ####<Oct 3, 2009 6:13:22 PM GMT+05:30> <Warning> <Deployer> <d2i3pc002> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1254573802964> <BEA-149617> <Non-critical internal application uddiexplorer was not deployed. Error: [Deployer:149158]No application files exist at 'C:\oracle\MIDDLE~1\WLS103~1.0\WLSERV~1.3\server\lib\uddiexplorer.war'.>
    ####<Oct 3, 2009 6:13:23 PM GMT+05:30> <Notice> <WebLogicServer> <d2i3pc002> <AdminServer> <main> <<WLS Kernel>> <> <> <1254573803979> <BEA-000365> <Server state changed to STANDBY>
    ####<Oct 3, 2009 6:13:23 PM GMT+05:30> <Notice> <WebLogicServer> <d2i3pc002> <AdminServer> <main> <<WLS Kernel>> <> <> <1254573803979> <BEA-000365> <Server state changed to STARTING>
    ####<Oct 3, 2009 6:13:44 PM GMT+05:30> <Warning> <oracle.adf.share.jndi.ReferenceStoreHelper> <d2i3pc002> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <> <1254573824729> <BEA-000000> <Incomplete connection information>
    ####<Oct 3, 2009 6:13:44 PM GMT+05:30> <Warning> <oracle.adf.share.jndi.ReferenceStoreHelper> <d2i3pc002> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <> <1254573824761> <BEA-000000> <Incomplete connection reference object >
    ####<Oct 3, 2009 6:13:46 PM GMT+05:30> <Notice> <Log Management> <d2i3pc002> <AdminServer> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1254573826464> <BEA-170027> <The Server has established connection with the Domain level Diagnostic Service successfully.>
    ####<Oct 3, 2009 6:13:46 PM GMT+05:30> <Notice> <WebLogicServer> <d2i3pc002> <AdminServer> <main> <<WLS Kernel>> <> <> <1254573826557> <BEA-000365> <Server state changed to ADMIN>
    ####<Oct 3, 2009 6:13:46 PM GMT+05:30> <Notice> <WebLogicServer> <d2i3pc002> <AdminServer> <main> <<WLS Kernel>> <> <> <1254573826557> <BEA-000365> <Server state changed to RESUMING>
    ####<Oct 3, 2009 6:13:46 PM GMT+05:30> <Notice> <Server> <d2i3pc002> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1254573826604> <BEA-002613> <Channel "Default" is now listening on 192.168.1.63:7001 for protocols iiop, t3, ldap, snmp, http.>
    ####<Oct 3, 2009 6:13:46 PM GMT+05:30> <Notice> <Server> <d2i3pc002> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1254573826604> <BEA-002613> <Channel "Default[1]" is now listening on 127.0.0.1:7001 for protocols iiop, t3, ldap, snmp, http.>
    ####<Oct 3, 2009 6:13:46 PM GMT+05:30> <Notice> <WebLogicServer> <d2i3pc002> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1254573826604> <BEA-000331> <Started WebLogic Admin Server "AdminServer" for domain "base_domain" running in Development Mode>
    ####<Oct 3, 2009 6:13:46 PM GMT+05:30> <Notice> <WebLogicServer> <d2i3pc002> <AdminServer> <main> <<WLS Kernel>> <> <> <1254573826636> <BEA-000360> <Server started in RUNNING mode>
    ####<Oct 3, 2009 6:13:46 PM GMT+05:30> <Notice> <WebLogicServer> <d2i3pc002> <AdminServer> <main> <<WLS Kernel>> <> <> <1254573826636> <BEA-000365> <Server state changed to RUNNING>
    ####<Oct 3, 2009 6:15:55 PM GMT+05:30> <Error> <org.apache.beehive.netui.pageflow.internal.AdapterManager> <d2i3pc002> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <> <1254573955292> <BEA-000000> <ServletContainerAdapter manager not initialized correctly.>
    ####<Oct 3, 2009 6:16:31 PM GMT+05:30> <Error> <Console> <d2i3pc002> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <> <1254573991120> <BEA-240003> <Console encountered the following error weblogic.security.providers.authentication.LDAPAtnDelegateException: [Security:090294]could not get connection
         at weblogic.security.providers.authentication.LDAPAtnDelegate.getConnection(LDAPAtnDelegate.java:3224)
         at weblogic.security.providers.authentication.LDAPAtnDelegate.listUsers(LDAPAtnDelegate.java:2248)
         at weblogic.security.providers.authentication.LDAPAuthenticatorImpl.listUsers(LDAPAuthenticatorImpl.java:178)
         at weblogic.security.providers.authentication.ActiveDirectoryAuthenticatorMBeanImpl.listUsers(ActiveDirectoryAuthenticatorMBeanImpl.java:225)
         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
         at java.lang.reflect.Method.invoke(Method.java:597)
         at weblogic.management.jmx.modelmbean.WLSModelMBean.invoke(WLSModelMBean.java:437)
         at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:836)
         at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:761)
         at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$16.run(WLSMBeanServerInterceptorBase.java:449)
         at java.security.AccessController.doPrivileged(Native Method)
         at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.invoke(WLSMBeanServerInterceptorBase.java:447)
         at weblogic.management.mbeanservers.internal.JMXContextInterceptor.invoke(JMXContextInterceptor.java:268)
         at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase$16.run(WLSMBeanServerInterceptorBase.java:449)
         at java.security.AccessController.doPrivileged(Native Method)
         at weblogic.management.jmx.mbeanserver.WLSMBeanServerInterceptorBase.invoke(WLSMBeanServerInterceptorBase.java:447)
         at weblogic.management.mbeanservers.internal.SecurityInterceptor.invoke(SecurityInterceptor.java:443)
         at weblogic.management.jmx.mbeanserver.WLSMBeanServer.invoke(WLSMBeanServer.java:314)
         at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder$11$1.run(JMXConnectorSubjectForwarder.java:663)
         at java.security.AccessController.doPrivileged(Native Method)
         at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder$11.run(JMXConnectorSubjectForwarder.java:661)
         at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
         at weblogic.management.mbeanservers.internal.JMXConnectorSubjectForwarder.invoke(JMXConnectorSubjectForwarder.java:654)
         at javax.management.remote.rmi.RMIConnectionImpl.doOperation(RMIConnectionImpl.java:1426)
         at javax.management.remote.rmi.RMIConnectionImpl.access$200(RMIConnectionImpl.java:72)
         at javax.management.remote.rmi.RMIConnectionImpl$PrivilegedOperation.run(RMIConnectionImpl.java:1264)
         at java.security.AccessController.doPrivileged(Native Method)
         at javax.management.remote.rmi.RMIConnectionImpl.doPrivilegedOperation(RMIConnectionImpl.java:1366)
         at javax.management.remote.rmi.RMIConnectionImpl.invoke(RMIConnectionImpl.java:788)
         at javax.management.remote.rmi.RMIConnectionImpl_WLSkel.invoke(Unknown Source)
         at weblogic.rmi.internal.ServerRequest.sendReceive(ServerRequest.java:174)
         at weblogic.rmi.internal.BasicRemoteRef.invoke(BasicRemoteRef.java:222)
         at javax.management.remote.rmi.RMIConnectionImpl_1031_WLStub.invoke(Unknown Source)
         at javax.management.remote.rmi.RMIConnector$RemoteMBeanServerConnection.invoke(RMIConnector.java:978)
         at weblogic.management.jmx.MBeanServerInvocationHandler.doInvoke(MBeanServerInvocationHandler.java:544)
         at weblogic.management.jmx.MBeanServerInvocationHandler.invoke(MBeanServerInvocationHandler.java:380)
         at $Proxy122.listUsers(Unknown Source)
         at com.bea.console.utils.security.UserUtils.getUsers(UserUtils.java:78)
         at com.bea.console.actions.security.users.UserTableAction.getCollection(UserTableAction.java:100)
         at com.bea.console.actions.security.ManagementBaseTableAction.execute(ManagementBaseTableAction.java:83)
         at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431)
         at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.access$201(PageFlowRequestProcessor.java:97)
         at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor$ActionRunner.execute(PageFlowRequestProcessor.java:2044)
         at org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors.wrapAction(ActionInterceptors.java:91)
         at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processActionPerform(PageFlowRequestProcessor.java:2116)
         at com.bea.console.internal.ConsolePageFlowRequestProcessor.processActionPerform(ConsolePageFlowRequestProcessor.java:262)
         at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236)
         at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processInternal(PageFlowRequestProcessor.java:556)
         at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.process(PageFlowRequestProcessor.java:853)
         at org.apache.beehive.netui.pageflow.AutoRegisterActionServlet.process(AutoRegisterActionServlet.java:631)
         at org.apache.beehive.netui.pageflow.PageFlowActionServlet.process(PageFlowActionServlet.java:158)
         at com.bea.console.internal.ConsoleActionServlet.process(ConsoleActionServlet.java:256)
         at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414)
         at com.bea.console.internal.ConsoleActionServlet.doGet(ConsoleActionServlet.java:133)
         at org.apache.beehive.netui.pageflow.PageFlowUtils.strutsLookup(PageFlowUtils.java:1199)
         at com.bea.portlet.adapter.scopedcontent.ScopedContentCommonSupport.executeAction(ScopedContentCommonSupport.java:686)
         at com.bea.portlet.adapter.scopedcontent.ScopedContentCommonSupport.renderInternal(ScopedContentCommonSupport.java:266)
         at com.bea.portlet.adapter.scopedcontent.StrutsStubImpl.render(StrutsStubImpl.java:107)
         at com.bea.netuix.servlets.controls.content.NetuiContent.preRender(NetuiContent.java:292)
         at com.bea.netuix.nf.ControlLifecycle$6.visit(ControlLifecycle.java:428)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:727)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walkRecursivePreRender(ControlTreeWalker.java:739)
         at com.bea.netuix.nf.ControlTreeWalker.walk(ControlTreeWalker.java:146)
         at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:395)
         at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:361)
         at com.bea.netuix.nf.Lifecycle.runOutbound(Lifecycle.java:208)
         at com.bea.netuix.nf.Lifecycle.run(Lifecycle.java:162)
         at com.bea.netuix.servlets.manager.UIServlet.runLifecycle(UIServlet.java:388)
         at com.bea.netuix.servlets.manager.UIServlet.doPost(UIServlet.java:258)
         at com.bea.netuix.servlets.manager.UIServlet.doGet(UIServlet.java:211)
         at com.bea.netuix.servlets.manager.UIServlet.service(UIServlet.java:196)
         at com.bea.netuix.servlets.manager.SingleFileServlet.service(SingleFileServlet.java:251)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
         at com.bea.console.utils.MBeanUtilsInitSingleFileServlet.service(MBeanUtilsInitSingleFileServlet.java:47)
         at weblogic.servlet.AsyncInitServlet.service(AsyncInitServlet.java:130)
         at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
         at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
         at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
         at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
         at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
         at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
         at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3588)
         at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
         at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
         at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2200)
         at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2106)
         at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1428)
         at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
         at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
    Caused by: java.lang.reflect.InvocationTargetException
         at weblogic.security.providers.authentication.LDAPAtnDelegate$LDAPFactory.newInstance(LDAPAtnDelegate.java:3890)
         at weblogic.security.utils.Pool.newInstance(Pool.java:37)
         at weblogic.security.utils.Pool.getInstance(Pool.java:33)
         at weblogic.security.providers.authentication.LDAPAtnDelegate.getConnection(LDAPAtnDelegate.java:3219)
         ... 119 more
    Caused by: netscape.ldap.LDAPException: error result (49); 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece
         at netscape.ldap.LDAPConnection.checkMsg(LDAPConnection.java:4871)
         at netscape.ldap.LDAPConnection.simpleBind(LDAPConnection.java:1766)
         at netscape.ldap.LDAPConnection.authenticate(LDAPConnection.java:1264)
         at netscape.ldap.LDAPConnection.authenticate(LDAPConnection.java:1273)
         at netscape.ldap.LDAPConnection.bind(LDAPConnection.java:1562)
         at weblogic.security.providers.authentication.LDAPAtnDelegate$LDAPFactory.newInstance(LDAPAtnDelegate.java:3860)
         ... 122 more
    >
    org.apache.beehive.netui.util.logging.logger error
    why i am getting the error:
    ####<Oct 3, 2009 6:15:55 PM GMT+05:30> <Error> <org.apache.beehive.netui.pageflow.internal.AdapterManager> <d2i3pc002> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <> <1254573955292> <BEA-000000> <ServletContainerAdapter manager not initialized correctly.>
    can anyone help me to figure out wherer the problem is.
    Sailaja

    As for this error
    at weblogic.security.providers.authentication.LDAPAtnDelegate.getConnection(LDAPAtnDelegate.java:3219)
    ... 119 more
    Caused by: netscape.ldap.LDAPException: error result (49); 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece
    It means the password for the principal is incorrect.. please try to connect to the LDAP Server from a stanalone client and verify..

  • ACE 4710 LDAP probe

    Folks,
    We'll be adding a farm this weekend to do some kind of balance for LDAP and LDAPs servers.
    I've been thinking about what would be the best way to probe that servers.
    I assume an generic TCP probe has to be created testing 389 and 636, but i honestly don't know what should i expect coming from the real servers.
    Does anyone have a LDAP farm in place or something like that.. ? I've found an script on the internet, but it seems a little bit further that what i can understand.. therefore i'm not really confident to use this.
    Thanks for any advices.
    Andre

    Hi Andre,
    You can use scripted ldap probe (LDAP_PROBE) available with ACE. It sends an anonymous bind request and check for bind success.
    probe tcp LDAPS_Probe
      port 636
    probe tcp LDAP_Probe
      port 389
    This is how you can apply the script for LDAP port 389.
    script file 1 LDAP_PROBE
    probe scripted LDAP_PROBE_389
    interval 5
    passdetect interval 30
    receive 5
    script LDAP_PROBE
    serverfarm host SF-LDAP-389
    description SF LDAP Port 389
    predictor leastconns
    probe LDAP_PROBE_389
    rserver LDAP-RS1-389
    inservice
    The only supported LDAP probe on the ACE module is the unsecure scripted probe,
    http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA2_3_0/configuration/slb/guide/script.html#wp1111558
    The pre-made TCL script probes available from the Software download page also contains an LDAP probe that you can use to verify the health of the LDAP servers.
    The ace_scripts.tgz zip file contains these scripts and is located at this URL:
    http://www.cisco.com/pcgi-bin/tablebuild.pl/cat6500-ace
    To unzip this file, use the gunzip command in Exec mode,
    http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA1_7_/configuration/slb/guide/script.html#wp1107470
    For your convenience, the following sample scripts for the ACE are available to support the TCL feature and are supported by Cisco TAC:
    •CHECKPORT_STD_SCRIPT
    •ECHO_PROBE_SCRIPT
    •FINGER_PROBE_SCRIPT
    •FTP_PROBE_SCRIPT
    •HTTP_PROBE_SCRIPT
    •HTTPCONTENT_PROBE
    •HTTPHEADER_PROBE
    •HTTPPROXY_PROBE
    •IMAP_PROBE
    •LDAP_PROBE -----------------> "The LDAP probe you are looking for"
    •MAIL_PROBE
    •POP3_PROBE
    •PROBENOTICE_PROBE
    •RTSP_PROBE
    •SSL_PROBE_SCRIPT
    •TFTP_PROBE
    Also remember that the binding request should be send as a binary and not via ASCII. To get a packet capture of a succeessful credential binding request with username and password and then convert this to HEX value and insert it in the script.
    The easiest way is to capture a packet with the authentication credentials and then replace the hex bind string in the example.
    The alternative is to handcode the BER coded ASN.1 data string - which while more fun is time consuming. The remainder of the script can stay the same.
    You can do this on an ACE module. You have to be aware that 300c02010160 in the example script string is a sort of "header" that holds the request id (1). This will be different in your packet capture.
    If you look at the decomposition of the example you'll be able to see how it is put together and what you need to change.
    0x30 The start of a universal constructed sequence
    0x0c The length of the sequence minus the tag and length bytes = 12 bytes
    0x02 Next field is an integer
    0x01 The length of the next field (1 byte)
    0x01 Value (this is the message ID)
    0x60 Application, number 0, use RFC2251 to decode. This is a Bind Request
    0x07 Length of data to follow.
    0x02 Integer
    0x01 Length 1
    0x03 3 - this is the LDAP version.
    0x04 String
    0x00 Length 0
    0x80 Simple Authentication
    0x00 Length 0
    Just keep the id the same in the unbind.
    The string I use is:
    302d02010160280201030418636e3d41636550726f78792c6f3d556e69766572736974798009ffffffffffffffffff
    where I've replaced the 9 character password with 9*x'ff'.
    The username for binding is AceProxy.  If you want to use the same script then create that username and set the password in the string above (in hex).  If for example you set the password to Example12 then you need to set the 9*x'ff' to '4578616d706c653132' - which is the hex representation of the ASCII.
    Note that if you use fewer or more than 9 characters then you'll need to change other values in the string because they refer to lengths.
    You need to create a copy of the standard LDAP probe into your own file and then replace the hex string in the "puts" line which you identified above with the new string.
    Then copy the file to the ACE:
    ace1/ldap# copy ftp: disk0:
    Enter source filename[]? My-LDAP_PROBE
    Enter the destination filename[]? [My-LDAP_PROBE]
    Enter hostname for the ftp server[]?
    1.2.3.4
    Enter username[]? anonymous
    Enter the file transfer mode[bin/ascii]: [bin]
    Password:
    Passive mode on.
    Hash mark printing on (1024 bytes/hash mark).
    In the context create a scripted probe definition:
    probe scripted PROBE-LDAP-389
      interval 60
      receive 20
      script My-LDAP_PROBE
    Load the script into the context:
    script file 10 My-LDAP_PROBE
    And then add it to the serverfarm:
    serverfarm host FARM-LDAP
      probe PROBE-LDAP-389
    The manual implies that you can pass arguments to a scripted probe, but you would then have to build the hex string dynamically - taking care that all the length values were correct.
    This should be enough to enable you to implement the script.
    Find another example on this
    URL:http://scuq.abyle.org/?page_id=201
    #!name = ADV_LDAP_PROBE
    #### > user for linux tclsh !/usr/bin/tclsh8.4
    # Stefan Nistelberger
    # changes to cisco's original probe
    # * username and password with ldap simple bind (dynamically generated packets)
    # * unable to connect exception handling
    # * debug message for invalidCredentials
    # debug procedure
    # set the EXIT_MSG environment variable to help debug
    # also print the debug message when debug flag is on
    proc ace_debug { msg } {
        global debug ip port EXIT_MSG
        set EXIT_MSG $msg
        if { [ info exists ip ] && [ info exists port ] } {
            set EXIT_MSG "[ info script ]:$ip:$port: $EXIT_MSG "
        if { [ info exists debug ] && $debug } {
            puts $EXIT_MSG
    # main
    # parse cmd line args and initialize variables
    ## set debug value
    set debug 1
    if { [ regsub -nocase "DEBUG" $argv "" argv] } {
        set debug 1
    ace_debug "initializing variable"
    set EXIT_MSG "Error config:  script ADV_LDAP_PROBE \[DEBUG\]"
    set ip $scriptprobe_env(realIP)
    set port "0"
    set ldap_start "30"
    set ldap_bindheader "02010160"
    set ldap_bind "0201"
    set ldap_version "02"
    set ldap_gap1 "04"
    set ldap_gap2 "80"
    set ldap_bindheader_len 5
    set base_len 0c
    set ldap_simple_auth "8007"
    proc toASCII { char } {
       scan $char %c value
       return [format %-x $value]
    set username [ lindex $argv 0 ]
    set hexusername ""
    set password [ lindex $argv 1 ]
    set hexpassword ""
    foreach char [split $username ""] {
         set hexchar [toASCII $char]
         append hexusername $hexchar
    foreach char [split $password ""] {
         set hexchar [toASCII $char]
         append hexpassword $hexchar
    set username_len [string length $username]
    ace_debug $username_len
    set password_len [string length $password]
    ace_debug $password_len
    set base_len [expr 0x$base_len]
    set seq_len [expr $username_len + $password_len + $base_len]
    set sub_seq_len [expr $seq_len - $ldap_bindheader_len]
    set seq_len [format %02x $seq_len]
    set sub_seq_len [format %02x $sub_seq_len]
    set hexldapbindpckt ""
    append hexldapbindpckt $ldap_start
    append hexldapbindpckt "$seq_len"
    append hexldapbindpckt $ldap_bindheader
    append hexldapbindpckt $sub_seq_len
    append hexldapbindpckt $ldap_bind
    append hexldapbindpckt $ldap_version
    append hexldapbindpckt $ldap_gap1
    append hexldapbindpckt [format %02x $username_len]
    append hexldapbindpckt $hexusername
    append hexldapbindpckt $ldap_gap2
    append hexldapbindpckt [format %02x $password_len]
    append hexldapbindpckt $hexpassword
    # if port is zero the use well known ldap port 389
    if { $port == 0 } {
        set port 389
    #ace_debug $hexldapbindpckt
    # PROBE START
    set errorcode [catch {
            set sock [ socket $ip $port ]
    } msg ]
    if {$errorcode != 0} {
            ace_debug $msg
            exit 30002
    fconfigure $sock -buffering line -translation binary
    # anonymous bind request
    #puts -nonewline $sock [ binary format "H*" 300c020101600702010304008000 ]
    puts -nonewline $sock [ binary format "H*" $hexldapbindpckt ]
    set code "ffffff"
    flush $sock
    ace_debug "bef"
    set line [read $sock 22]
    ace_debug "aft"
    binary scan $line H* res
    binary scan $line @15H6 code
    close $sock
    #  make probe fail by exit with 30002 if ldap reply code != success code  0x0a0100
    if {  $code != "0a0100" } {
        if {  $code == "0a0131" } {
            ace_debug " probe failed : expect response code \'0a0100\' but received
    \'$code\' = invalidCredentials"
        } else {
            ace_debug " probe failed : expect response code \'0a0100\' but received
    \'$code\'"
        exit 30002
    ## make probe success by exit with 30001
    ace_debug "probe success"
    exit 30001
    URL for reference:
    https://cisco-support.hosted.jivesoftware.com/thread/132800?decorator=print&displayFullThread=true
    HTH
    Sachin Garg

  • Issue while accessing Approve Clockin/Clockout corrections from UWL

    Hi All,
    We are not able to access approve clockin/clockout correction application from UWL.
    We found one Note - 1600953 and implemented but still we are facing issue.
    Request_id value is passed as Null in the URL.
    Please find the URL and XML below :
    URL:
    https://Hostname:port/irj/servlet/prt/portal/prtroot/pcd!3aportal_content!2fevery_user!2fgeneral!2fdefaultAjaxframeworkContent!2fcom.sap.portal.standalonecontentarea?NavigationTarget=OBN%3A%2F%2FBOTechnicalName%3Demployee%2FOperation%3Dapprovecorrections%2FBOSystemAlias%3DSAP_ERP_HumanResources&DynamicParameter=FROM_POWL%3DX%26Operation%3Dapprovecorrections%26BOTechnicalName%3Demployee%26REQUEST_ID%3Dnull%26BOSystemAlias%3DSAP_ERP_HumanResources&PrevNavTarget=navurl%3A%2F%2Fc3d9aa78324902a8e37ccfd1581ea857&sap-obn-url=OBN%3A%2F%2FBOTechnicalName%3Demployee%2FOperation%3Dapprovecorrections%2FBOSystemAlias%3DSAP_ERP_HumanResources&NavMode=1&CurrentWindowId=WID1401688105969
    XML:
    <ItemType name="uwl.task.webflow.TS91000330.SAP_ECC_HumanResources" connector="WebFlowConnector"
    defaultView="DefaultView" defaultAction="defaultAction" executionMode="default">
          <ItemTypeCriteria systemId="SAP_ECC_HumanResources" externalType="TS91000330" connector="WebFlowConnector"/>
           <CustomAttributes>
            <CustomAttributeSource id="WEBFLOW_CONTAINER" objectIdHolder="externalObjectId"
    objectType="WebflowContainer" cacheValidity="final">
              <Attribute name="REQUEST_ID" type="string" displayName="Request ID"/>
            </CustomAttributeSource>
          </CustomAttributes>
          <Actions>
            <Action name="defaultAction" groupAction="" handler="ObjectNavigationLauncher"
    returnToDetailViewAllowed="yes" launchInNewWindow="yes">
              <Properties>
        <Property name="Operation" value="approvecorrections"/>
            <Property name="ObjectValue" value="REQUEST_ID=${item.REQUESTID}&amp;FROM_POWL=X"/>
                 <Property name="DynamicParameter" value="REQUEST_ID=${item.REQUESTID}&amp;FROM_POWL=X"/>
                <Property name="ObjectName" value="employee"/>
    <Property name="WebDynproApplication" value="HRMSS_A_CICO_APPR"/>
    <Property name="WebDynproNamespace" value="sap"/>
    <Property name="System" value="SAP_ERP_HumanResources"/>
        <Property name="openInNewWindow" value="true"/>
              </Properties>
              <Descriptions default="defaultAction"/>
            </Action>
          </Actions>
        </ItemType>
    Please help.
    Thanks,
    Ravi.

    Hi All,
    This is resolved.
    Issue was from WF approver task, in that Request id is not binded to correct Container element,.
    After doing the correct binding it is working,
    Thanks,
    Ravi

  • LDAP External Authentication Multiple Search Base DNs question

    hi,
    im trying two add two LDAP search DNs to a portal 6.2 organisation.
    with one search base dn it works fine.
    when i add another, all ldap auth for that org stops working.
    the docs confusingly state that if you have multiple search dns (not talking about multiple ldap servers here - just the search base dns) that you should prefix each entry with the local server name. the docs however provide no examples of the syntax.
    can anyone provide an example for multiple search dns? e.g. is it <server:port>:o=<etc> (doesn't seem to work).
    thanks

    hi,
    yes i have.. but when you enter more than one it stop working... with only one entry in the gui it will work for that entry but when you add another it stops working...
    i had to use a manual workaround like this to get the second going... :(
    External ldap authentication
    register the LDAP authentication service in the gui and setup the first DN as normal.
    create the first set of entries for the ldap host and the base dn in the gui as normal etc.
    the gui in the admin console is not working (depending on your point of view), so you need to add the second ldap config manually -
    All commands are run from the /apps/jes/SUNWam/bin directory
    1. Get an encrypted value for the bind dns (cn=Directory Manager) password you want to bind to the ldap directory as by using the ampassword utility shipped with Identity Server.
    ./ampassword -e directory_manager password
    More information on this utility can be found in the Sun ONE Identity Server Administration Guide.
    2. Copy the encrypted password as the value for the iplanet-am-auth-ldap-bind-passwd in the XML file (serviceAddMultipleLDAPConfigurationRequests.xml) created in Step 1. The XML file contains a template for creating the second LDAP DN.
    3. Modify the data XML file accordingly so that the relevant details are provided for the 2nd ldap server (bind dn search base etc) and load this into the portal directory using the amadmin command line tool as follows from the /opt/SUNWam/bin directory
    ./amadmin -u amadmin -w administrator_password -v -t serviceAddMultipleLDAPConfigurationRequests.xml
    If the imported xml values are incorrect delete and reload the imported xml data using amadmin command tool. Alternatively you can modify the ldap data directly on the primary identity server (ldap server) using a client browser though this method is not supported .
    You should be able to see new imported values for the second ldap server at dn:ou=subconfig1,ou=default,ou=OrganizationConfig,ou=1.0,ou=iPlanetAMAuthLDAP
    Service,ou=services,ou=ORG,o=lgaq.qld.gov.au on the primary ldap server (where ORG is the organisation you wanted to add the second DN).

  • Package 'bind' for Oracle VM 2.2.2

    Hi All,
    Am very new to using the virtualization provided by Oracle.
    I have installed Oracle VM Server 2.2.2. My guest creation using a template fails with the error message below. The deploy.sh script has a series of steps that tar and then create the virtual guest.
    [root@OEL seed_pool]# ./deploy.sh
    chown: `named:named': invalid user
    error reading information on service named: No such file or directory
    error reading information on service named: No such file or directory
    error reading information on service named: No such file or directory
    I was asked to install BIND package for VM Server 2.2.2. I tried installing the bind package from OEL5 Update 3 [bind-9.3.4-10.P1.el5.x86_64.rpm]. However it failed with a lot of dependencies errors when i run it in VM Server 2.2.2 (rpm -ivh bind-9.3.4-10.P1.el5.x86_64.rpm)
    In VM Server 2.2.2, rpm -qa bind* gives the below output:
    bind-libs-9.3.4-10.P1.el5_3.3
    bind-utils-9.3.4-10.P1.el5_3.3
    From where can i get the correct 'bind' package for VM Server 2.2.2?
    Regards,
    Naren

    fuzzydba wrote:
    My guest creation using a template fails with the error message below. The deploy.sh script has a series of steps that tar and then create the virtual guest.What template is this? You should be creating guests using Oracle VM Manager, which would not require any non-Oracle VM packages. There is no bind package for Oracle VM, as you would never run a DNS server in Dom0.

  • IOS LDAP authenication against sAMAccountName

    Hi,
    I'm running a 881 with c880data-universalk9-mz.151-3.T.bin and now I'm trying to enable LDAP authentication. This works but it only allows me to authenticate against the full CN (like CN=Firstname Lastname). But I would like to authenticate againt the sAMAccountName since this is the same username the users are using in Windows.
    This is my config:
    ldap server dc01
    ipv4 10.10.250.111
    bind authenticate root-dn CN=LDAPReader,CN=Room,DC=customer,DC=local password 7 encrpasswordhere
    base-dn OU=Room,OU=Users,DC=customer,DC=local
    search-filter user-object-type *
    Any idea on how to do this?
    Thanks!
    Regards,
    Armand.

    Hi Anisha,
    I've just removed the search-filter user-object-type * line and added the search-filter user-object-type sAMAccountName line. Then I've performed a debug ldap all:
    001356: Apr  5 10:20:13.608 CET: LDAP: LDAP: Queuing AAA request 79 for processing
    001357: Apr  5 10:20:13.608 CET: LDAP: Received queue event, new AAA request
    001358: Apr  5 10:20:13.608 CET: LDAP: LDAP authentication request
    001359: Apr  5 10:20:13.608 CET: LDAP: Attempting first  next available LDAP server
    001360: Apr  5 10:20:13.608 CET: LDAP: Got next LDAP server :dc01
    001361: Apr  5 10:20:13.608 CET: LDAP: Server connection not up. Current state DOWN
    001362: Apr  5 10:20:13.608 CET: LDAP: No servers left in LDAP server-group. Perform method failover
    001363: Apr  5 10:20:13.608 CET: LDAP: Failed to send request. No more LDAP servers left.
    001364: Apr  5 10:20:13.608 CET: LDAP: Performing method failover
    001365: Apr  5 10:20:19.184 CET: LDAP: Received timer event
    001366: Apr  5 10:20:19.184 CET: LDAP: Connection timeout occured. Retrying
    001367: Apr  5 10:20:19.184 CET: LDAP: Opening ldap connection ( 10.10.250.111, 389 )ldap_open
    ldap_init libldap 4.5 18-FEB-2000
    open_ldap_connection
    ldap_connect_to_host: 10.10.250.111:389
    001368: Apr  5 10:20:19.184 CET: LDAP: socket 0 - connecting to 10.10.250.111 (389)
    001369: Apr  5 10:20:19.184 CET: LDAP: socket 0 - connection in progress
    001370: Apr  5 10:20:19.184 CET: LDAP: socket 0 - local address 10.10.250.254 (51705)
    001371: Apr  5 10:20:19.184 CET: LDAP: Connection on socket 0
    001372: Apr  5 10:20:19.184 CET: LDAP: Connection to LDAP server (dc01, 10.10.250.111) attempted
    001373: Apr  5 10:20:19.184 CET: LDAP: Connection state: DOWN => CONNECTING
    001374: Apr  5 10:20:19.184 CET: LDAP: Received socket event
    001375: Apr  5 10:20:19.184 CET: LDAP: Checking the conn status
    001376: Apr  5 10:20:19.184 CET: LDAP: Socket read event socket=0
    001377: Apr  5 10:20:19.184 CET: LDAP: Found socket ctx
    001378: Apr  5 10:20:19.184 CET: LDAP: Making socket conn up
    001379: Apr  5 10:20:19.184 CET: LDAP: Notify the protocol codeldap_open successful
    Notify LDAP main if it has to initiate any bind requests
    001380: Apr  5 10:20:19.184 CET: LDAP: Protocol received transport up notication
    001381: Apr  5 10:20:19.184 CET: LDAP: Connection state: CONNECTING => UP
    001382: Apr  5 10:20:19.184 CET: LDAP: Set socket=0 to non blocking mode
    001383: Apr  5 10:20:19.184 CET: LDAP: Performing Root-Dn bind operationldap_req_encode
    Doing socket write
    001384: Apr  5 10:20:19.188 CET: LDAP: Root Bind on CN=LDAPReader,CN=Room,DC=customer,DC=local initiated.
    001385: Apr  5 10:20:19.188 CET: LDAP: Received socket event
    001386: Apr  5 10:20:19.684 CET: LDAP: Received socket event
    001387: Apr  5 10:20:19.684 CET: LDAP: Checking the conn status
    001388: Apr  5 10:20:19.684 CET: LDAP: Socket read event socket=0
    001389: Apr  5 10:20:19.684 CET: LDAP: Found socket ctx
    001390: Apr  5 10:20:19.684 CET: LDAP: Receive event: read=1, errno=9 (Bad file number)
    001391: Apr  5 10:20:19.684 CET: LDAP: Passing the client ctx=87179024ldap_result
    wait4msg (timeout 0 sec, 1 usec)
    ldap_select_fd_wait (select)
    ldap_read_activity lc 0x86A7DB08
    Doing socket read
    LDAP-TCP:Bytes read = 22
    ldap_match_request succeeded for msgid 1 h 0
    changing lr 0x85034958 to COMPLETE as no continuations
    removing request 0x85034958 from list as lm 0x8715A3F8 all 0
    ldap_msgfree
    ldap_msgfree
    001392: Apr  5 10:20:19.688 CET: LDAP: LDAP Messages to be processed: 1
    001393: Apr  5 10:20:19.688 CET: LDAP: LDAP Message type: 97
    001394: Apr  5 10:20:19.688 CET: LDAP: Got ldap transaction context from reqid 26ldap_parse_result
    001395: Apr  5 10:20:19.688 CET: LDAP: resultCode:    0     (Success)
    001396: Apr  5 10:20:19.688 CET: LDAP: Received Bind Response
    001397: Apr  5 10:20:19.688 CET: LDAP: Received Root Bind Response ldap_parse_result
    001398: Apr  5 10:20:19.688 CET: LDAP: Ldap Result Msg: SUCCESS, Result code =0
    001399: Apr  5 10:20:19.688 CET: LDAP: Root DN bind Successful on :CN=LDAPReader,CN=Room,DC=Customer,DC=local
    001400: Apr  5 10:20:19.688 CET: LDAP: Transaction context removed from list [ldap reqid=26]ldap_msgfree
    ldap_result
    wait4msg (timeout 0 sec, 1 usec)
    ldap_select_fd_wait (select)
    ldap_err2string
    001401: Apr  5 10:20:19.688 CET: LDAP: Finished processing ldap msg, Result:Success
    001402: Apr  5 10:20:19.688 CET: LDAP: Received socket event
    001403: Apr  5 10:20:33.832 CET: LDAP: LDAP: Queuing AAA request 79 for processing
    001404: Apr  5 10:20:33.832 CET: LDAP: Received queue event, new AAA request
    001405: Apr  5 10:20:33.832 CET: LDAP: LDAP authentication request
    001406: Apr  5 10:20:33.832 CET: LDAP: Attempting first  next available LDAP server
    001407: Apr  5 10:20:33.832 CET: LDAP: Got next LDAP server :dc01
    001408: Apr  5 10:20:33.832 CET: LDAP: First Task: Send search req
    001409: Apr  5 10:20:33.832 CET: LDAP: Check the default map for aaa type=username
    001410: Apr  5 10:20:33.832 CET: LDAP: Ldap Search Req sent
                        ld          2266468388
                        base dn     OU=Lokaal10,OU=Room,DC=customer,DC=local
                        scope       2
                        filter      (&(objectclass=sAMAccountName)(cn=armandputs))ldap_req_encode
    put_filter "(&(objectclass=sAMAccountName)(cn=armandputs))"
    put_filter: AND
    put_filter_list "(objectclass=sAMAccountName)(cn=armandputs)"
    put_filter "(objectclass=sAMAccountName)"
    put_filter: simple
    put_filter "(cn=armandputs)"
    put_filter: simple
    Doing socket write
    001411: Apr  5 10:20:33.836 CET: LDAP:  LDAP search request sent successfully (reqid:27)
    001412: Apr  5 10:20:33.836 CET: LDAP: Sent the LDAP request to server
    001413: Apr  5 10:20:34.344 CET: LDAP: Received socket event
    001414: Apr  5 10:20:34.344 CET: LDAP: Checking the conn status
    001415: Apr  5 10:20:34.344 CET: LDAP: Socket read event socket=0
    001416: Apr  5 10:20:34.344 CET: LDAP: Found socket ctx
    001417: Apr  5 10:20:34.344 CET: LDAP: Receive event: read=1, errno=9 (Bad file number)
    001418: Apr  5 10:20:34.344 CET: LDAP: Passing the client ctx=87179024ldap_result
    wait4msg (timeout 0 sec, 1 usec)
    ldap_select_fd_wait (select)
    ldap_read_activity lc 0x86A7DB08
    Doing socket read
    LDAP-TCP:Bytes read = 22
    ldap_match_request succeeded for msgid 2 h 0
    changing lr 0x85034958 to COMPLETE as no continuations
    removing request 0x85034958 from list as lm 0x8715A3F8 all 0
    ldap_msgfree
    ldap_msgfree
    001419: Apr  5 10:20:34.348 CET: LDAP: LDAP Messages to be processed: 1
    001420: Apr  5 10:20:34.348 CET: LDAP: LDAP Message type: 101
    001421: Apr  5 10:20:34.348 CET: LDAP: Got ldap transaction context from reqid 27ldap_parse_result
    001422: Apr  5 10:20:34.348 CET: LDAP: resultCode:    0     (Success)
    001423: Apr  5 10:20:34.348 CET: LDAP: Received Search Response resultldap_parse_result
    001424: Apr  5 10:20:34.348 CET: LDAP: Ldap Result Msg: SUCCESS, Result code =0
    001425: Apr  5 10:20:34.348 CET: LDAP: Failed to get any search entries ldap_msgfree
    001426: Apr  5 10:20:34.348 CET: LDAP: Closing transaction and reporting error to AAA
    001427: Apr  5 10:20:34.348 CET: LDAP: Transaction context removed from list [ldap reqid=27]
    001428: Apr  5 10:20:34.348 CET: LDAP: Notifying AAA: REQUEST FAILED
    001429: Apr  5 10:20:34.348 CET: LDAP: Received socket event
    I'm not really good at AD but "armandputs" is my sAMAccountName in the AD. My CN=Armand Puts in the AD.So there is still something going wrong. Any idea's?
    Thanks!

Maybe you are looking for