LDAP server and replica's
Hi all,
Do I need a replica on an OES11 server for a non anonymous LDAP query? At this moment we have four OES2 SP1 servers with replica's on it. One master on server A and three read-write replica's on server B, C and D. A couple of weeks ago we installed an OES11 server, server E, in the same tree but without a replica. If I start a LDAP browser and connect anonymous to server E, I can browse the tree, so LDAP is functionin, but if I connect with username (cn= etc.) and password I got a LDAP error 13.
Any ideas?
regards,
mark
Follow the error message. LDAP error 13 is 'Confidentiality Required'
which means that you cannot bind without using SSL or STARTTLS. Basically
the server is rejecting your bind attempt because you're sending
credentials over the wire without encryption. This is controlled on the
LDAP Group (or maybe Server, but I think Group) object for this server in
eDirectory. The best way around it, though, is to use SSL or the STARTTLS
functionality so that you're not sending credentials across the wire
without protection.
Good luck.
Similar Messages
-
How to query LDAP server and get DB Service names?
Hi, before making a connection to an Oracle database, if i want to get list of Databases available,
i could use OracleClientFactory (and CreateDataSourceEnumerator and GetDataSources) to get list of tnsnames from the local tnsnames.ora file
Now, if i instead want to query the LDAP server with a given context and get the DB Service list,
how can i do that using ODP.NET?
I am using Visual Studio C# 2010 and ODP.NET 11.2
Thanks,
-srinivas yelamanchiliThe oracle client has an ldap.ora file, how can I use ODP.NET to read the ldap.ora file and get list of oracle instances available?
Thanks,
-sri -
How do we install LDAP server and configure ?..
How to configure LDAP server...
You'll have more luck in the forum for LDAP: Oracle Unified Directory (OUD) & Oracle Directory Server Enterprise Edition/Sun DSEE
I suggest that you also include more information in your posts about what you've already tried to do and why it doesn't seem to be working. Simply asking "how to configure LDAP" isn't going to elicit many responses....You need to show you've actually attempted it yourself.
Also, you'll always want to include the versions of the software you're using. -
Adding namespace server and replicating folder structure
Not sure if this is the correct forum. @mod, please redirect if applicable.
When adding a second or subsequent Namespace server to a DFS Root, how is the virtual folderstructure replicated when that server is added?
The folder-targets are stored in AD under the System container. However, folders (to create a sensible hierarchy) are not stored in AD. Where do they come from when a new Namespace server is added ?
Regards, MarcelTo answer your first question go to the link below.
Overview of DFS Replication:
http://msdn.microsoft.com/en-us/library/cc771058.aspx
As for your second question review the answer below.
Stand-alone and domain-based DFS namespace servers store DFS-related information in the registry. All namespace servers also store a copy of the namespace structure on a local volume on the server in DFS root folders and link folders as follows.
Does this answer your questions?
Reference used:
DFS Namespaces: Frequently Asked Questions
http://technet.microsoft.com/en-us/library/ee404780(v=ws.10).aspx -
Messaging server and external LDAP user store
Is it possible to have an external LDAP application store all user information and then have the messaging server authenticate against it and create a mail profile in it's own LDAP instance, similar to the way portal handles LDAP users? If not, what is the best way to store user information outside of the mail server instance? Create an LDAP instance and extend the schema to support the mail classes and then use replication to push the users into the mail servers directory instance?
Correct, extending the schema on the master directory server and replicating down to the messaging server ldap instance the user info is the way to go.
This way you do not have to maintain two different sets of user data.
-Chris -
Portal and Netscape LDAP server integration
Hi,
I am trying to integrate Netscape LDAP server (6.0) with portal server 7, but
having lots of trouble doing that.
I've followed the instructions in the developer guide and completed the following
steps:
1. added a CustomRealm named defaultLDAPRealmForNetscapeDirectoryServer in config.xml
and modified the entries to fit my environment.
2. Deployed ldapprofile.jar and customized the env variables.
After these two steps, nothing happened. Then I did the third step:
3. added a iPlanet Authenticator to the realm CompatibilityRealm, which is my
default realm for the server.
However, after step 3, I wasn't able to boot weblogic server. Please note I have
create two users, system and weblogic in my LDAP server.
I copied the stack trace below. Any suggestions will be greatly appreciated.
Weiguo
C:\prog\bea\user_projects\portalDemoDomain>"C:\prog\bea\jdk131_03\bin\java" -hotspot
-Xms128m -Xmx128m -XX:MaxPermSize=128m -Dcommerce.properties="C:\prog\bea\weblogic700\portal\weblogiccommerce.properties"
-Dweblogic.Name=portalDemoServer
-Dbea.home="C:\prog\bea" -Dweblogic.management.username= -Dweblogic.management.p
assword= -Dweblogic.ProductionModeEnabled=true -Dweblogic.management.discover=fa
lse -Djava.security.policy=="C:\prog\bea\weblogic700\server\lib\weblogic.policy"
weblogic.Server
<Nov 4, 2002 1:18:45 PM EST> <Info> <Security> <090065> <Getting boot identity
from user.>
Enter username to boot WebLogic server:weblogic
Enter password to boot WebLogic server:
Starting WebLogic Server...
<Nov 4, 2002 1:19:06 PM EST> <Notice> <Management> <140005> <Loading configuration
C:\prog\bea\user_projects\portalDemoDomain\.\config.xml>
<Nov 4, 2002 1:19:21 PM EST> <Notice> <Security> <090093> <No configuration data
was found on server portalDemoServer for realm CompatibilityRealm.>
<Nov 4, 2002 1:19:21 PM EST> <Notice> <Security> <090082> <Security initializing
using realm CompatibilityRealm.>
<Nov 4, 2002 1:19:21 PM EST> <Critical> <WebLogicServer> <000364> <Server failed
during initialization. Exception:java.lang.SecurityException: Authentication for
user weblogic denied
java.lang.SecurityException: Authentication for user weblogic denied at
weblogic.security.service.SecurityServiceManager.doBootAuthorization(
SecurityServiceManager.java:1028)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
erviceManager.java:1166)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:697)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:589)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:277)
at weblogic.Server.main(Server.java:32)
>
<Nov 4, 2002 1:19:21 PM EST> <Emergency> <WebLogicServer> <000342> <Unable to
in
itialize the server: Fatal initialization exception
Throwable: java.lang.SecurityException: Authentication for user weblogic denied
java.lang.SecurityException: Authentication for user weblogic denied
at weblogic.security.service.SecurityServiceManager.doBootAuthorization(
SecurityServiceManager.java:1028)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
erviceManager.java:1166)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:697)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:589)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:277)
at weblogic.Server.main(Server.java:32)
>
The WebLogic Server did not start up properly.
Exception raised:
java.lang.SecurityException: Authentication for user weblogic denied
at weblogic.security.service.SecurityServiceManager.doBootAuthorization(
SecurityServiceManager.java:1028)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
erviceManager.java:1166)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:697)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:589)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:277)
at weblogic.Server.main(Server.java:32)
Reason: Fatal initialization exception
Throwable: java.lang.SecurityException: Authentication for user weblogic denied
java.lang.SecurityException: Authentication for user weblogic denied
at weblogic.security.service.SecurityServiceManager.doBootAuthorization(
SecurityServiceManager.java:1028)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
erviceManager.java:1166)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:697)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:589)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:277)
at weblogic.Server.main(Server.java:32)Thanks a lot Scott. I followed your instructions and got it working to a certain
degree. I am pretty happy about the results.
There are still a few issues:
1. I had to create groups and users in my directory server in order to boot up
and logon to the server. This is expected, but is it possible to export these
user/group settings from the embedded LDAP server so that I can import them into
my directory server? Currently, the only way is manual and it's error prone. A
lot of trial and error has to happen to get there.
2. It seems that using Netscape LDAP server only allows read-only access. This
means we have to create new users/groups outside of the portal server and one
other side effect is self-registration is impossible, unless we use custom security
providers. Is this assessment correct? Since LDAP integration is so important,
wouldn't it be nice if BEA have that built-in and all we need to do is to switch
to and configure it?
3. I got duplicate users and groups in compatibility security. Obviously, one
set is from my LDAP server and the other is from the embedded one. I tried to
remove to embedded LDAP authenticator, but the duplicates are still there. How
can I get rid of the duplicates - I only want the ones from my LDAP server?
Thanks again Scott.
Weiguo
Scott Dunbar <[email protected]> wrote:
Weiguo,
WLP 7.0 uses a compatibility realm only and will not work with the
custom realm that you created for the Netscape directory server.
Configuring an LDAP compatibility realm isn't too bad and its
configuration is much like 4.0. However, it can be hard to configure
initially from the console. One way is to shut your server down and
modify config.xml directly - but make sure you make a backup copy first!
Then add something like:
<CachingRealm BasicRealm="myRealm" CacheCaseSensitive="true"
Name="wlcsCachingRealm"/>
<CustomRealm
ConfigurationData="user.filter=(&(uid=%u)(objectclass=person));
user.dn=ou=people,dc=beasys,dc=com;
server.principal=uid=dirmanager,ou=people,dc=beasys,dc=com;
membership.filter=(&(uniquemember=%M)(objectclass=groupofuniquenames));
group.filter=(&(cn=%g)(objectclass=groupofuniquenames));
server.host=somehost.beasys.com;
group.dn=ou=groups,dc=beasys,dc=com"
Name="myRealm" Password="your_password_here"
RealmClassName="weblogic.security.ldaprealmv2.LDAPRealm"/>
will enable your LDAP server. After this is setup it will be much
easier to configure via the console. Obviously you'll need to update
the parameters above for your configuration.
Weiguo Wang wrote:
Hi,
I am trying to integrate Netscape LDAP server (6.0) with portal server7, but
having lots of trouble doing that.
I've followed the instructions in the developer guide and completedthe following
steps:
1. added a CustomRealm named defaultLDAPRealmForNetscapeDirectoryServerin config.xml
and modified the entries to fit my environment.
2. Deployed ldapprofile.jar and customized the env variables.
After these two steps, nothing happened. Then I did the third step:
3. added a iPlanet Authenticator to the realm CompatibilityRealm, whichis my
default realm for the server.
However, after step 3, I wasn't able to boot weblogic server. Pleasenote I have
create two users, system and weblogic in my LDAP server.
I copied the stack trace below. Any suggestions will be greatly appreciated.
Weiguo
C:\prog\bea\user_projects\portalDemoDomain>"C:\prog\bea\jdk131_03\bin\java"-hotspot
-Xms128m -Xmx128m -XX:MaxPermSize=128m -Dcommerce.properties="C:\prog\bea\weblogic700\portal\weblogiccommerce.properties"
-Dweblogic.Name=portalDemoServer
-Dbea.home="C:\prog\bea" -Dweblogic.management.username= -Dweblogic.management.p
assword= -Dweblogic.ProductionModeEnabled=true -Dweblogic.management.discover=fa
lse -Djava.security.policy=="C:\prog\bea\weblogic700\server\lib\weblogic.policy"
weblogic.Server
<Nov 4, 2002 1:18:45 PM EST> <Info> <Security> <090065> <Getting bootidentity
from user.>
Enter username to boot WebLogic server:weblogic
Enter password to boot WebLogic server:
Starting WebLogic Server...
<Nov 4, 2002 1:19:06 PM EST> <Notice> <Management> <140005> <Loadingconfiguration
C:\prog\bea\user_projects\portalDemoDomain\.\config.xml>
<Nov 4, 2002 1:19:21 PM EST> <Notice> <Security> <090093> <No configurationdata
was found on server portalDemoServer for realm CompatibilityRealm.>
<Nov 4, 2002 1:19:21 PM EST> <Notice> <Security> <090082> <Securityinitializing
using realm CompatibilityRealm.>
<Nov 4, 2002 1:19:21 PM EST> <Critical> <WebLogicServer> <000364> <Serverfailed
during initialization. Exception:java.lang.SecurityException: Authenticationfor
user weblogic denied
java.lang.SecurityException: Authentication for user weblogic deniedat
weblogic.security.service.SecurityServiceManager.doBootAuthorization(
SecurityServiceManager.java:1028)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
erviceManager.java:1166)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:697)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:589)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:277)
at weblogic.Server.main(Server.java:32)
<Nov 4, 2002 1:19:21 PM EST> <Emergency> <WebLogicServer> <000342><Unable to
in
itialize the server: Fatal initialization exception
Throwable: java.lang.SecurityException: Authentication for user weblogicdenied
java.lang.SecurityException: Authentication for user weblogic denied
at weblogic.security.service.SecurityServiceManager.doBootAuthorization(
SecurityServiceManager.java:1028)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
erviceManager.java:1166)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:697)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:589)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:277)
at weblogic.Server.main(Server.java:32)
The WebLogic Server did not start up properly.
Exception raised:
java.lang.SecurityException: Authentication for user weblogic denied
at weblogic.security.service.SecurityServiceManager.doBootAuthorization(
SecurityServiceManager.java:1028)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
erviceManager.java:1166)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:697)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:589)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:277)
at weblogic.Server.main(Server.java:32)
Reason: Fatal initialization exception
Throwable: java.lang.SecurityException: Authentication for user weblogicdenied
java.lang.SecurityException: Authentication for user weblogic denied
at weblogic.security.service.SecurityServiceManager.doBootAuthorization(
SecurityServiceManager.java:1028)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
erviceManager.java:1166)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:697)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:589)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:277)
at weblogic.Server.main(Server.java:32)
scott dunbar bea systems,
inc.
[email protected] boulder, co
303 998 2125 usa -
Portal 7 and embedded LDAP server
I searched for this on support but nothing much came up on Portal 7, so here
goes:
We're thinking of moving to LDAP for user authentication. LDAP 2 is
supported by the current Portal. What LDAP version is supported by the
embedded LDAP server that comes with WLS? Can I convert sooner or later?
Do I have to wait on something?
Should I put off putting my users into LDAP 2 (OpenLDAP) or wait and use the
embedded LDAP?
Thanks,
SteveTure,
Can use LDAP for UUP without using it for authentication/authorization? If so,
how, or at least can you kindly point to a document that descrips how?
Thanks
Ture Hoefner <[email protected]> wrote:
Hello Steve,
I think you may be confusing the LDAP v2 specification with the WLS
6.x, 7.x
V2 LdapRealm. The "V2" in "V2 LdapRealm" does not have anything to do
with the
LDAP v2 spec. It is just version 2 of the LdapRealm (
http://e-docs.bea.com/wls/docs70/secmanage/security6.html#1071872 )
Portal
doesn't really care which LDAP server you are using (and it works with
both the
original LdapRealm and the V2 LdapRealm).
When using Portal with LDAP, there are three things you can use it
for:
1) authentication/authorization, using WLS security framework, and/or
2) read-only Unified User Profile (UUP) via LdapPropertyManager in
ldapprofile.jar to get user properties from LDAP, and/or
3) read/write UUP via your own custom EntityPropertyManager to get/set
user
properties from LDAP.
If you are using LDAP for authentication/authorization, then just follow
instructions from WLS for configuring it. Your Portal app is a J2EE
app that
will use this service from your WLS app server.
If you are using LDAP for a UUP then it doesn't really matter which LDAP
server
you use, as long as it really follows the LDAP spec. Portal just uses
JNDI to
search for attributes in the LDAP server and provides them to you as
user
properties.
Steve Lewis wrote:
I searched for this on support but nothing much came up on Portal 7,so here
goes:
We're thinking of moving to LDAP for user authentication. LDAP 2 is
supported by the current Portal. What LDAP version is supported bythe
embedded LDAP server that comes with WLS? Can I convert sooner orlater?
Do I have to wait on something?
Should I put off putting my users into LDAP 2 (OpenLDAP) or wait anduse the
embedded LDAP?
Thanks,
Steve--
Ture Hoefner
BEA Systems, Inc.
4001 Discovery Drive
Suite 340
Boulder, CO 80303
www.bea.com -
Embedded LDAP Server Replication
Hi,
I am new to weblogic, and trying to figure out how the master LDAP server, maintained in the domain’s Administration Server, is replicated to Managed Server in the domain.
I recently installed weblogic and during testing found that, user login to deployed application is denied, if Administrator Server is down.
According to this document: http://docs.oracle.com/cd/E12840_01/wls/docs103/secmanage/ldap.html
I understand that each Managed Server maintains a copy of LDAP server and user authentication can be taken care by this in the absence of Administrator server.
However it's not happening.
Do I have to make any configuration changes? Any pointers on this will be appriciated.
Error Message:
An invalid User Name or Password was entered
Thank You,
DeepakEnsure that the managed server is running with "Managed Server Independence Enabled" flag checked.
It can be checked on console via Environment --> Servers --> <ServerName> --> Configuration --> Tuning
For more information, please check
http://docs.oracle.com/cd/E14571_01/web.1111/e13708/failures.htm#START169
The above flag is required for the managed server to use the local LDAP repository.
Arun -
I've two ldap server and replication.
messaging server v6.0 show error messages after start the start-msg command.
What is the below error message mean ?
Could you suggest me how to start the messaging server without error messages.
1. run configutil -o local.ugldaphost -v "mail.domain.com ldap2.domain.com"
2. run configutil -o local.ugldapuselocal -v yes
3. run configutil -o local.ldaphost -v "mail.domain.com ldap2.domain.com"
error messages
# start-msg
[21/Mar/2004:12:03:32 +0700] mail [12167]: General Warning: could not get server configuration in ldap, using cached configuration information
[21/Mar/2004:12:03:32 +0700] mail [12168]: General Warning: could not get server configuration in ldap, using cached configuration information
Connecting to watcher ...
Launching watcher ...
ens is running already
store is running already
imap is running already
pop is running already
http is running already
sched is running already
dispatcher is running already
Starting job_controller server ....[21/Mar/2004:12:03:32 +0700] mail [12170]: General Warning: could not get server configuration in ldap, using cached configuration information
12170Your error indicates that your step 3 was not the correct thing to do.
local.ldaphost
is for the "configuration" ldap server. If you've not replicated/duplicated the o=NetscapeRoot tree from your originally installed LDAP server, then the server is rightly complaining that it can't get its' config information from the failed over ldap server. -
Change Groupwise LDAP Server Settings
Hi,
When Groupwise was installed (many moons ago) I remember a dialog whereby it requested an LDAP server and needed this to install the domain and post office. We used a replica server for this information (IP address).
We now wish to retire the server that it points to (it was not using a DNS name at that time unfortunately).
Can anybody advise how we make this change - it is in Console One somewhere or in a config file. When we turn off the edir server that was used, it stop Groupwise from working (locks out users). I am assuming it is a setting somewhere that can be changed?
Many thanks in advance,Hi,
On 20.08.2012 17:26, elagrew wrote:
>
> It would be good to know more details.
>
> What is the OS version you are working with? Are there any GW services
> on the server that is retiring? What is the version of GW? How many
> domains/POs are in your system?
>
> So you have GW passwords separate from your eDir password? Remember,
> there is a link between eDir and GW...especially with the older
> versions. Oft times if eDir is not working properly, neither will your
> GW work properly. so if you turn of the server and GW stops...it might
> have more to do with eDir than GW...
Groupwise doesn't care a single bit about eDir once it runs, *UNLESS* it
is *specifically* configured to use LDAP authentication, which this
system apparently isn't:
"Hi,
Connect to PRIDOM then Tools - Groupwse System Operations -> LDAP
Servers
At the moment this is blank (no entries)."
(From the OPs second post)
Also, the OP *specifically* stated that he's concerned about the LDAP
question that occured *during* the installation. The *only* question
about LDAP *during the install* is the one that the installer needs
*ONCE* to create the eDir objects. This is nowhere stored and never
again needed, it's for the install *only*.
At no point in time does the installer ask about LDAP authentication
settings for the PO or system, these *must* be configured after the fact
in ConsoleOne, and we know through above quote that it isn't.
Hence, there must be something else going on here. A 8F01 error too is
in no way eDir related, but it indicates a problem with TCP/IP or the
queues directories. You get this error for instance when the queue
directory of the agents isn't accessible.
This could indicate that possibly the queue directories of the PO
possibly reside remote on the switched-off server. Which would be a
truly unfortunate setup, but *is* possible.
Whatever, this is *not* an edir related problem, Groupwise doesn't need
eDir to run at all. It only needs it for administration, *or* for LDAP
authentication. Never ever anywhere else, and eDir malfunctioning does
not and can not influence GW.
CU,
Massimo Rosen
Novell Knowledge Partner
No emails please!
http://www.cfc-it.de -
Getting HTTP 500 Error When Trying To Authenticate Against LDAP Server (Active Directory)
Hello,
I am currently facing an issue when I try and use LDAP authentication in my Apex application as I am getting a HTTP 500 Internal Server Error message. For my authentication scheme I have used the pre-configured option of how to connect to an LDAP server and in my development environment this seems to be working fine but now I have deployed my application to our staging environment and I am getting the error. If I switch to the Application Express Authentication scheme then I don't get the error.
I've had a look at the log file on the server and I see I am getting this error:
[#|2015-03-31T16:19:11.254+0100|SEVERE|glassfish3.1.2|null|_ThreadID=21;_ThreadName=Thread-2;|JDBCException [kind=UNAVAILABLE]
at oracle.dbtools.common.jdbc.JDBCException.wrap(JDBCException.java:99)
at oracle.dbtools.common.config.db.DatabaseConfig.getConnection(DatabaseConfig.java:81)
at oracle.dbtools.common.jdbc.ora.OraPrincipal.connection(OraPrincipal.java:69)
at oracle.dbtools.apex.ModApexContext.getConnection(ModApexContext.java:372)
at oracle.dbtools.apex.OWA.getStatement(OWA.java:536)
at oracle.dbtools.apex.OWA.init(OWA.java:308)
at oracle.dbtools.apex.ModApex.doPost(ModApex.java:138)
at oracle.dbtools.apex.ModApex.service(ModApex.java:303)
at oracle.dbtools.rt.web.HttpEndpointBase.modApex(HttpEndpointBase.java:347)
at oracle.dbtools.rt.web.HttpEndpointBase.service(HttpEndpointBase.java:130)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:770)
at org.apache.catalina.core.StandardWrapper.service(StandardWrapper.java:1550)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:281)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:655)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:595)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:161)
at org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:331)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:231)
at com.sun.enterprise.v3.services.impl.ContainerMapper$AdapterCallable.call(ContainerMapper.java:317)
at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:195)
at com.sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:860)
at com.sun.grizzly.http.ProcessorTask.doProcess(ProcessorTask.java:757)
at com.sun.grizzly.http.ProcessorTask.process(ProcessorTask.java:1056)
at com.sun.grizzly.http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:229)
at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137)
at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104)
at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90)
at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79)
at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54)
at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59)
at com.sun.grizzly.ContextTask.run(ContextTask.java:71)
at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532)
at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513)
at java.lang.Thread.run(Thread.java:662)
Caused by: java.sql.SQLException: Exception occurred while getting connection: oracle.ucp.UniversalConnectionPoolException: All connections in the Universal Connection Pool are in use
at oracle.ucp.util.UCPErrorHandler.newSQLException(UCPErrorHandler.java:488)
at oracle.ucp.util.UCPErrorHandler.throwSQLException(UCPErrorHandler.java:163)
at oracle.ucp.jdbc.PoolDataSourceImpl.getConnection(PoolDataSourceImpl.java:928)
at oracle.ucp.jdbc.PoolDataSourceImpl.getConnection(PoolDataSourceImpl.java:863)
at oracle.ucp.jdbc.PoolDataSourceImpl.getConnection(PoolDataSourceImpl.java:855)
at oracle.dbtools.common.config.db.DatabaseConfig.getConnection(DatabaseConfig.java:71)
... 33 more
Caused by: oracle.ucp.UniversalConnectionPoolException: All connections in the Universal Connection Pool are in use
at oracle.ucp.util.UCPErrorHandler.newUniversalConnectionPoolException(UCPErrorHandler.java:368)
at oracle.ucp.util.UCPErrorHandler.throwUniversalConnectionPoolException(UCPErrorHandler.java:49)
at oracle.ucp.util.UCPErrorHandler.throwUniversalConnectionPoolException(UCPErrorHandler.java:80)
at oracle.ucp.util.UCPErrorHandler.throwUniversalConnectionPoolException(UCPErrorHandler.java:131)
at oracle.ucp.common.UniversalConnectionPoolImpl.borrowConnectionWithoutCountingRequests(UniversalConnectionPoolImpl.java:279)
at oracle.ucp.common.UniversalConnectionPoolImpl.borrowConnection(UniversalConnectionPoolImpl.java:142)
at oracle.ucp.jdbc.JDBCConnectionPool.borrowConnection(JDBCConnectionPool.java:157)
at oracle.ucp.jdbc.PoolDataSourceImpl.getConnection(PoolDataSourceImpl.java:916)
... 36 more
So it seems that every time I try and use LDAP I hit this error. Also after awhile I have to re-start the Apex Listener for that domain. I have came across this thread: LDAP Authentication Question but I am not sure if the user got the problem solved or not.
Our infrastructure is as follows:
Database: Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - 64bit
Apex Listener: 2.0.3.221.10.13
GlassFish Server Open Source Edition 3.1.2.2 (build 5)
If anybody has any idea what is causing this that would be great.
Cheers,
Paul.Hi Colm,
Thanks for getting back to me on this. I have downloaded and created a new ORDS server with 2.0.10 and while I don't get the error:
Exception occurred while getting connection: oracle.ucp.UniversalConnectionPoolException: All connections in the Universal Connection Pool are in use
I am now getting the following (I have turned on the logging)
No more data to read from socket java.sql.SQLRecoverableException: No more data to read from socket
at oracle.jdbc.driver.T4CMAREngine.unmarshalUB1(T4CMAREngine.java:1157) at oracle.jdbc.driver.T4CTTIfun.receive(T4CTTIfun.java:345)
at oracle.jdbc.driver.T4CTTIfun.doRPC(T4CTTIfun.java:223) at oracle.jdbc.driver.T4C8Oall.doOALL(T4C8Oall.java:531)
at oracle.jdbc.driver.T4CCallableStatement.doOall8(T4CCallableStatement.java:205)
at oracle.jdbc.driver.T4CCallableStatement.executeForRows(T4CCallableStatement.java:1043)
at oracle.jdbc.driver.OracleStatement.doExecuteWithTimeout(OracleStatement.java:1336)
at oracle.jdbc.driver.OraclePreparedStatement.executeInternal(OraclePreparedStatement.java:3612)
at oracle.jdbc.driver.OraclePreparedStatement.execute(OraclePreparedStatement.java:3713)
at oracle.jdbc.driver.OracleCallableStatement.execute(OracleCallableStatement.java:4755)
at oracle.jdbc.driver.OraclePreparedStatementWrapper.execute(OraclePreparedStatementWrapper.java:1378)
at sun.reflect.GeneratedMethodAccessor1991.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at oracle.ucp.jdbc.proxy.StatementProxyFactory.invoke(StatementProxyFactory.java:230)
at oracle.ucp.jdbc.proxy.PreparedStatementProxyFactory.invoke(PreparedStatementProxyFactory.java:124)
at oracle.ucp.jdbc.proxy.CallableStatementProxyFactory.invoke(CallableStatementProxyFactory.java:101)
at $Proxy432.execute(Unknown Source) at oracle.dbtools.apex.OWA.execute(OWA.java:145)
at oracle.dbtools.apex.ModApex.handleRequest(ModApex.java:201)
at oracle.dbtools.apex.ModApex.doPost(ModApex.java:152)
at oracle.dbtools.apex.ModApex.service(ModApex.java:303)
at oracle.dbtools.rt.web.HttpEndpointBase.modApex(HttpEndpointBase.java:350)
at oracle.dbtools.rt.web.HttpEndpointBase.service(HttpEndpointBase.java:132)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:770)
at org.apache.catalina.core.StandardWrapper.service(StandardWrapper.java:1550)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:281)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:655)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:595)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:161)
at org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:331)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:231)
at com.sun.enterprise.v3.services.impl.ContainerMapper$AdapterCallable.call(ContainerMapper.java:317)
at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:195)
at com.sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:860)
at com.sun.grizzly.http.ProcessorTask.doProcess(ProcessorTask.java:757)
at com.sun.grizzly.http.ProcessorTask.process(ProcessorTask.java:1056)
at com.sun.grizzly.http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:229)
at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137)
at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104)
at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90)
at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79)
at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54)
at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59)
at com.sun.grizzly.ContextTask.run(ContextTask.java:71)
at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532)
at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513)
at java.lang.Thread.run(Thread.java:662)
I cant see anything glaring that is causing this. I have also increased the Minimum Connections to 30 and Maximum Connections to 100 with the administration part of Configuring ORDS via SQL Developer and it still has no desired effect.
The application works fine in our Development and Testing Environment but since I have ported it over to our production instance I am unable to log into it using my Active Directory credentials.
Cheers,
Paul. -
Call to ldap server fails ORA-06521: PL/SQL: Error mapping function
I am getting this error(s)
ORA-06521: PL/SQL: Error mapping function
ORA-06512: at "SYS.DBMS_LDAP_API_FFI", line 0
ORA-06512: at "SYS.DBMS_LDAP", line 1338
ORA-06512: at "SYS.DBMS_LDAP", line 1273
ORA-06512: at "SYS.DBMS_LDAP", line 529
ORA-06512: at line 127
after binding and searching an ldap directory.
Line 127 is:
my_dn := DBMS_LDAP.get_dn(my_session, my_entry);
Both of the 'my_xx' parameters have been successfully set earlier in the script I believe as they produce no errors and DBMS_LDAP.count_entries(my_session, my_message) returns = 1.
I am following the example at:
http://download-west.oracle.com/docs/cd/B10501_01/network.920/a96577/smplcode.htm#636994
In fact any of the functions used in the 'while loop' in the above example give a similar error.
Apparently SYS.DBMS_LDAP_API_FFI is a call to an external C program, but this would be a standard Oracle one, not one I have written.
I am connecting to a non-Oracle ldap server, and have tried several (OpenLDAP 2.X, & Windows 2000 AD), with same results.
Any suggestions gratefully received.
Cheers
KIMFixed by running the catldap.sql script (ORACLE_HOME/rdbms/admin/catldap.sql) as SYS user and recreated the dbms_ldap packages. I am not sure why some of the functions worked OK and others did not.
KIM -
Why can't I get my Mac to like the LDAP server?
On Monday I started hammering away at getting the LDAP server setup on the Linux server with openldap. I was able to get a test Mac running Leopard to see the LDAP server and the accounts. The next battle was to get home directories to mount under /home. I was about to do that after finding a working ldif example using automaster and autohome. After that I was able to get the Public share automatically mounted on /Network/Public. Wonderful!
Tuesday I came in thinking that the next battle would be with Samba. Unfortunately, somewhere in powering off the Mac and rebooting it, I lost all the share mounting! It still sees the accounts, but it absolutely will not see the mounts. In trying to figure it out I have wiped the LDAP database and restarted it, I have wiped the test Mac twice, I have made sure the Mac is running the latest updates, and still nothing.
If I go into dscl this is now what I see:
ls Automount/
Record Name Unknown
Record Name Unknown
ls AutomountMap/
Record Name Unknown
Record Name Unknown
cat Mounts/10.110.1.1:\/share\/public/
dsAttrTypeNative:cn: 10.110.1.1:/share/public
dsAttrTypeNative:objectClass: mount top
AppleMetaNodeLocation: /LDAPv3/10.110.1.1
RecordName: 10.110.1.1:/share/public
RecordType: dsRecTypeStandard:Mounts
On the LDAP server, the records look like:
dn: automountMapName=auto_master,ou=mounts,dc=example,dc=com
automountMapName: auto_master
objectClass: top
objectClass: automountMap
dn: automountKey=/home,automountMapName=auto_master,ou=mounts,dc=example,dc=com
objectClass: top
objectClass: automount
automountKey: /home
automountInformation: auto_home
dn: automountMapName=auto_home,ou=mounts,dc=example,dc=com
automountMapName: auto_home
objectClass: top
objectClass: automountMap
dn: automountKey=*,automountMapName=auto_home,ou=mounts,dc=example,dc=com
objectClass: top
objectClass: automount
automountKey: *
automountInformation: 10.110.1.1:/home/&
dn: cn=10.110.1.1:/share/public,ou=mounts,dc=example,dc=com
mountDirectory: /Network/Public
objectClass: mount
objectClass: top
mountType: nfs
cn: 10.110.1.1:/share/public
It looks like for some reason it's either missing entries from the LDAP server, and/or it's ignoring some of the mapping and leaving them out. The Mounts entry is missing the VFSLinkDir which maps to mountDirectory. The Automount stuff is missing the RecordName which maps to automountKey and automountMapName.
What the heck happened? Why does the Mac refuse to see the LDAP server the way it did on Monday?I am having something similar going on and can't sort out what it is doing:
ldiffs:
dn: automountMapName=auto_master,dc=example,dc=edu
objectClass: top
objectClass: automountMap
automountMapName: auto_master
dn: automountKey=/foo,automountMapName=auto_master,ou=Mounts,dc=soe,dc=ucsc,
dc=edu
objectClass: automount
automountKey: /foo
automountInformation: auto.foo,dc=example,dc=edu -rw,resvport,
hard,intr,nosuid,tcp
Second one:
dn: automountMapName=auto.foo,dc=example,dc=edu
objectClass: top
objectClass: automountMap
automountMapName: auto.foo
dn: automountKey=tstaff,automountMapName=auto.foo,dc=example,dc=edu
objectClass: top
objectClass: automount
automountInformation: fileserver:/export/foo/tstaff
automountKey: tstaff
9/25/09 11:45:25 AM com.apple.automountd[1101] t0xb0289000 name=tstaff[] map=auto.foo,dc=example,dc=edu opts=rw,resvport,hard,intr,nosuid,tcp path=/foo direct=0
9/25/09 11:45:25 AM com.apple.automountd[1101] t0xb0289000 getmapent_ds called
9/25/09 11:45:25 AM com.apple.automountd[1101] t0xb0289000 getmapent_ds: key=[ tstaff ]
9/25/09 11:45:25 AM com.apple.automountd[1101] t0xb0289000 ds_match called
9/25/09 11:45:25 AM com.apple.automountd[1101] t0xb0289000 ds_match: key =[ tstaff ]
9/25/09 11:45:25 AM com.apple.automountd[1101] t0xb0289000 ds_match: Searching for tstaff,automountMapName=auto.foo,dc=example,dc=edu
9/25/09 11:45:25 AM automountd[1101] ds_search failed
exiting ...
It seems like it can't find the trigger point tstaff. It is looking for:
ds_match: Searching for tstaff,automountMapName=auto.foo,dc=example,dc=edu
which isn't what the DN is in ldap:
Distinguished Name: automountKey=tstaff,automountMapName=auto.foo,dc=example,dc=edu
any thoughts?
regards,
Derek -
Can I use LDAP server's authentication mechanism rather than comparing password ?
Hi All,
The weblogic security and adminguide says that the user authencation can be of
the following 3 types:
1. Bind specifies that the LDAP security realm
retrieves user data, including the password for
the LDAP server, and checks the password in
WebLogic Server.
2. External specifies that the LDAP security
realm authenticates a User by attempting to
bind to the LDAP server with the username
and password supplied by theWebLogic
Server client. If you choose the External
setting, you must also use the SSL protocol.
3. Local specifies that the LDAP security realm
authenticates a User by looking up the
UserPassword property in the LDAP directory
and checking it against the passwords in
WebLogic Server.
But say I want that my users should be authenticated by the LDAP server rather
than picking up the password from LDAP and comparing at weblogic end. Then what
should I do ?
Because no. 2 is applicable only for ssl certificates, no.1 and no.3 picks up
password using the login dn and password provided at the time of configuration
of realm and compare with password given by user.
And once gain there some issues on having picking up password and comparing it:
1. Netscape directory server can store the password in oneway hashed form(and
that is preferred , too). So when userpassword attribute is read , it's in one
way hashed form. So how the comparison will go on ?
2. Creating a user who has the access to user data along with userpassword attribute
itself is a security threat, as if someone can crack that user's dn and password
then he/she can do anything as userdata can be read.
Any suggestion is welcome.
TIA,
SudarsonThanks a lot Jerry.
I got these stuff from weblogic 6.1 docs sets security.pdf and adminguide.pdf.
I have another question, if that is the case (in Case of BIND), then why do we
a require a dn of user and password who has the access to read the entire directory
And at the same time, u specified this for Bind, what are the cases for other
two-local and external ? And then what is actually difference between Bind and
Local ?
Pls help me.
Thanks,
Sudarson
Jerry <[email protected]> wrote:
Hi Sudarson,
Whatever doc you were reading is at least partially incorrect, unfortunately...
I know for sure that when you specify BIND, weblogic sends the username/password
to your
LDAP server in an attempt to bind to it.
If the bind is successful, WLS determines that the username/password
pair were correct.
If the bind was unsuccessful, WLS determines that the username/password
pairing is not
valid.
At all times, WebLogic is letting the LDAP server do the actual compare
of
username/password. WLS does not, at any time, retrieve a password from
the LDAP server.
I hope this helps,
Joe Jerry
sudarson wrote:
Hi All,
The weblogic security and adminguide says that the user authencationcan be of
the following 3 types:
1. Bind specifies that the LDAP security realm
retrieves user data, including the password for
the LDAP server, and checks the password in
WebLogic Server.
2. External specifies that the LDAP security
realm authenticates a User by attempting to
bind to the LDAP server with the username
and password supplied by theWebLogic
Server client. If you choose the External
setting, you must also use the SSL protocol.
3. Local specifies that the LDAP security realm
authenticates a User by looking up the
UserPassword property in the LDAP directory
and checking it against the passwords in
WebLogic Server.
But say I want that my users should be authenticated by the LDAP serverrather
than picking up the password from LDAP and comparing at weblogic end.Then what
should I do ?
Because no. 2 is applicable only for ssl certificates, no.1 and no.3picks up
password using the login dn and password provided at the time of configuration
of realm and compare with password given by user.
And once gain there some issues on having picking up password and comparingit:
1. Netscape directory server can store the password in oneway hashedform(and
that is preferred , too). So when userpassword attribute is read ,it's in one
way hashed form. So how the comparison will go on ?
2. Creating a user who has the access to user data along with userpasswordattribute
itself is a security threat, as if someone can crack that user's dnand password
then he/she can do anything as userdata can be read.
Any suggestion is welcome.
TIA,
Sudarson -
Ldap server authentication for EAI domain
Hi everybody,
I have configured a new realm fot the security of the created EAI Domain and
made it default. In this realm, the authentication provider is the iPlanet LDAP
Server.
Now the booting is fine but then when I am starting the Weblogic Studio, it is
not getting authenticated and I keep getting the error :
<Nov 26, 2002 10:00:27 AM IST> <Error> <B2B> <000000> <<WLI-Security> ERROR: No
realm found.>
<Nov 26, 2002 10:00:27 AM IST> <Error> <B2B> <000000> <<WLI-Security> ERROR: Ini
tialization of WLI Authentication Service failed with exception java.lang.Runtim
eException: ERROR: No realm found..>
The error page obtained at studio is what is given as attachment.
Anybody having any info regarding the same - pl. do pass on.
Thanks and regards,
Ritwik
[wli-error.doc]Hello Ritwik,
it should for sure, but with this release WLI depends on the
compatibility realm.
Christian Plenagl
Developer Relations Engineer
BEA Support
"Ritwik" <[email protected]> wrote:
>
Conceptually if I create respective groups (similar to the groups and
users of
the compatability realm) in the ldap server and do the authentication
from there
- it should work - shouldn't it???
Any pointer !!!
Regds,
Ritwik
"Christian Plenagl" <[email protected]> wrote:
Hi Ritwik,
you can read in the WLI documentation, that WLI7 currently supportsthe
compatibility
realm only.
Please have a look at:
http://e-docs.bea.com/wli/docs70/deploy/secure.htm#1365621
Christian Plenagl
Developer Relations Engineer
BEA Support
"Ritwik" <[email protected]> wrote:
Hi everybody,
I have configured a new realm fot the security of the created EAI
Domain
and
made it default. In this realm, the authentication provider is theiPlanet
LDAP
Server.
Now the booting is fine but then when I am starting the Weblogic Studio,
it is
not getting authenticated and I keep getting the error :
<Nov 26, 2002 10:00:27 AM IST> <Error> <B2B> <000000> <<WLI-Security>
ERROR: No
realm found.>
<Nov 26, 2002 10:00:27 AM IST> <Error> <B2B> <000000> <<WLI-Security>
ERROR: Ini
tialization of WLI Authentication Service failed with exception java.lang.Runtim
eException: ERROR: No realm found..>
The error page obtained at studio is what is given as attachment.
Anybody having any info regarding the same - pl. do pass on.
Thanks and regards,
Ritwik
Maybe you are looking for
-
Dual 1 GHz Power 2 MB L3 cache processor Mac OS X (10.3.9) I just started to use loops in Logic and the drums are real easy to use, but when I try out one of the instruments, it plays in the right key as the songs in, but when I drag it to a trac
-
How to add a new search criteria in Advance Search Page in OAF
HI, In my application (R12) we can access customer related information from 2 places (2 different responsibilities as mentioned below), both are OAF pages. 1. AX receivables 2. Sales online From both the responsibilities we can perform search for cus
-
How to get the variable value in a flatfile
I have some 2 line string in a variable I wanted to see this value in a flat file. Thanks, Narthan
-
1st Gen iPod Touch No Volume control
The volume control in all apps and music just disappeared the other day, so I have no sound whatsoever. Didn't do anything different. The headphones are securely attached to the jack, I tried the "Reset all" option. Nada. What's next?
-
Could Not Open Key Error over and over and over
Error Message- "Could Not Open Key HKEYLOCALMACHINE\SOFTWARE\CLASSES\QuickTimePlayerLib.QuickTimePlayerApp\CLSID" Just got a new IPOD for Xmas but can't install Itunes. I think the problem is Quicktime. I have been searching in this discussion for pe