LDAPRealm
We are using IBM secureway Directory Server - Weblogic 6.1 sp3.
We don't have any user called system in our ldap. While specifying the bind DN
in weblogic we are using a user say (administrator). But I keep on getting this
message in ldap logs
"Unable to bind cn=System;ou=....."?
Does weblogic requires an user by name system in ldap???
Also if my ldap server aborts, why is that my weblogic server is also hanging?
Expedite response would be greatly appreciated
Thanks
Srini
We are using IBM secureway Directory Server - Weblogic 6.1 sp3.
We don't have any user called system in our ldap. While specifying the bind DN
in weblogic we are using a user say (administrator). But I keep on getting this
message in ldap logs
"Unable to bind cn=System;ou=....."?
Does weblogic requires an user by name system in ldap???
Also if my ldap server aborts, why is that my weblogic server is also hanging?
Expedite response would be greatly appreciated
Thanks
Srini
Similar Messages
-
LDAPRealm authentication (almost there)
Ok, been chipping away at getting an LDAPRealmV2 to function properly,
thanks for all the tips. Vital stats -- Iplanet dir service 6.02,
weblogic 6.1, win2k. config.xml is properly set, and I think web.xml
is as well but I get an authentication box that pops up when accessing
the webapp, but I can never get the user to be authenticated, even
though the ldap logs look like it is legit. Here are the relevant
snippets:
web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>testing123</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>interviewer</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>WLI_LDAPRealm</realm-name>
</login-config>
<security-role-assignment>
<role-name>interviewer</role-name>
</security-role-assignment>
=========================
The user 'someguy' is in the LDAP server, and is recognized in the
logs (see below), he is in the ldap group interviewer (which shows up
in the console, so it is being seen). Basically, I just try logging in
and after 3 times I get locked out. This happens with all users, not
just someguy. Any ideas?
weblogic log
<May 29, 2002 2:46:53 PM EDT> <Notice> <WebLogicServer>
<SSLListenThread listeni
ng on port 7002>
<May 29, 2002 2:46:53 PM EDT> <Notice> <WebLogicServer> <ListenThread
listening
on port 7001>
<May 29, 2002 2:46:54 PM EDT> <Notice> <Management> <Starting
discovery of Manag
ed Server... This feature is on by default, you may turn this off by
passing -Dw
eblogic.management.discover=false>
<May 29, 2002 2:46:54 PM EDT> <Notice> <WebLogicServer> <Started
WebLogic Admin
Server "myserver" for domain "mydomain" running in Production Mode>
<May 29, 2002 2:47:40 PM EDT> <Debug> <LDAPRealm> <getUser("someguy")>
<May 29, 2002 2:47:40 PM EDT> <Debug> <LDAPRealm> <search("ou=People,
dc=DFI_DWP
ROD", "(&(uid=someguy)(objectclass=organizationalPerson)", base DN &
below)>
<May 29, 2002 2:47:40 PM EDT> <Debug> <LDAPRealm> <DN for user
someguy: uid=some
guy,ou=People, dc=DFI_DWPROD>
<May 29, 2002 2:47:40 PM EDT> <Debug> <CachingRealm> <user: delegate
HAS someguy
>
<May 29, 2002 2:47:40 PM EDT> <Debug> <CachingRealm>
<authenticate("someguy")>
<May 29, 2002 2:47:40 PM EDT> <Debug> <LDAPRealm>
<authUserPassword("someguy")>
<May 29, 2002 2:47:40 PM EDT> <Debug> <LDAPRealm> <search("ou=People,
dc=DFI_DWP
ROD", "(&(uid=someguy)(objectclass=organizationalPerson)", base DN &
below)>
<May 29, 2002 2:47:40 PM EDT> <Debug> <LDAPRealm> <DN for user
someguy: uid=some
guy,ou=People, dc=DFI_DWPROD>
<May 29, 2002 2:47:40 PM EDT> <Debug> <CachingRealm> <auth: delegate
PASSES some
guy>
<May 29, 2002 2:47:40 PM EDT> <Debug> <CachingRealm>
<getUser("someguy")>
<May 29, 2002 2:47:40 PM EDT> <Debug> <CachingRealm> <user: pos HIT
someguy>
<May 29, 2002 2:47:40 PM EDT> <Debug> <CachingRealm>
<getUser("someguy")>
<May 29, 2002 2:47:40 PM EDT> <Debug> <CachingRealm> <user: pos HIT
someguy>
<May 29, 2002 2:47:40 PM EDT> <Debug> <CachingRealm>
<getUser("guest")>
<May 29, 2002 2:47:40 PM EDT> <Debug> <LDAPRealm> <getUser("guest")>
<May 29, 2002 2:47:40 PM EDT> <Debug> <LDAPRealm> <search("ou=People,
dc=DFI_DWP
ROD", "(&(uid=guest)(objectclass=organizationalPerson)", base DN &
below)>
<May 29, 2002 2:47:40 PM EDT> <Debug> <CachingRealm> <user: backup HAS
guest>
<May 29, 2002 2:47:48 PM EDT> <Debug> <CachingRealm>
<getUser("someguy")>
<May 29, 2002 2:47:48 PM EDT> <Debug> <CachingRealm> <user: pos HIT
someguy>
<May 29, 2002 2:47:48 PM EDT> <Debug> <CachingRealm>
<getUser("someguy")>
<May 29, 2002 2:47:48 PM EDT> <Debug> <CachingRealm> <user: pos HIT
someguy>
<May 29, 2002 2:47:48 PM EDT> <Debug> <CachingRealm>
<getUser("someguy")>
<May 29, 2002 2:47:48 PM EDT> <Debug> <CachingRealm> <user: pos HIT
someguy>
<May 29, 2002 2:47:51 PM EDT> <Debug> <CachingRealm>
<getUser("someguy")>
<May 29, 2002 2:47:51 PM EDT> <Debug> <CachingRealm> <user: pos HIT
someguy>
<May 29, 2002 2:47:51 PM EDT> <Debug> <CachingRealm>
<getUser("someguy")>
<May 29, 2002 2:47:51 PM EDT> <Debug> <CachingRealm> <user: pos HIT
someguy>
<May 29, 2002 2:47:51 PM EDT> <Debug> <CachingRealm>
<getUser("someguy")>I think you may be missing the
<principal-name>interviewer</principal-name>
so you weblogic.xml should look like..
<security-role-assignment>
<role-name>interviewer</role-name>
<principal-name>interviewer</principal-name>
</security-role-assignment>
"kj" <[email protected]> wrote in message
news:[email protected]...
Ok, been chipping away at getting an LDAPRealmV2 to function properly,
thanks for all the tips. Vital stats -- Iplanet dir service 6.02,
weblogic 6.1, win2k. config.xml is properly set, and I think web.xml
is as well but I get an authentication box that pops up when accessing
the webapp, but I can never get the user to be authenticated, even
though the ldap logs look like it is legit. Here are the relevant
snippets:
web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>testing123</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>interviewer</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>WLI_LDAPRealm</realm-name>
</login-config>
<security-role-assignment>
<role-name>interviewer</role-name>
</security-role-assignment>
=========================
The user 'someguy' is in the LDAP server, and is recognized in the
logs (see below), he is in the ldap group interviewer (which shows up
in the console, so it is being seen). Basically, I just try logging in
and after 3 times I get locked out. This happens with all users, not
just someguy. Any ideas?
weblogic log
<May 29, 2002 2:46:53 PM EDT> <Notice> <WebLogicServer>
<SSLListenThread listeni
ng on port 7002>
<May 29, 2002 2:46:53 PM EDT> <Notice> <WebLogicServer> <ListenThread
listening
on port 7001>
<May 29, 2002 2:46:54 PM EDT> <Notice> <Management> <Starting
discovery of Manag
ed Server... This feature is on by default, you may turn this off by
passing -Dw
eblogic.management.discover=false>
<May 29, 2002 2:46:54 PM EDT> <Notice> <WebLogicServer> <Started
WebLogic Admin
Server "myserver" for domain "mydomain" running in Production Mode>
<May 29, 2002 2:47:40 PM EDT> <Debug> <LDAPRealm> <getUser("someguy")>
<May 29, 2002 2:47:40 PM EDT> <Debug> <LDAPRealm> <search("ou=People,
dc=DFI_DWP
ROD", "(&(uid=someguy)(objectclass=organizationalPerson)", base DN &
below)>
<May 29, 2002 2:47:40 PM EDT> <Debug> <LDAPRealm> <DN for user
someguy: uid=some
guy,ou=People, dc=DFI_DWPROD>
<May 29, 2002 2:47:40 PM EDT> <Debug> <CachingRealm> <user: delegate
HAS someguy
>
<May 29, 2002 2:47:40 PM EDT> <Debug> <CachingRealm>
<authenticate("someguy")>
<May 29, 2002 2:47:40 PM EDT> <Debug> <LDAPRealm>
<authUserPassword("someguy")>
<May 29, 2002 2:47:40 PM EDT> <Debug> <LDAPRealm> <search("ou=People,
dc=DFI_DWP
ROD", "(&(uid=someguy)(objectclass=organizationalPerson)", base DN &
below)>
<May 29, 2002 2:47:40 PM EDT> <Debug> <LDAPRealm> <DN for user
someguy: uid=some
guy,ou=People, dc=DFI_DWPROD>
<May 29, 2002 2:47:40 PM EDT> <Debug> <CachingRealm> <auth: delegate
PASSES some
guy>
<May 29, 2002 2:47:40 PM EDT> <Debug> <CachingRealm>
<getUser("someguy")>
<May 29, 2002 2:47:40 PM EDT> <Debug> <CachingRealm> <user: pos HIT
someguy>
<May 29, 2002 2:47:40 PM EDT> <Debug> <CachingRealm>
<getUser("someguy")>
<May 29, 2002 2:47:40 PM EDT> <Debug> <CachingRealm> <user: pos HIT
someguy>
<May 29, 2002 2:47:40 PM EDT> <Debug> <CachingRealm>
<getUser("guest")>
<May 29, 2002 2:47:40 PM EDT> <Debug> <LDAPRealm> <getUser("guest")>
<May 29, 2002 2:47:40 PM EDT> <Debug> <LDAPRealm> <search("ou=People,
dc=DFI_DWP
ROD", "(&(uid=guest)(objectclass=organizationalPerson)", base DN &
below)>
<May 29, 2002 2:47:40 PM EDT> <Debug> <CachingRealm> <user: backup HAS
guest>
<May 29, 2002 2:47:48 PM EDT> <Debug> <CachingRealm>
<getUser("someguy")>
<May 29, 2002 2:47:48 PM EDT> <Debug> <CachingRealm> <user: pos HIT
someguy>
<May 29, 2002 2:47:48 PM EDT> <Debug> <CachingRealm>
<getUser("someguy")>
<May 29, 2002 2:47:48 PM EDT> <Debug> <CachingRealm> <user: pos HIT
someguy>
<May 29, 2002 2:47:48 PM EDT> <Debug> <CachingRealm>
<getUser("someguy")>
<May 29, 2002 2:47:48 PM EDT> <Debug> <CachingRealm> <user: pos HIT
someguy>
<May 29, 2002 2:47:51 PM EDT> <Debug> <CachingRealm>
<getUser("someguy")>
<May 29, 2002 2:47:51 PM EDT> <Debug> <CachingRealm> <user: pos HIT
someguy>
<May 29, 2002 2:47:51 PM EDT> <Debug> <CachingRealm>
<getUser("someguy")>
<May 29, 2002 2:47:51 PM EDT> <Debug> <CachingRealm> <user: pos HIT
someguy>
<May 29, 2002 2:47:51 PM EDT> <Debug> <CachingRealm>
<getUser("someguy")> -
How do I configure my OpenLDAP so that WLSP9 LDAPRealm will actually
authenticate the users. I have the realm debugging turned on , and I
can
see that the user has been found, but no matter what password I use
the authentication fails. I know that the LDAPRealm tries to bind to
my
LDAP server with that username and password, but currently I only have
the
rootdn and rootpw set in my server , no other access control . Should
I include
access control lists in my slapd.conf file ???
Thanks in advance.I'm fairly new to OpenLDAP myself but I think I had the same issue as you. I
certainly had to add a few ACLs to my slapd.conf and one looks like what you
are after. Add it to the bottom of slapd.conf:
access to attr=userPassword
by anonymous auth
by * none
- Steve Lynch
Security Consultant
Entegrity Solutions -
Use of LdapRealm results in [LDAP: error code 32 - No Such Object]
Hi,
I'm testing with the example 'basic-auth' of the SJSAS7 2004Q2 with the LdapRealm.
This little test app can successfully authenticate my user against LDAP.
package de.zdf.qmv.helloworld.test;
import javax.naming.*;
import javax.naming.directory.*;
import java.util.Hashtable;
public class TestLdap {
public static void main(String[] args) {
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://123.123.123.123:389/o=aaa");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL, "uid=myuser,ou=ddd,o=ccc,o=bbb,o=aaa");
env.put(Context.SECURITY_CREDENTIALS, "mypwd");
try {
DirContext ctx = new InitialDirContext(env);
ctx.close();
} catch (Exception e) {
e.printStackTrace();
}But when I try to use these Settings for the LDAP Security Realms in the AppServer it doesn't work.
<auth-realm name="ldap" classname="com.iplanet.ias.security.auth.realm.ldap.LDAPRealm">
<property value="ldap://123.123.123.123:389/o=aaa" name="directory"/>
<property value="ou=ddd,o=ccc,o=bbb,o=aaa" name="base-dn"/>
<property value="ldapRealm" name="jaas-context"/>
</auth-realm>I get this error:
AM: Processing login with credentials of type: class com.sun.enterprise.security.auth.login.PasswordCredential
FEIN: Logging in user [myuser] into realm: ldap using JAAS module: ldapRealm
AM: Login module initialized: class com.iplanet.ias.security.auth.login.LDAPLoginModule
AM: search: baseDN: ou=ddd,o=ccc,o=bbb,o=aaa filter: uid=myuser
WARNUNG: SEC1106: Error during LDAP search with filter [uid=myuser].
WARNUNG: SEC1000: Caught exception.
javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object]; remaining name 'ou=ddd,o=ccc,o=bbb,o=aaa'Is the base-dn of the LDAP Security Realms properties the equivalent to the SECURITY_PRINCIPAL (without uid= )?
Is there a missing property in the LDAP Security Realms properties to get this work?
Thanks for your helpI have the same error with my code...
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://localhost");
Context ctx = new InitialContext(env);
SQLServerDataSource mds = new SQLServerDataSource();
ctx.bind("jdbc/, mds);
// ERROR!!!!LDAP: error code 32 - No Such Object
I just installed the qcslapd.exe, running qcslapd -debug i get the result:
20030514 14:28:13 conn=6 fd=2 connection from e700 (127.0.0.1)
20030514 14:28:13 conn=6 op=0 BIND dn="" method=128
20030514 14:28:13 unknown version 3
20030514 14:28:13 conn=6 op=1 BIND dn="" method=128
20030514 14:28:13 conn=6 op=0 RESULT err=2 tag=97 nentries=0
20030514 14:28:13 conn=6 op=1 RESULT err=0 tag=97 nentries=0
20030514 14:28:13 conn=6 op=2 SRCH base="jdbc" scope=0 filter="(objectclass=*)"
20030514 14:28:14 conn=6 op=2 RESULT err=32 tag=101 nentries=0
can you help... HELP -
Hello,
I'm starting WebLogic from JBuilder 3.5; before using the LDAP realm
everything worked fine.
After adding the following entry to the weblogic.properties file
weblogic.security.realmClass=weblogic.security.ldaprealm.LDAPRealm
the WLS states following error message:
java.io.FileNotFoundException: ldaprealm.properties (The system cannot
find the file specified)
The ldaprealm.properties file is located in the WL_HOME dir (same location
as weblogic.properties)
I've start WLS with -Duser.dir=c:\weblogic, but it didn't affect my problem.
When starting WLS with startWebLogic.cmd, everything works fine but no
practicalbe for me,
because I've to start in form JBuilder in order to enable remote debugging.
Thanx for your help in advance,
Michaelhttp://www.bea.com/support/askbea/wls/S-06632.shtml
ldaprealm.properties has to be in %WinDir%\System32 to be picked up by a WLS 5.1 server run as a service and LDAPRealm enabled.
Still getting interesting LDAP errors, but the file is being picked up on startup. -
Error: ldaprealm.properties (The system cannot find the file specified)
Hi,
I'm getting the following error message when starting up WLS
java.io.FileNotFoundException: ldaprealm.properties
(The system cannot find the file specified)
This seems to me as if ldaprealm.properties isn't in the
proper place/dir.
The docu tells me to put it to WL_HOME - and there
it resides.
I cannot start WLS with the startWebLogic.cmd file (which
alway works fine), because I'm forced to do it via JBuilder.
Maybe someone can tell me a property to change the
startup dir (-Duser.dir=c:\weblogic doesn't work)
thanx in advance,
Michaelhttp://www.bea.com/support/askbea/wls/S-06632.shtml
ldaprealm.properties has to be in %WinDir%\System32 to be picked up by a WLS 5.1 server run as a service and LDAPRealm enabled.
Still getting interesting LDAP errors, but the file is being picked up on startup. -
Weblogic.security.ldaprealmv2.LDAPRealm problem..
Hi All,
I'm running WLS6.1sp1 and I have a bit of a snag. I've been able to
successfully configure WLS6.1 to authenticate against a single development
LDAP server, but I'm running into problems with my production LDAP
environment.
My production LDAP environment returns referrals. Normally this is dealt
with by setting the Context.Referral parameter to "follow" rather than the
default JNDI "ignore" value. I can't seem to find any documentation on the
"configuration data" field of weblogic.security.ldaprealmv2.LDAPRealm or
even get at any API docs for this class.
Can somebody tell me if there is a configuration parameter I can pass to
this class which accomplishes this? If not, can BEA provide some assistance
(source code or API documentation) so that we can modify this class? (I'm
not excited about writing my own CustomAuthentication class this week..)
Jason Hanna
Lead Technical Architect - EMC.com>
My production LDAP environment returns referrals. Normally this is dealt
with by setting the Context.Referral parameter to "follow" rather than the
default JNDI "ignore" value. I can't seem to find any documentation on the
"configuration data" field of weblogic.security.ldaprealmv2.LDAPRealm or
even get at any API docs for this class.
Can somebody tell me if there is a configuration parameter I can pass to
this class which accomplishes this? If not, can BEA provide someassistance
(source code or API documentation) so that we can modify this class? (I'm
not excited about writing my own CustomAuthentication class this week..)
The ldap realm v2 uses the netscape sdk. By default, a netscape sdk client
follows
referrals automatically.However, the client binds anonymously to the server.
There is currently no method for the ldap realm v2 to follow referrals and
bind
as a specific user.
Does your production system have the same principal and credentials for
both the original and referral directory server?
Peter -
Weblogic.security.ldaprealm.LDAPException
hi all,
i'm trying to authenticate users/groups with weblogic 6.0sp2 against iplanet 5.0
on an nt operating system.
from time to time weblogic server is throwing exceptions like the one below:
weblogic.security.ldaprealm.LDAPException: search error: user xyz - with nested
exception:
[javax.naming.ServiceUnavailableException: server:389; remaining name 'ou=People,dc=comp,dc=com']
The App is reconnecting and able to get the connection, but those exceptions are
thrown on a very frequent basis.Any ideas what causes this behaviour?
Your help is very much appreciated.
mdheurweblogic.security.ldaprealm.LDAPException: search error: user xyz - withnested
>
From the API,
This exception is thrown when attempting to communcate with a directory or
naming service and that service is not available. It might be unavailble for
different reasons. For example, the server might be too busy to service the
request, or the server might not be registered to service any requests, etc.
-utpal -
I am getting the following error when I try to start weblogic server:
Fri Apr 20 16:27:14 CDT 2001:<I> <Security> Access failed (Thread = Thread[Wait
For Death,5,main])
java.lang.SecurityException: User "[LDAP user: system, DN: uid=system,ou=People,
o=wi.firstar.com]" does not have Permission "modify" based
on ACL "weblogic.jndi.weblogic".
at weblogic.security.acl.Security.logAndThrow(Security.java:372
in my weblogic.properties file I have the following lines:
weblogic.security.realmClass=weblogic.security.ldaprealm.LDAPRealm
and
weblogic.allow.modify.weblogic.jndi.weblogic=system
I don't understand why I am getting the error.
Thanks chrisDo you have a user "system" defined in your LDAP server?
If so remove it or change the default admin user in the WL properties
file.
Jerrie Pineda
Flying J Inc
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
I have done that a while ago. I actually have gotten the server to start
with
the custom realm I wrote, and wanted to compare my realm with weblogics. I
can't
get the server to start when I try to use weblogic.
chris
"Satya Ghattu" <[email protected]> wrote:
Chris,
If you recently upgraded your WLS to sp8, you need to re-configure your
ldaprealm.properties file according to the new configuration properties.
Please refer to the documentation shown below.
http://www.weblogic.com/docs51/admindocs/ldap2.html
thanks,
-satya
chris <[email protected]> wrote in message
news:3ae0ad97$[email protected]..
I am getting the following error when I try to start weblogic server:
Fri Apr 20 16:27:14 CDT 2001:<I> <Security> Access failed (Thread =Thread[Wait
For Death,5,main])
java.lang.SecurityException: User "[LDAP user: system, DN:
uid=system,ou=People,>> o=wi.firstar.com" does not have Permission "modify" based
on ACL "weblogic.jndi.weblogic".
at weblogic.security.acl.Security.logAndThrow(Security.java:372
in my weblogic.properties file I have the following lines:
weblogic.security.realmClass=weblogic.security.ldaprealm.LDAPRealm
and
weblogic.allow.modify.weblogic.jndi.weblogic=system
I don't understand why I am getting the error.
Thanks chris
[att1.html] -
How to use ldaprealm security in weblogic6.1
Hi,
How would I use weblogic6.1 ldaprealm to authenticate the user using
iplanet directory server 5.1Hi Gokula,
Have you seen the documentation at
http://e-docs.bea.com/wls/docs61/adminguide/cnfgsec.html#1071872
You will want to be using the "LDAP REALM V2" and definitely not the "V1"
There have also been many postings in this newsgroup regarding LDAP setup
and problems with Netscape LDAP server -- I recommend searching through
it if you have problems. Check out
http://search.beasys.com/weblogic/gonews/
You can even search specific newsgroups (I'd recommend
weblogic.developer.interest.security ..)
Once it's hooked up correctly, WebLogic will automatically delegate to
your LDAP realm for authentication purposes.
Hope this helps.
Joe Jerry
Gokula Krishnan wrote:
Hi,
How would I use weblogic6.1 ldaprealm to authenticate the user using
iplanet directory server 5.1 -
Problems configuration ldapRealm
Hello,
I am trying to configure BEA Portal with our LDAP server which is Windows
Active Directory.
Here is the info on my environment:
BEA Portal 7.0, sp2
OS for LDAP server is Windows 2000
Here is the entry in my config.xml file for the ldap configuration:
<CustomRealm
ConfigurationData="user.filter=(&(cn=%u)(objectclass=Users));user.dn=ou=
Users,dc=weblogic,dc=local;server.port=389;server.principal=cn=weblogic,dc=w
eblogic,dc=local;group.filter==(&(cn=%g)(objectclass=Groups));server.hos
t=server1.weblogic.local;group.dn=ou=Groups,dc=weblogic,dc=local;membership.
scope.depth=1;microsoft.membership.scope=sub;membership.filter=(|(&(memb
erobject=%M)(objectclass=memberof))(&(groupobject=%M)(objectclass=groupm
emberof)));"
Name="ldapRealm" Password="<some encrypted password>"
RealmClassName="weblogic.security.ldaprealmv2.LDAPRealm"/>
I am using ldap v2 so I had to create a Custom Realm. When I switch my
caching realm to my ldapRealm and restart the server, I get the following
error:
####<May 2, 2003 11:30:11 AM PDT> <Info> <Logging> <WINKI> <portalServer>
<main> <kernel identity> <> <000000> <FileLogger Opened at
C:\workarea\portalDomain\.\logs\weblogic.log>
####<May 2, 2003 11:30:14 AM PDT> <Info> <Security> <WINKI> <portalServer>
<main> <kernel identity> <> <090516> <The RoleMapper provider has
preexisting LDAP data.>
####<May 2, 2003 11:30:14 AM PDT> <Critical> <WebLogicServer> <WINKI>
<portalServer> <main> <kernel identity> <> <000364> <Server failed during
initialization. Exception:weblogic.security.ldaprealmv2.LDAPRealmException:
could not get connection - with nested exception:
[java.lang.reflect.InvocationTargetException - with target exception:
[netscape.ldap.LDAPException: error result (49); 80090308: LdapErr:
DSID-0C09030B, comment: AcceptSecurityContext error, data 525, v893 ;
Invalid credentials]]>
java.lang.reflect.InvocationTargetException: netscape.ldap.LDAPException:
error result (49); 80090308: LdapErr: DSID-0C09030B, comment:
AcceptSecurityContext error, data 525, v893 ; Invalid credentials
at netscape.ldap.LDAPConnection.checkMsg(LDAPConnection.java:4852)
at netscape.ldap.LDAPConnection.internalBind(LDAPConnection.java:1757)
at netscape.ldap.LDAPConnection.authenticate(LDAPConnection.java:1294)
at netscape.ldap.LDAPConnection.authenticate(LDAPConnection.java:1303)
at netscape.ldap.LDAPConnection.bind(LDAPConnection.java:1613)
at
weblogic.security.ldaprealmv2.LDAPDelegate$LDAPFactory.newInstance(LDAPDeleg
ate.java:1885)
at weblogic.security.utils.Pool.getInstance(Pool.java:57)
at
weblogic.security.ldaprealmv2.LDAPDelegate.getConnection(LDAPDelegate.java:7
89)
at
weblogic.security.ldaprealmv2.LDAPDelegate.getUser(LDAPDelegate.java:871)
at weblogic.security.ldaprealmv2.LDAPRealm.getUser(LDAPRealm.java:57)
at weblogic.security.acl.CachingRealm.getUserEntry(CachingRealm.java:812)
at weblogic.security.acl.CachingRealm.getUser(CachingRealm.java:668)
at
weblogic.security.acl.internal.FileRealm.getPrincipalFromAnyRealm(FileRealm.
java:1009)
at
weblogic.security.acl.internal.FileRealm.ensureRequiredObjectsExist(FileReal
m.java:958)
at
weblogic.security.acl.internal.FileRealm.loadMembers(FileRealm.java:1209)
at
weblogic.security.SecurityService.initializeRealm(SecurityService.java:370)
at
weblogic.security.providers.realmadapter.AuthorizationProviderImpl.initializ
e(AuthorizationProviderImpl.java:72)
at
weblogic.security.service.SecurityServiceManager.createSecurityProvider(Secu
rityServiceManager.java:1875)
at
weblogic.security.service.AuthorizationManager.initialize(AuthorizationManag
er.java:206)
at
weblogic.security.service.AuthorizationManager.<init>(AuthorizationManager.j
ava:127)
at
weblogic.security.service.SecurityServiceManager.doATZ(SecurityServiceManage
r.java:1613)
at
weblogic.security.service.SecurityServiceManager.initializeRealm(SecuritySer
viceManager.java:1426)
at
weblogic.security.service.SecurityServiceManager.loadRealm(SecurityServiceMa
nager.java:1365)
at
weblogic.security.service.SecurityServiceManager.initializeRealms(SecuritySe
rviceManager.java:1487)
at
weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceM
anager.java:1207)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:723)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:594)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:282)
at weblogic.Server.main(Server.java:32)
Any information is greatly appreciated.
thanks,
Dominic
Dominic Nagar Release Engineer
p 415.875.7123 f 415.875.7001 [email protected]
Semaphore Partners www.semaphorepartners.comDominic Nagar <[email protected]> wrote:
I am trying to configure BEA Portal with our LDAP server which is
Windows Active Directory.Dominic and others:
Here's what I've found concerning BEA Portal 7 and Active Directory
2000. By the way, this is current as of BEA Platform 7.0.2.0. This
could change with version 8.1 and beyond.
- Active Directory does not currently work with Portal's
"compatibilityRealm"
- A future patch will be released by BEA (date unknown)
Instead, I would investigate and use either the Sun ONE Directory
Server (also known as, "iPlanet Directory"), Novell's eDirectory (also
known as, "NDS"), or OpenLDAP.
Give me a call if you need specifics.
Brian J. Mitchell
Systems Administrator, MIS
TRX
6 West Druid Hills Drive
Atlanta, GA 30329 USA
http://www.trx.com
email: [email protected]
office: +1 404 327 7238
mobile: +1 678 283 6530 -
How to change password programatically in LDAPRealm
Hi
Can anyone give suggestion how to change the password programatically in the
LDAPRealm and also in the LDAP server
ThanksIf you are using Netscape ldap they have api and classes that can be used to
directly change the password
Regarding the ldaprealm it will pick the new password as soon as the cache
expires
Suresh Done wrote:
Hi
Can anyone give suggestion how to change the password programatically in the
LDAPRealm and also in the LDAP server
Thanks -
LDAPRealm and Microsoft Site Server (LDAP)
I have problem setting up the LDAPRealm in Weblogic Commerce 2.0.1 and
Personalisation Server connecting to a Microsoft Site Server.
The ldaprealm.properties file is as below:
weblogic.security.ldaprealm.url=ldap://localhost:389
weblogic.security.ldaprealm.principal=cn=Administrator
weblogic.security.ldaprealm.credential=password
weblogic.security.ldaprealm.ssl=false
weblogic.security.ldaprealm.authentication=none
weblogic.security.ldaprealm.userAuthentication=local
weblogic.security.ldaprealm.version=2
weblogic.security.ldaprealm.userDN=o=test, ou=Members
weblogic.security.ldaprealm.userNameAttribute=cn
weblogic.security.ldaprealm.userPasswordAttribute=userpassword
weblogic.security.ldaprealm.userCommonNameAttribute=cn
weblogic.security.ldaprealm.groupDN=o=test, ou=Groups
weblogic.security.ldaprealm.groupNameAttribute=cn
weblogic.security.ldaprealm.groupIsContext=true
weblogic.security.ldaprealm.groupUsernameAttribute=cn
The server runs and halts at the last line of log:
Fri Jul 28 11:58:21 GMT 2000:<I> <WebLogicServer> Server loading from
weblogic.class.path. EJB redeployment enabled.
Fri Jul 28 11:58:21 GMT 2000:<D> <CachingRealm> acl size = 211, pos ttl =60,
neg ttl = 10
Fri Jul 28 11:58:21 GMT 2000:<D> <CachingRealm> auth size = 211, pos ttl =
60, neg ttl = 10
Fri Jul 28 11:58:21 GMT 2000:<D> <CachingRealm> group size = 17, pos ttl =
600, neg ttl = 600
Fri Jul 28 11:58:21 GMT 2000:<D> <CachingRealm> perm size = 10000, pos ttl =
600, neg ttl = 600
Fri Jul 28 11:58:21 GMT 2000:<D> <CachingRealm> user size = 10000, pos ttl =
600, neg ttl = 600
Fri Jul 28 11:58:21 GMT 2000:<D> <CachingRealm> getAclOwner("weblogic")
Fri Jul 28 11:58:21 GMT 2000:<D> <CachingRealm> rewriting ACL
"weblogic.jdbc.connectionPool.commercePool"
Fri Jul 28 11:58:21 GMT 2000:<D> <CachingRealm> getPermission("reserve")
Fri Jul 28 11:58:21 GMT 2000:<D> <CachingRealm> perm: backup HAS reserve
Fri Jul 28 11:58:21 GMT 2000:<D> <CachingRealm> getPrincipal("everyone")
Fri Jul 28 11:58:21 GMT 2000:<D> <CachingRealm> getGroup("everyone")
Fri Jul 28 11:58:21 GMT 2000:<D> <LDAPRealm> getGroup("everyone")
Fri Jul 28 11:58:21 GMT 2000:<D> <LDAPRealm> search("o=telewest, ou=Groups,
cn=everyone", "cn", "*")
Fri Jul 28 11:58:21 GMT 2000:<D> <LDAPRealm> lookup("o=telewest, ou=Groups,
cn=everyone")
Fri Jul 28 11:58:21 GMT 2000:<D> <LDAPRealm> new JNDI context
The server halted at that line. Can anyone explain that situation?
We are sure that we could connect to the LDAP server since we have a JSP
page connecting to the LDAP using the SUN's jndi-ldap driver. Would that be
a LDAP version problem, if that is so, how could we set the
"java.naming.ldap.version=2" environment variable as I have said in my JSP
page.
Thanks for answering.Yes, sorry by the mistake.
"ramesh" <[email protected]> wrote:
I think Johnny is trying to say : "If you change to SP9" or above...
Try to get a copy of the ldaprealm.properties file from the unzipped
SP8 and
above. It is self explanatory from there. The current ldaprealm.properties
which comes with WLS 5.1 and upto sp7 has been changed in SP8 and above.
Yes my configuration is also same as his.
Hope this helps.
Ramesh
"Johnny Valdez" <[email protected]> wrote in message
news:3b44ebb3$[email protected]..
I recommend you change your service pack to 9, because the 6 has someproblems
with LDAP...
if you change to sp6 you could use this
### Server type
server.alias=microsoft
### Microsoft Site Server
# This follows the default Microsoft Site Server (MSS) schema.
microsoft.server.host=ldapserver.example.com
microsoft.server.principal=cn=Administrator, ou=Members,o=ExampleMembershipDir
# microsoft.server.credential=*secret*
microsoft.user.dn=ou=Members, o=ExampleMembershipDir
microsoft.user.filter=(&(cn=%u)(objectclass=member))
microsoft.group.dn=ou=Groups, o=ExampleMembershipDir
microsoft.group.filter=(&(cn=%g)(objectclass=mgroup))
create a file ldaprealm.properties with this configuration and saveit
into the
Weblogic root directory.
greetings..
"Satya Ghattu" <[email protected]> wrote:
Hello,
I am trying to use an Microsoft site server as my LDAPRealm with weblogic
5.1 sp6, but in vain. Is there anybody out there who configured microsoft
site server with WLS sp6 and lesser? If yes, could you please post
your
configuaration properties?
Thank you,
-satya -
LDAPRealm and Microsoft Site Server, server halting at start-up
I have problem setting up the LDAPRealm in Weblogic Commerce 2.0.1 and
Personalisation Server connecting to a Microsoft Site Server.
The ldaprealm.properties file is as below:
weblogic.security.ldaprealm.url=ldap://localhost:389
weblogic.security.ldaprealm.principal=cn=Administrator
weblogic.security.ldaprealm.credential=password
weblogic.security.ldaprealm.ssl=false
weblogic.security.ldaprealm.authentication=none
weblogic.security.ldaprealm.userAuthentication=local
weblogic.security.ldaprealm.version=2
weblogic.security.ldaprealm.userDN=o=test, ou=Members
weblogic.security.ldaprealm.userNameAttribute=cn
weblogic.security.ldaprealm.userPasswordAttribute=userpassword
weblogic.security.ldaprealm.userCommonNameAttribute=cn
weblogic.security.ldaprealm.groupDN=o=test, ou=Groups
weblogic.security.ldaprealm.groupNameAttribute=cn
weblogic.security.ldaprealm.groupIsContext=true
weblogic.security.ldaprealm.groupUsernameAttribute=cn
The server runs and halts at the last line of log:
Fri Jul 28 11:58:21 GMT 2000:<I> <WebLogicServer> Server loading from
weblogic.class.path. EJB redeployment enabled.
Fri Jul 28 11:58:21 GMT 2000:<D> <CachingRealm> acl size = 211, pos ttl =60,
neg ttl = 10
Fri Jul 28 11:58:21 GMT 2000:<D> <CachingRealm> auth size = 211, pos ttl =
60, neg ttl = 10
Fri Jul 28 11:58:21 GMT 2000:<D> <CachingRealm> group size = 17, pos ttl =
600, neg ttl = 600
Fri Jul 28 11:58:21 GMT 2000:<D> <CachingRealm> perm size = 10000, pos ttl =
600, neg ttl = 600
Fri Jul 28 11:58:21 GMT 2000:<D> <CachingRealm> user size = 10000, pos ttl =
600, neg ttl = 600
Fri Jul 28 11:58:21 GMT 2000:<D> <CachingRealm> getAclOwner("weblogic")
Fri Jul 28 11:58:21 GMT 2000:<D> <CachingRealm> rewriting ACL
"weblogic.jdbc.connectionPool.commercePool"
Fri Jul 28 11:58:21 GMT 2000:<D> <CachingRealm> getPermission("reserve")
Fri Jul 28 11:58:21 GMT 2000:<D> <CachingRealm> perm: backup HAS reserve
Fri Jul 28 11:58:21 GMT 2000:<D> <CachingRealm> getPrincipal("everyone")
Fri Jul 28 11:58:21 GMT 2000:<D> <CachingRealm> getGroup("everyone")
Fri Jul 28 11:58:21 GMT 2000:<D> <LDAPRealm> getGroup("everyone")
Fri Jul 28 11:58:21 GMT 2000:<D> <LDAPRealm> search("o=telewest, ou=Groups,
cn=everyone", "cn", "*")
Fri Jul 28 11:58:21 GMT 2000:<D> <LDAPRealm> lookup("o=telewest, ou=Groups,
cn=everyone")
Fri Jul 28 11:58:21 GMT 2000:<D> <LDAPRealm> new JNDI context
The server halted at that line. Can anyone explain that situation?
We are sure that we could connect to the LDAP server since we have a JSP
page connecting to the LDAP using the SUN's jndi-ldap driver. Would that be
a LDAP version problem, if that is so, how could we set the
"java.naming.ldap.version=2" environment variable as I have said in my JSP
page.
Thanks for answering.Yes, sorry by the mistake.
"ramesh" <[email protected]> wrote:
I think Johnny is trying to say : "If you change to SP9" or above...
Try to get a copy of the ldaprealm.properties file from the unzipped
SP8 and
above. It is self explanatory from there. The current ldaprealm.properties
which comes with WLS 5.1 and upto sp7 has been changed in SP8 and above.
Yes my configuration is also same as his.
Hope this helps.
Ramesh
"Johnny Valdez" <[email protected]> wrote in message
news:3b44ebb3$[email protected]..
I recommend you change your service pack to 9, because the 6 has someproblems
with LDAP...
if you change to sp6 you could use this
### Server type
server.alias=microsoft
### Microsoft Site Server
# This follows the default Microsoft Site Server (MSS) schema.
microsoft.server.host=ldapserver.example.com
microsoft.server.principal=cn=Administrator, ou=Members,o=ExampleMembershipDir
# microsoft.server.credential=*secret*
microsoft.user.dn=ou=Members, o=ExampleMembershipDir
microsoft.user.filter=(&(cn=%u)(objectclass=member))
microsoft.group.dn=ou=Groups, o=ExampleMembershipDir
microsoft.group.filter=(&(cn=%g)(objectclass=mgroup))
create a file ldaprealm.properties with this configuration and saveit
into the
Weblogic root directory.
greetings..
"Satya Ghattu" <[email protected]> wrote:
Hello,
I am trying to use an Microsoft site server as my LDAPRealm with weblogic
5.1 sp6, but in vain. Is there anybody out there who configured microsoft
site server with WLS sp6 and lesser? If yes, could you please post
your
configuaration properties?
Thank you,
-satya -
Urgent! LDAPRealm and JNDI provider
I must setup ldap realm using Site Server. According to
Service Pack 6, Sun's service provider doesn't work with
Site Server. I set-up Netscapes's as was advised. The
problem is that Weblogic can't find LdapContextFactory
class file (part of ldapsp.jar). This is how it is setup in
my StartWeblogic.cmd:
WEBLOGIC_CLASSPATH=.\license;.\classes;.\lib;.\lib\ldapsp.jar;
.\lib\weblogicaux.jar;.\lib\ldapfilt.jar;.\lib\ldapjdk.jar;
.\myserver\serverclasses
Also I tried to put it in my JAVA_CLASSPATH. JAR files are
in LIB folder with other jar files. Weblogic sees all of
them except these. I tried to use these libraries from a
stand-alone client talking to directory server and it works
fine.
Please advise.
Thank you, Boris
Here is a console message:
Unable to initialize server: weblogic.security.ldaprealm.LDAPException: could not
get context - with nested exception:
[java.lang.reflect.InvocationTargetException - with
target exception:
[javax.naming.NoInitialContextException: Cannot
instantiate class: com.netscape.jndi.ldap.LdapContextFactory [Root exception is java.lang.ClassNotFoundException:
com/netscape/jndi/ldap/LdapContextFactory ]]]
fatal initialization exception
weblogic.security.ldaprealm.LDAPException: could not
get context - with nested exception:
[java.lang.reflect.InvocationTargetException - with
target exception:
[javax.naming.NoInitialContextException: Cannot
instantiate class: com.netscape.jndi.ldap.LdapContextFactory
[Root exception is java.lang.ClassNotFoundException: com/netscape/jndi/ldap/LdapContextFactory ]]]
at weblogic.security.ldaprealm.LDAPDelegate.getContext
(LDAPDelegate.java:212)
at weblogic.security.ldaprealm.LDAPDelegate.lookup
(LDAPDelegate.java:232)
at weblogic.security.ldaprealm.LDAPDelegate.search
(LDAPDelegate.java:345)
at weblogic.security.ldaprealm.LDAPDelegate.search
(LDAPDelegate.java:354)
at weblogic.security.ldaprealm.LDAPDelegate.getGroupMembers
(LDAPDelegate.java:553)
at weblogic.security.ldaprealm.LDAPDelegate.getGroup
(LDAPDelegate.java:539)
at weblogic.security.ldaprealm.LDAPDelegate.getGroup
(LDAPDelegate.java:527)
at weblogic.security.ldaprealm.LDAPRealm.getGroup
(LDAPRealm.java:75)
at weblogic.security.acl.CachingRealm.getGroup
(CachingRealm.java:1420)
at weblogic.security.acl.CachingRealm.getPrincipal
(CachingRealm.java:1020)
at weblogic.security.acl.CachingRealm.addPermission
(CachingRealm.java:813)
at weblogic.security.acl.CachingRealm.setupAcls
(CachingRealm.java:802)
at weblogic.security.acl.CachingRealm.<init>
(CachingRealm.java:706)
at weblogic.security.acl.CachingRealm.<init>
(CachingRealm.java:564)
at weblogic.t3.srvr.T3Srvr.initializeSecurity
(T3Srvr.java:1750)
at weblogic.t3.srvr.T3Srvr.start(T3Srvr.java:1086)
at weblogic.t3.srvr.T3Srvr.main(T3Srvr.java:827)
at java.lang.reflect.Method.invoke(Native Method)
at weblogic.Server.startServerDynamically(Server.java:99)
at weblogic.Server.main(Server.java:65)
at weblogic.Server.main(Server.java:55)Exception in thread "main"
java.security.NoSuchAlgorithmException: Algorithm
PBEWithSHAANDTwofish-CBC not avai
lable
at javax.crypto.SunJCE_b.a(DashoA6275)Well, you're clearly not finding BC.
Here's the deal.
I have done the following:
I have downloaded the bouncycastle for jdk 1.4 from
bouncycastle.org.I read somewhere in there that i also
had to download and change the jurisdiction.jar policy
files shpped in the jce.Ive done that too. jurisdiction.jar? Not something I've ever had to do. Are you thinking of the unlimited-strength jars? Those are local_policy and US_export_policy.jar.
I have also
pasted the .jar file bouncycastle after i jarred it
myselfYou re-jarred BC? That won't work - the jar has to be signed, or JCE complains. If you rejar it, it won't be signed correctly, and you'll get an error when JCE goes to load it.
in the jre both in j2sdk as well as C:\program
files\java\security. Providers go in lib/ext, not JAVA_HOME/security.
However, after having done all that i still keep
getting the same errorHave you added BC to the java.security file, as the second Provider? (You need to leave SunJCE as the first one) If not, and after you put the BC jarfile (untouched by you!) into lib/ext, add this code to the start of your app:Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
What am i doing wrong?Is there a complete proper site
that tells u exactly what to do as to how to add this
provider??http://java.sun.com/j2se/1.4.2/docs/guide/security/jce/JCERefGuide.html#InstallProvider
Do i perhaps need to include the bouncycastle provider
in my code as well???You can - see above. But java.security is the file to modify if you want to add it statically.
Grant -
Help! LDAPRealm and Site Server
We are going to implement security based on LDAP directory.
I must setup LDAPRealm using Site Server. According to Weblogic Service Pack 6, Sun's JNDI service provider doesn't work with Site Server (and it is not). I set-up Netscape's as was advised. The problem is that Weblogic can't find LdapContextFactory class file (which is part of Netscape's LDAPSP.jar) and LDAPRealm is not established. The same problem happens if I use Netscape directory instead of Site Server. But if I use Sun's provider and Netscape directory then LDAPRealm is established. This is how my StartWeblogic.cmd setup:
WEBLOGIC_CLASSPATH=.\license;.\classes;.\lib;.\lib\LDAPSP.jar; .\lib\ldapfilt.jar;.\lib\ldapjdk.jar;.\lib\weblogicaux.jar; .\myserver\serverclasses.
Ldapsp.jar file is in Weblogic's LIB folder along with other jar files. Weblogic sees all of them except Netscape's. I tried to put Netscape JARS in my JAVA_CLASSPATH as well. I used the same classpath to these libraries from a stand-alone client talking to directory server and it works fine.
Please help me to figure this out. Thank you, Boris
Here is a console message:
Unable to initialize server: weblogic.security.ldaprealm.LDAPException: could not get context - with nested exception: [java.lang.reflect.InvocationTargetException - with target exception: [javax.naming.NoInitialContextException: Cannot instantiate class: com.netscape.jndi.ldap.LdapContextFactory [Root exception is java.lang.ClassNotFoundException: com/netscape/jndi/ldap/LdapContextFactory ]]] fatal initialization exception weblogic.security.ldaprealm.LDAPException: could not get context - with nested exception: [java.lang.reflect.InvocationTargetException - with target exception: [javax.naming.NoInitialContextException: Cannot instantiate class: com.netscape.jndi.ldap.LdapContextFactory [Root exception is java.lang.ClassNotFoundException: com/netscape/jndi/ldap/LdapContextFactory ]]] at weblogic.security.ldaprealm.LDAPDelegate.getContext (LDAPDelegate.java:212) at weblogic.security.ldaprealm.LDAPDelegate.lookup (LDAPDelegate.java:232) at weblogic.security.ldaprealm.LDAPDelegate.search (LDAPDelegate.java:345) at weblogic.security.ldaprealm.LDAPDelegate.search(LDAPDelegate.java:354) at weblogic.security.ldaprealm.LDAPDelegate.getGroupMembers (LDAPDelegate.java:553) at weblogic.security.ldaprealm.LDAPDelegate.getGroup (LDAPDelegate.java:539) at weblogic.security.ldaprealm.LDAPDelegate.getGroup (LDAPDelegate.java:527) at weblogic.security.ldaprealm.LDAPRealm.getGroup (LDAPRealm.java:75) at weblogic.security.acl.CachingRealm.getGroup (CachingRealm.java:1420) at weblogic.security.acl.CachingRealm.getPrincipal (CachingRealm.java:1020) at weblogic.security.acl.CachingRealm.addPermission (CachingRealm.java:813) at weblogic.security.acl.CachingRealm.setupAcls (CachingRealm.java:802) at weblogic.security.acl.CachingRealm.<init> (CachingRealm.java:706) at weblogic.security.acl.CachingRealm.<init> (CachingRealm.java:564) at weblogic.t3.srvr.T3Srvr.initializeSecurity (T3Srvr.java:1750) at weblogic.t3.srvr.T3Srvr.start(T3Srvr.java:1086) at weblogic.t3.srvr.T3Srvr.main(T3Srvr.java:827) at java.lang.reflect.Method.invoke(Native Method) at weblogic.Server.startServerDynamically(Server.java:99) at weblogic.Server.main(Server.java:65) at weblogic.Server.main(Server.java:55)Please try SP 8 for WLS 5.1. I believe that it contains a new LDAP realm
implementation
that fixes a number of different problems as well as provides enhanced
scaling and
performance. It also addresses problems with using Site Server and
OpenLDAP.
Paul Patrick
"Boris" <[email protected]> wrote in message
news:[email protected]...
>
We are going to implement security based on LDAP directory.
I must setup LDAPRealm using Site Server. According to Weblogic ServicePack 6, Sun's JNDI service provider doesn't work with Site Server (and it is
not). I set-up Netscape's as was advised. The problem is that Weblogic can't
find LdapContextFactory class file (which is part of Netscape's LDAPSP.jar)
and LDAPRealm is not established. The same problem happens if I use Netscape
directory instead of Site Server. But if I use Sun's provider and Netscape
directory then LDAPRealm is established. This is how my StartWeblogic.cmd
setup:
>
WEBLOGIC_CLASSPATH=.\license;.\classes;.\lib;.\lib\LDAPSP.jar;.\lib\ldapfilt.jar;.\lib\ldapjdk.jar;.\lib\weblogicaux.jar;
.\myserver\serverclasses.
>
Ldapsp.jar file is in Weblogic's LIB folder along with other jar files.Weblogic sees all of them except Netscape's. I tried to put Netscape JARS in
my JAVA_CLASSPATH as well. I used the same classpath to these libraries from
a stand-alone client talking to directory server and it works fine.
>
Please help me to figure this out. Thank you, Boris
Here is a console message:
Unable to initialize server: weblogic.security.ldaprealm.LDAPException:could not get context - with nested exception:
[java.lang.reflect.InvocationTargetException - with target exception:
[javax.naming.NoInitialContextException: Cannot instantiate class:
com.netscape.jndi.ldap.LdapContextFactory [Root exception is
java.lang.ClassNotFoundException:
com/netscape/jndi/ldap/LdapContextFactory ]]] fatal initialization exception
weblogic.security.ldaprealm.LDAPException: could not get context - with
nested exception: [java.lang.reflect.InvocationTargetException - with target
exception: [javax.naming.NoInitialContextException: Cannot instantiate
class: com.netscape.jndi.ldap.LdapContextFactory [Root exception is
java.lang.ClassNotFoundException:
com/netscape/jndi/ldap/LdapContextFactory ]]] at
weblogic.security.ldaprealm.LDAPDelegate.getContext (LDAPDelegate.java:212)
at weblogic.security.ldaprealm.LDAPDelegate.lookup (LDAPDelegate.java:232)
at weblogic.security.ldaprealm.LDAPDelegate.search (LDAPDelegate.java:345)
at weblogic.security.ldaprealm.LDAPDelegate.search(LDAPDelegate.java:354) at
weblogic.security.ldaprealm.LDAPDelegate.getGroupMembers
(LDAPDelegate.java:553) at weblogic.security.ldaprealm.LDAPDelegate.getGroup
(LDAPDelegate.java:539) at weblogic.security.ldaprealm.LDAPDelegate.getGroup
(LDAPDelegate.java:527) at weblogic.security.ldaprealm.LDAPRealm.getGroup
(LDAPRealm.java:75) at weblogic.security.acl.CachingRealm.getGroup
(CachingRealm.java:1420) at weblogic.security.acl.CachingRealm.getPrincipal
(CachingRealm.java:1020) at weblogic.security.acl.CachingRealm.addPermission
(CachingRealm.java:813) at weblogic.security.acl.CachingRealm.setupAcls
(CachingRealm.java:802) at weblogic.security.acl.CachingRealm.<init>
(CachingRealm.java:706) at weblogic.security.acl.CachingRealm.<init>
(CachingRealm.java:564) at weblogic.t3.srvr.T3Srvr.initializeSecurity
(T3Srvr.java:1750) at weblogic.t3.srvr.T3Srvr.start(T3Srvr.java:1086) at
weblogic.t3.srvr.T3Srvr.main(T3Srvr.java:827) at
java.lang.reflect.Method.invoke(Native Method) at
weblogic.Server.startServerDynamically(Server.java:99) at
weblogic.Server.main(Server.java:65) at weblogic.Server.main(Server.java:55)
>
>
>
Maybe you are looking for
-
SR12 camera suddenly not recognised
Hi there. I have been capturing footage into FCP from my Sony SR12 without any problems....until today. It seems like FCP doesn't recognise that the camera is plugged in and connected. The camera is showing up on the mac and i can see that the files
-
How do I start remote programs?
I just got a new laptop. In the "Remote Programs" folder, I found several programs, including one I want to try. I've looked in that program's subfolder, but I couldn't find any ".exe" or ".ini" files. Is there any way to start one of these remote pr
-
Hi. The second item in the OTN News Feed titled "Web Services Development Made Easy" has an incorrect anchor definition which makes it appear as text rather than a link. To be precise there is a whitespace between the "<" and the "a". Cheers Tim...
-
Hi, I am trying to execute the below command, but getting no output. bash-3.00$ which opatch ./opatch Also, I have set PATH variable but still not getting output. Please let me know what could be the problem Regards Kumar
-
User exit for CJ20n (to check budget when create Reservation) for project
Dear All, Plz advice, is there any user exit for CJ20n(project builder) in order to check available budget when we create reservation under a network/activity for a project? Many thanks in advance.