NT Realm problem

Similar Messages

• Windows 8 - user login and Kerberos Realm problems.

  Hi,
  Just installed Windows 8 Enterprise x64 from our MDT into our production enviroment for some final testing. I have done this with both Consumer and the Release Preview just to make sure our infrastructure can support user that want to run Windows 8 (Win
  7 Enterprise will still be the default OS for our client desktops).
  The problem I reported here with the Consumer Preview
  http://social.technet.microsoft.com/Forums/en-US/W8ITProPreRel/thread/069f59be-b89c-4005-8cd2-ff5fd756825a is still alive and kicking.
  Logon after fresh reboot. (Windows 8)
  Username: XWYZ
  Password: *********
  Sign in to: "OURKERBEROSREALM.SE"
  We authenticate all our users with our Kerberos Realm and in our AD's all user passwords are random dummy placeholders, and are linked to the Kerberos realm.
  When a user lock their computer, or put it in sleep mode, they should see this at their login.
  XWYZ (their full name)
  "OURKERBEROSREALM.SE\XWYZ(their username)
  Locked
  Password: ********
  But it does not show this… it shows:
  XWYZ (their full name)
  WINDOWS DOMAIN NAME\XWYZ(their username)
  Locked
  Password: ********
  This meens that when they want to unlock their desktop, or login after sleep, it will try and authenticate their login on the domain AD and not the Kerberos realm. Howver if you choose to go back and select "other user" it defaults back to using "OURKERBEROSREALM.se"
  as "Sign in to:" domain.
  This worked flawlessly in XP, Vista and Windows 7, but not in Windows 8. Not having our Kerberos realm as default login in every scenario is kind of a bummer.

  I had some brief time looking into this, and my awesome workbuddy found that you can poke about the keys found in
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\SessionData\1
  With the LastLoggedONSAMUser and LastLoggedOnUser values I changed from from "domain"\username to "kerberosrealm"\user, and when locking my computer or restating, I now have no need to choose "other user" every time I want to login again.
  Atleast somewhere to start.

• HADB session failover & realm problem

  I have a enterprise applicaiton server cluster configured for loadbalancing and session failover.
  I installed HADB.
  HADB works, I test with the webapp from the samples of the application server:
  I add some attribute in session, I see which node executed the request, I stop the node.
  The other requesto go to the other node and the session is reloaded as it was on the stopped node.
  The problem I have is with app with realms authentication.
  I can login without problem on the first node.
  I stop the server handling the request and when switched to the other server I have to login again if I request a realm protected URL again.
  Any suggestion?
  Thanks in advance.

  Solved
  on Cluster configuration (in the tree of admin apps of application server):
  my-clu-config -->
     Availability Service -->
          Web Container Availability -->
                    Single-Sign-On State: Enabled.

• Installing LDAP realm Problem

  Hi,
  I'm trying to configure Netsacape Directory Server 4.1 to work with the
  LDAP Security Realm Update for WebLogic Server 6.1. The Weblogic Server
  is unable to connect to NDS and there is not error message to indicate
  any exception. I have connect to the NDS using a LDAP browser using the
  same principal and credential in the ldaprealm.properties file and was
  able to establish connection.
  Has anyone encountered the same problem? Any help is appreciated.
  Thank you,
  PY

  Humm,
  I have heard of different people with the same name but with the same
  email address. Strange...
  Will the person who did the posting below please email me. You've
  already have my email address.
  Han.
  "Ng, Wey-Han" <[email protected]> wrote in message news:<[email protected]>...
  Hi,
  I'm trying to configure Netsacape Directory Server 4.1 to work with the
  LDAP Security Realm Update for WebLogic Server 6.1. The Weblogic Server
  is unable to connect to NDS and there is not error message to indicate
  any exception. I have connect to the NDS using a LDAP browser using the
  same principal and credential in the ldaprealm.properties file and was
  able to establish connection.
  Has anyone encountered the same problem? Any help is appreciated.
  Thank you,
  PY

• Complicated realm problem

  Hello,
  I have to write a WebLogic realm that ist based on a backend like this
  one:
  public interface UserContainer {
  public boolean containsUser (String userName, String password);
  i.e. the backend contains a number of users, represented by
  (username,password) tuples, and one can ask the backend whether or not
  it contains a specific user.
  There is no way to get a list of all users contained in the backend
  I now wanted to map all the backend's users into a group, so I could
  uniformly apply permissions to them. However, as one can't get a list
  of the users, I can't imagine how to implement the getGroup(String
  name) method in my realm...?
  So I came up with a different solution: I map all the user entries in
  the backend to a single generic weblogic user named "GenericUser": In
  the authUserPassword(String name, String password) method of my realm,
  I query the backend whether it contains (name,password) and if so, I
  just return a new weblogic.security.acl.User("GenericUser") (else, I
  return null).
  This works so far, but there is a problem: I'm using the realm in a
  servlet-driven web application. From inside the servlet, I have to
  know the "real" name and the password of the currently authenticated
  user, i.e. the "name" and "password" values that were passed to my
  authUserPassword() method when the user was authenticated. If I call
  request.getUserPrincipal().getName() from inside the servlet, it
  returns "GenericUser" (no surprise). So I wrote a subclass
  "MappingUser" which inherits from weblogic.security.acl.User and adds
  the fields "actualName" and "actualPassword", like this:
  public class MappingUser extends weblogic.security.acl.User {
  private String mActualName;
  private String mActualPassword;
  public MappingUser (String pName, String pActualName, String pActualPassword) {
  super (pName);
  mActualName = pActualName;
  mActualPassword = pActualPassword;
  public String getActualName() {
  return mActualName;
  public String getActualPassword() {
  return mActualPassword;
  From authUserPassword(String name, String password) I now return a new
  MappingUser ("GenericUser", name,password). However: when I now call
  request.getUserPrincipal() from within my servlet, it still returns an
  object whose dynamic type is weblogic.security.acl.User . Somehow my
  MappingUser got lost on its way from authUserPasword to
  request.getUserPrincipal (obviously, it was statically copied into a
  weblogic.security.acl.User, so my subclass attributes were not
  retained).
  Could somebody shed some light please? How could I get to know the
  name and password of the currently authenticated user from within my
  servlets, given the above backend?
  I'm using WLS 5.1 .
  Thanks in advance,
  Olaf
  Olaf Klischat | Fraunhofer ISST
  Oberfeldstrasse 132 | Mollstrasse 1
  12683 Berlin, Germany | 10178 Berlin, Germany
  phone: +49 30 54986231 | mail: [email protected]

  once you've converted it its under the file of vidoera ipod converter in program files (or whereever you downloaded it) then you go to itunes, go to file press add file to library and find that program under program files, etc. then once you find the videora folder click videos and then it should work
  happy holidays

• WL6.0 LDAP Realm problems

  I'm trying out WL6.0 (eval version) LDAP realm support and having trouble
  getting it to work - basic auth just keeps popping the window up 3 times and
  then giving up. Only pertinent message in the log is:
  ####<Mar 16, 2001 12:03:21 PM EST> <Info> <Security> <FOOBAR>
  <examplesServer> <ExecuteThread: '11' for queue: 'default'> <> <> <090021>
  <Locking account, user jdoe.>
  No obvious LDAP info or errors in the log, despite adding the following two
  to the startup script cmd line and restarting the server:
  -Dweblogic.security.realm.debug=true -Dweblogic.security.ldaprealm.verbose=t
  rue
  The HTTP basic-auth dialog box is correctly showing me that I'm trying to
  authenticate to: MyLDAPRealm
  Here's the config info for MyLDAPRealm
  <LDAPRealm AuthProtocol="simple"
  Credential="myserverpasswd"
  GroupDN="o=mycompany,c=us" GroupIsContext="false" GroupNameAttribute="cn"
  GroupUsernameAttribute="uniquemember"
  LDAPURL="ldap://tug:390"
  Name="MyLDAPRealm"
  Principal="cn=myserver,ou=myserverstuff,o=mycompany,c=US"
  UserAuthentication="local"
  UserDN="o=mycompany,c=us" UserNameAttribute="uid"/>
  It's a Netscape 4.1 Directory server, and I've verified that the above
  server account exists AND can authenticate and retrieve account
  userpasswords (yes, the server account is "cn=" while the user accounts are
  "uid=" - don't ask :-)....
  I've tried both "bind" and "local" and get the same results both ways.
  Any ideas???

  Did you use the most recent ldap patch? I could not get it to work fine
  with the default wls6.0sp1, but with the ldap-patch it works fine.
  AND probably even more important... change
  <Realm FileRealm="..." Name=".....">
  to
  <Realm CachingRealm"MyCachingRealm" FileRealm="..." Name=".....">
  Hope this helps...
  Ronald
  Sushil Pulikkal wrote:
  Hi Tom,
  I am using iPlanet Directory server with WL6.0 (which I presume is supported as
  Netscape's is) and facing the same problem as Mike was i.e account locking after
  three attempts(bottom of the message). I have created my own caching realm with
  the basic realm being MyLDAPRealm.
  The log gives no info other than the one about account locking.
  My config.xml looks something like this -
  <CachingRealm BasicRealm="MyLDAPRealm" CacheCaseSensitive="true" Name="MyCachingRealm"/>
  <PasswordPolicy Name="wl_default_password_policy"/>
  <LDAPRealm AuthProtocol="simple" Credential="enslaved"
  GroupDN="ou=Aussies,dc=timerasolutions,dc=com"
  GroupUsernameAttribute="uniquemember"
  LDAPURL="ldap://DJ-SUSHILP.timerasolutions.com:389"
  Name="MyLDAPRealm"
  Principal="uid=admin, ou=Administrators,
  ou=TopologyManagement, o=NetscapeRoot"
  UserAuthentication="bind"
  UserDN="ou=Aussies,dc=timerasolutions,dc=com"
  UserNameAttribute="uid"/>
  The browser window does pop up, but the user id doesn't get authenticated. Is
  there a way to know whether WLS is actually going to the LDAP server for authentication?
  Any insight into this?
  Thanks in advance,
  Sushil
  "Tom Moreau" <[email protected]> wrote:
  Mike,
  I haven't had any trouble getting the LDAPRealm to work
  in WLS 6.0. Could it be that while you've created the LDAPRealmMBean,
  you haven't told WLS to use it?
  In other words, you can create many realm configurations then
  you need to activate the one you want. If you haven't, the
  we just use the file realm. The file realm won't be able
  to authenticate you (since you put the info in LDAP!) and
  after 3 failures, will lock out the account.
  The instructions for selecting the realm are at:
  http://e-docs.bea.com/wls/docs60/adminguide/index.html
  See:
  12. Managing Security
  Specifying a Security Realm
  Configuring the Caching Realm
  The basic idea is:
  1) create your LDAP Realm (you've already done this)
  2) create a CachingRealm
  3) set the CachingRealm's BasicRealm to your LDAP Realm
  4) set the Security Realm's CachingRealm to your Caching Realm
  5) reboot
  It's pretty easy to do this through the admin console.
  Otherwise, you can edit config.xml by hand.
  Here's how:
  <Domain>
  <Security
  Name="mydomain"
  Realm="myRealm"
  />
  <Realm
  Name="myRealm"
  FileRealm="myFileRealm"
  CachingRealm="myCachingRealm"
  />
  <FileRealm
  Name="myFileRealm"
  />
  <CachingRealm
  Name="myCachingRealm"
  BasicRealm="myLDAPRealm"
  />
  <LDAPRealm
  Name="myLDAPRealm"
  />
  -Tom
  "Mike" <[email protected]> wrote:
  BTW, before someone suggests it, I found Tom Moreau's
  suggestion to use:
  <ServerDebug Name="examplesServer" DebugSecurityRealm="true"
  />
  under the <Server> element in config.xml and restarted
  with this and still
  no additional
  info from the LDAP realm printed about why it's not working
  (nothing but the
  same
  locking account message mentioend below).
  Is the source for the LDAP realm available so I can debug
  it myself or has
  anybody
  written their own LDAP realm that they'd be willing to
  share with the group?
  Thanks again,
  ...Mike
  "Mike" <[email protected]> wrote in message
  news:[email protected]...
  Ok I've verified that the -Dweblogic.security.ldaprealm.verbose
  probably
  won't
  work with 6.0 (old 5.x and previous style property),
  but I can't figure
  out
  what
  replaced it, to figure out why the LDAP realm isn't
  working for me...
  The property mapping guide at:
  http://e-docs.bea.com/wls/docs60///////config_xml/properties.html
  shows that things like weblogic.security.ldaprealm.url
  changed to LDAPURL in config.xml (without telling
  you that this resides as an XML attribute of
  <Domain><LDAPRealm ... /></Domain> although that's
  easy enough to find by looking through the example
  LDAP realm.
  It then says that weblogic.security.ldaprealm.verbose
  has changed to "Debug" in config.xml, but doesn't
  say whether that's a "Debug" XML attribute on one
  of the XML elements in there, or whether it's an
  XML node itself, or where in the config.xml doc
  it goes... It doesn't work as an attribute of
  <LDAPRealm ...> (server won't start with it there)
  and it doesn't show up at all in the DTD for config.xml
  so I'm assuming the mapping doc at the above url is
  wrong. Anybody know what this really became in 6.0?
  I've tried setting StdoutDebugEnabled="true" in config.xml
  and turning the logging level all the way up to see
  everything, but even
  then all I
  get is the account locked message, not why it's failing
  to authenticate
  via
  LDAP...
  Any other ideas?
  "Mike" <[email protected]> wrote in message
  news:[email protected]...
  I'm trying out WL6.0 (eval version) LDAP realm support
  and having
  trouble
  getting it to work - basic auth just keeps popping
  the window up 3 times
  and
  then giving up. Only pertinent message in the log
  is:
  ####<Mar 16, 2001 12:03:21 PM EST> <Info> <Security>
  <FOOBAR>
  <examplesServer> <ExecuteThread: '11' for queue: 'default'>
  <> <>
  <090021>
  <Locking account, user jdoe.>
  No obvious LDAP info or errors in the log, despite
  adding the following
  two
  to the startup script cmd line and restarting the
  server:
  -Dweblogic.security.realm.debug=true -Dweblogic.security.ldaprealm.verbose
  =t
  rue
  The HTTP basic-auth dialog box is correctly showing
  me that I'm trying
  to
  authenticate to: MyLDAPRealm
  Here's the config info for MyLDAPRealm
  <LDAPRealm AuthProtocol="simple"
  Credential="myserverpasswd"
  GroupDN="o=mycompany,c=us" GroupIsContext="false"
  GroupNameAttribute="cn"
  GroupUsernameAttribute="uniquemember"
  LDAPURL="ldap://tug:390"
  Name="MyLDAPRealm"
  Principal="cn=myserver,ou=myserverstuff,o=mycompany,c=US"
  UserAuthentication="local"
  UserDN="o=mycompany,c=us" UserNameAttribute="uid"/>
  It's a Netscape 4.1 Directory server, and I've verified
  that the above
  server account exists AND can authenticate and retrieve
  account
  userpasswords (yes, the server account is "cn=" while
  the user accounts
  are
  "uid=" - don't ask :-)....
  I've tried both "bind" and "local" and get the same
  results both ways.
  Any ideas???

• Jaas authentication with cutom realm problem

  I'm having this problem, I have a web application made with JSF running on Sun One Application Server 9, and I made a cutom realm with Jaas so that the server will be handeling the authentication and it is working fine. The problem is that i want to load some info into the user's session after that he have been authenticated based on the username. But I have on clue how to do it. so I'll be very thanks full it anybody helped me.

  Did you resolve this problem? Please let me know. I have the same issue now and don;t know what I should be doing next

• Apache realm problems

  Hi,
  i'm running a 10.5.5 MacOsX Server , and i'm having some problems with Apache realms.
  Actually i'm running 5 sites on this machine , only one needs a Realm with Basic Auth.
  The protected folder is inside root's site (a subfolder).
  Allowed users of course are real local user created with Workgroup manager and have read/write permissions. "Everyone" has no permission.
  Anyway trying to connect to this url (www.site.com/realmfolder), an auth is requested (a classic apache one) but after login it reports an "Internal Server Error".
  Any Idea?

  Camelot wrote:
  How did you setup your realm? manually, or via Server Admin?
  This time via Server Admin, usually from Terminal.
  i'm not new on MacOsxServer , i use it since its early versions...
  Allowed users of course are real local user created with Workgroup manager and have read/write permissions. "Everyone" has no permission.
  Everyone must have no permission, otherwise apache realms doesn't make sense :-D.
  In order for Apache to serve the content you need at least read privileges for the _www user. If Apache can't read the files it can't serve them, regardless of who owns them.
  Permissions are ok i'm sure of that i'm running on this machine 6 sites without any problems.
  Problems come out upgrading from 10.5 > 10.5.5
  after login it reports an "Internal Server Error".
  What does the log say? /var/log/apache2/error_log (or /var/log/httpd/error_log if you're running Apache 1.3).
  here's some line from error log
  [Wed Dec 17 14:50:10 2008] [notice] Digest: generating secret for digest authentication ...
  [Wed Dec 17 14:50:10 2008] [notice] Digest: done
  [Wed Dec 17 14:50:10 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l PHP/5.2.5 configured -- resuming normal operations
  [Wed Dec 17 14:50:10 2008] [warn] long lost child came home! (pid 49875)

• WLS5.1 SP_9 RDBMS Realm problem

  Hi all,
  I am trying to configure the RDBMS realm examples that come with weblogic.
  I am getting an error saying the Table Users was not found.
  I created my own simple java class to check if the parameters from
  rdbmsrealm.properties are working fine, they are. Then why is weblogic not
  able to find the USERS table, where is it looking for this table.
  Any Help is highly appreciated.
  Ramesh
  Stack Trace :
  Unable to initialize server: examples.security.rdbmsrealm.RDBMSException:
  realm
  initialization failed, Connection.prepareStatement() failed on statement
  "SELECT
  U_NAME, U_PASSWORD FROM users WHERE U_NAME = ?", - with nested exception:
  [SQL Exception: Table 'USERS' does not exist.]
  fatal initialization exception
  Properties File :
  # - - - - - - ORACLE - - - - - - -
  driver=weblogic.jdbc.oci.Driver
  dbURL=jdbc:weblogic:oracle:bizpivot.india
  dbUser=ramesh
  dbPassword=******
  #getGroupNewStatement=false

  Hi all,
  Never Mind, I got it working. A couple of lines down the property lines,
  the Cloudscape URL was uncommented and hence the webloigc server was looking
  the USERS table in cloudscape instead of Oracle where I created them.
  I figured this out by modifying the LoadDDL,java and asking it to print the
  URL and other details that it read from the rdbmsldaprealm.properties file.
  Thank you all.
  Ramesh
  "ramesh" <[email protected]> wrote in message
  news:[email protected]..
  Hi all,
  I am trying to configure the RDBMS realm examples that come with weblogic.
  I am getting an error saying the Table Users was not found.
  I created my own simple java class to check if the parameters from
  rdbmsrealm.properties are working fine, they are. Then why is weblogicnot
  able to find the USERS table, where is it looking for this table.
  Any Help is highly appreciated.
  Ramesh
  Stack Trace :
  Unable to initialize server: examples.security.rdbmsrealm.RDBMSException:
  realm
  initialization failed, Connection.prepareStatement() failed on statement
  "SELECT
  U_NAME, U_PASSWORD FROM users WHERE U_NAME = ?", - with nestedexception:
  [SQL Exception: Table 'USERS' does not exist.]
  fatal initialization exception
  Properties File :
  # - - - - - - ORACLE - - - - - - -
  driver=weblogic.jdbc.oci.Driver
  dbURL=jdbc:weblogic:oracle:bizpivot.india
  dbUser=ramesh
  dbPassword=******
  #getGroupNewStatement=false

• FileRealm and Clustering

  I am in the early stages of getting the PetStore app to run in a WLS 6.0
  cluster. In general it works fine (I haven't dealt with replication yet).
  My first issues arise with creating a new user from the PetStore app. The
  first problem arose when I tried to create a new user from the app. The user
  appears to be created but the managed server output shows a stack trace. The
  new user is not created in the realm because a managed server can't update a
  realm. The Stack trace from the managed server is:
  weblogic.management.internal.RemoteRealmException: Realms cannot be managed
  by managed servers.
  at
  weblogic.management.internal.RemoteRealmManagerImpl.checkWriteAccess(RemoteR
  ealmManagerImpl.java:378)
  at
  weblogic.management.internal.RemoteRealmManagerImpl.createUser(RemoteRealmMa
  nagerImpl.java:46)
  at
  weblogic.management.configuration.RealmManager.createUser(RealmManager.java:
  58)
  at
  com.bea.estore.util.WLSecurityAdapter.addUser(WLSecurityAdapter.java:44)
  Q) How is this solved. There must be a way to create a new user from a
  managed server.
  The second issue was found trying to solve the first. I went to the console
  for the pet store admin server and manually added the user to the file
  realm. I made sure the changes were saved. None of the managed servers
  recognized the new user until they were bounced.
  Q) How do you get changes in a security realm propagated to the managed
  servers? Is this only a file realm problem?
  Thanks,
  Rick

  i thnk this should work in 61sp2.anyway will checkitout..
  "kparikh" <[email protected]> wrote in message
  news:[email protected]..
  Here is our configuration for clustered environment.
  IIS Server with Proxy-Plugin on Box 0
  Admin Server on Box 1
  ManagedServer1 on Box 1
  ManagedServer2 on Box 2
  ManagedServer1 and ManagedServer2 are part of cluster.
  Now using Admin Console if i assign a user to some 'acl'
  which changes filerealm.properties file on AdminServer.
  Which does not get reflected in my application.
  Is there a way to cluster filerealm.properties file OR to syncronize
  changes? what am i missing.
  However if i restart my cluster (ie admin and both managed server)
  then
  changes do show up in my application.
  This in not the problem in non-clustered environment. Where my changes
  to filerealm.properties immediatly shows up in my application.

• WLS 6.1 and Struts Applications

  I've been able to deploy a Struts 1.1b2 application on WLS 6.1...but only by
  altering the startweblogic.cmd file (Adding all required jar files to the
  classpath for the server - not an optimal solution by any means.)
  I have not been able to get the application working by simply dumping struts
  jar files in the application's WEB-INF\lib directory (as should be the
  case).
  So, is there any secret to making struts work under WLS 6.1 without
  resorting to editing the startweblogic.cmd file?
  Thanks.

  Oyvind,
  I believe using LDAPv2 with that release of Commerce Server is not supported.
  If you would like more information please contact BEA Support.
  Regards,
  Richard Wallace
  Senior Developer Relations Engineer
  BEA Support.
  "Oyvind" <[email protected]> wrote:
  >
  Hi,
  We have a problem with WLS 6.1 and LDAPRealm v2. Our application was
  working with
  WLS 6.0 and the LDAPRealm v2 patch. It is also working with 6.1 and LDAPRealm
  v1.
  When upgrading to WLS 6.1 we experience problems looking up user properties
  from
  LDAP. I put the same properties in the <CustomRealm> properties in config.xml
  as we had in the old ldaprealm.properties file.
  We are using WLCS 3.5 SP2, and we are looking up the user properties
  using the
  <um:getProperty> tag but it always returns null.
  Any idea what's wrong? This could be both a WLCS or a realm problem I
  guess?
  Below is the realm declaration in config.xml
  <CustomRealm
  ConfigurationData="user.dn=ou=People, o=my.com;server.principal=cn=Directory
  Manager;server.credential=adminadmin;user.filter=(&(cn=%u)(objectclass=person));group.dn=ou=Groups,
  o=my.com;group.filter=(&(cn=%g)(objectclass=groupofuniquenames));server.host=aaa.my.com;membership.filter=(&(uniquemember=%M)(objectclass=groupofuniquenames))"
  Name="LDAPRealmV2" RealmClassName="weblogic.security.ldaprealmv2.LDAPRealm"/>
  Any input is appreciated,
  Oyvind

• WLS 6.1 and WLS 6.1 Service Pack1 install clears out registry.xml

  Hi,
  Just thought I'd post this problem and solution in case others came across it.
  I installed WLS 6.1 and then the Service Pack 1 separately. The Service Pack
  1 install clears out registry.xml.
  I then tried to install WLI V2.1 and it would not let me install as it could not
  find WLS 6.1 SP1 the definition of which it gets from registry.xml. The error
  was WLS 6.1 SP1 not detected.
  To get around this I got sent a registry.xml and edited it to be my home machine.
  (Not the safest thing to do but it worked!).
  I think if you download WLS 6.1 and SP1 and install as one rather than separately
  this does not happen.
  Regards,
  Kathryn

  Oyvind,
  I believe using LDAPv2 with that release of Commerce Server is not supported.
  If you would like more information please contact BEA Support.
  Regards,
  Richard Wallace
  Senior Developer Relations Engineer
  BEA Support.
  "Oyvind" <[email protected]> wrote:
  >
  Hi,
  We have a problem with WLS 6.1 and LDAPRealm v2. Our application was
  working with
  WLS 6.0 and the LDAPRealm v2 patch. It is also working with 6.1 and LDAPRealm
  v1.
  When upgrading to WLS 6.1 we experience problems looking up user properties
  from
  LDAP. I put the same properties in the <CustomRealm> properties in config.xml
  as we had in the old ldaprealm.properties file.
  We are using WLCS 3.5 SP2, and we are looking up the user properties
  using the
  <um:getProperty> tag but it always returns null.
  Any idea what's wrong? This could be both a WLCS or a realm problem I
  guess?
  Below is the realm declaration in config.xml
  <CustomRealm
  ConfigurationData="user.dn=ou=People, o=my.com;server.principal=cn=Directory
  Manager;server.credential=adminadmin;user.filter=(&(cn=%u)(objectclass=person));group.dn=ou=Groups,
  o=my.com;group.filter=(&(cn=%g)(objectclass=groupofuniquenames));server.host=aaa.my.com;membership.filter=(&(uniquemember=%M)(objectclass=groupofuniquenames))"
  Name="LDAPRealmV2" RealmClassName="weblogic.security.ldaprealmv2.LDAPRealm"/>
  Any input is appreciated,
  Oyvind

• I have a problem with JDBC Realm in Tomcat/Oracle/Win XP

  I have a problem with JDBC Realm in Tomcat.
  I have attached my server.xml file located in the
  C:\Program Files\Apache Software Foundation\Tomcat 5.5\conf\server.xml
  The Problem is that when I login I get the user name and password prompt but it does not resolve.
  When I enter in the tomcat-users.xml password with memory realm uncommented it works fine.
  C:\Program Files\Apache Software Foundation\Tomcat 5.5\conf\tomcat-users.xml
  Is there a cache or something I need to reset for the JDBC Realm to work?
  I have attached my tables and contents as well...
  Did I miss something????
  Thanks
  Phil
  server.xml
  <Server port="8005" shutdown="SHUTDOWN">
  <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" />
  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
  <Listener className="org.apache.catalina.storeconfig.StoreConfigLifecycleListener"/>
  <!-- Global JNDI resources -->
  <GlobalNamingResources>
  <!-- Test entry for demonstration purposes -->
  <Environment name="simpleValue" type="java.lang.Integer" value="30"/>
  </GlobalNamingResources>
  <!-- Define the Tomcat Stand-Alone Service -->
  <Service name="Catalina">
  <!-- Define a non-SSL HTTP/1.1 Connector on port 8080 -->
  <Connector
  port="8080" maxHttpHeaderSize="8192"
  maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
  enableLookups="false" redirectPort="8443" acceptCount="100"
  connectionTimeout="20000" disableUploadTimeout="true" />
  <!-- Define an AJP 1.3 Connector on port 8009 -->
  <Connector port="8009"
  enableLookups="false" redirectPort="8443" protocol="AJP/1.3" />
  <!-- Define the top level container in our container hierarchy -->
  <Engine name="Catalina" defaultHost="localhost">
  <!--
  <Realm className="org.apache.catalina.realm.MemoryRealm" />
  -->
  <Realm className="org.apache.catalina.realm.JDBCRealm"
  driverName="oracle.jdbc.driver.OracleDriver"
  connectionURL="jdbc:oracle:thin:@localhost:1521:orcl"
  connectionName="testName" connectionPassword="testPass"
  userTable="users"
  userNameCol="user_name"
  userCredCol="user_pass"
  userRoleTable="user_roles"
  roleNameCol="role_name" />
  <!-- Define the default virtual host
  Note: XML Schema validation will not work with Xerces 2.2.
  -->
  <Host name="localhost" appBase="webapps"
  unpackWARs="true" autoDeploy="true"
  xmlValidation="false" xmlNamespaceAware="false">
  </Host>
  </Engine>
  </Service>
  </Server>
  Tables
  create table users
  user_name varchar(15) not null primary key,
  user_pass varchar(15) not null
  create table roles
  role_name varchar(15) not null primary key
  create table user_roles
  user_name varchar(15) not null,
  role_name varchar(15) not null,
  primary key( user_name, role_name )
  select * from users;
  ----------------------+
  | user_name | user_pass |
  ----------------------+
  | tomcat | tomcat |
  | user1 | tomcat |
  | user2 | tomcat |
  | user3 | tomcat |
  ----------------------+
  select * from roles;
  | role_name |
  | tomcat |
  | role1 |
  select * from user_roles;
  -----------------------+
  | role_name | user_name |
  -----------------------+
  | tomcat | user1 |
  | role1 | user2 |
  | tomcat | tomcat |
  | role1 | tomcat |
  -----------------------+

  Jan 2, 2008 11:49:35 AM org.apache.coyote.http11.Http11Protocol init
  INFO: Initializing Coyote HTTP/1.1 on http-8080
  Jan 2, 2008 11:49:35 AM org.apache.catalina.startup.Catalina load
  INFO: Initialization processed in 734 ms
  Jan 2, 2008 11:49:35 AM org.apache.catalina.core.StandardService start
  INFO: Starting service Catalina
  Jan 2, 2008 11:49:35 AM org.apache.catalina.core.StandardEngine start
  INFO: Starting Servlet Engine: Apache Tomcat/5.5.9
  Jan 2, 2008 11:49:35 AM org.apache.catalina.realm.JDBCRealm start
  SEVERE: Exception opening database connection
  java.sql.SQLException: oracle.jdbc.driver.OracleDriver
       at org.apache.catalina.realm.JDBCRealm.open(JDBCRealm.java:684)
       at org.apache.catalina.realm.JDBCRealm.start(JDBCRealm.java:758)
       at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1004)
       at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:442)
       at org.apache.catalina.core.StandardService.start(StandardService.java:450)
       at org.apache.catalina.core.StandardServer.start(StandardServer.java:683)
       at org.apache.catalina.startup.Catalina.start(Catalina.java:537)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:585)
       at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:271)
       at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:409)
  Jan 2, 2008 11:49:35 AM org.apache.catalina.core.StandardHost start
  INFO: XML validation disabled
  Jan 2, 2008 11:49:36 AM org.apache.catalina.core.StandardContext resourcesStart

• URGENT HELP NEEDED ... Tomcat Realm and JRE1.4 plug-in problem

  I have tried the Security Realm of Tomcat. Since I do not have
  an LDAP server, I decided to use the Tomcat-users.xml file in
  Tomcat\conf directory.
  I added the following lines of code in the web.xml file.
  <security-constraint>
  <web-resource-collection>
  <web-resource-name>Entire Application</web-resource-name>
  <url-pattern>/*</url-pattern>
  </web-resource-collection>
  <auth-constraint>
  <!-- NOTE: This role is not present in the default users file -->
  <role-name>webviewer</role-name>
  </auth-constraint>
  </security-constraint>
  <login-config>
  <auth-method>BASIC</auth-method>
  <realm-name>Tomcat Manager Application</realm-name>
  </login-config>
  The <role-name> "webviewer" is added into "Tomcat-Users.xml" as the following:
  <tomcat-users>
  <user name="test" password="password" roles="webviewer" />
  </tomcat-users>
  So, now when we type the url: http://localhost:8080/adbpdbre/default.htm, TOMCAT shows a dialog box asking for UserName: and Password:Now, only when we give the username and password, it shows the page. This is exactly what we want.
  But the problem now is, this default.htm page, has 5 links to 5 applets. The first time that I click on one of these links, the JRE plug of 1.4 shows a dialog again asking for the username and password. Till I dont provide the username and password the system doesnt go ahead and applet doesnt load. I do not want the JRE to ask me for the username/passwords again..How to avoid this ?
  Can you give me some more information on this. Ultimately in the production usage, we will be using LDAP and not Tomcat's memory realm.
  URGENT HELP NEEDED ... I need to get back to my client on this.
  Help would be v. much appreciated.

  In the config file, you 're essentially saying that you want Tomcat to prompt for usr/passw on every request (url-pattern = /*) made by a 'webviewer', and that's exactly what Tomcat is doing.
  Consider using specific url-patterns & roles for resources to be protected. If for now, all you need is to protect the first page, use a more specific url-pattern.
  Just an advice : if you'll be using LDAP in production, do not waste time with Tomcat's Security Realm and the BASIC authentication type, since the two have not much in common. Start reading doc on LDAP, and code a prototype, or even better, a vertical slice of the app (i.e a proof of concept).

• SecurityException due to problems with realm

  Hi,
  we try to run our web application (developed and successfully deployed under WebLogic5.1)
  on the WebLogic6.0.
  After transforming the weblogic.properties file followed by adjusting the new
  config.xml and copying the necessary
  classes, *.jar, *.jsp, etc. files into the appropreate directories we unfortunately
  get following error message
  when trying to start the server:
  Starting WebLogic Server ....
  <25.06.2001 11:13:14 GMT+02:00> <Notice> <Management> <Loading configuration file
  .\config\benchbase\config.xml ...>
  <25.06.2001 11:13:18 GMT+02:00> <Info> <Logging> <Only log messages of severity
  "Error" or worse will be displayed in this window. This can be changed at Admin
  Console> benchbase> Servers> benchbaseServer> Logging> Debugging> Stdout severity
  threshold>
  <25.06.2001 11:13:21 GMT+02:00> <Emergency> <Server> <Unable to initialize the
  server: 'Fatal initialization exception
  Throwable: java.lang.SecurityException: Authentication for user system denied
  in realm weblogic
  java.lang.SecurityException: Authentication for user system denied in realm weblogic
  at weblogic.security.acl.Realm.authenticate(Realm.java:209)
  at weblogic.security.acl.Realm.getAuthenticatedName(Realm.java:229)
  at weblogic.security.acl.internal.Security.authenticate(Security.java:113)
  at weblogic.security.SecurityService.initializeSuid(SecurityService.java:293)
  at weblogic.security.SecurityService.initialize(SecurityService.java:123)
  at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:343)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
  at weblogic.Server.main(Server.java:35)
  '>
  The WebLogic Server did not start up properly.
  Exception raised: java.lang.SecurityException: Authentication for user system
  denied in realm weblogic
  java.lang.SecurityException: Authentication for user system denied in realm weblogic
  at weblogic.security.acl.Realm.authenticate(Realm.java:209)
  at weblogic.security.acl.Realm.getAuthenticatedName(Realm.java:229)
  at weblogic.security.acl.internal.Security.authenticate(Security.java:113)
  at weblogic.security.SecurityService.initializeSuid(SecurityService.java:293)
  at weblogic.security.SecurityService.initialize(SecurityService.java:123)
  at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:343)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
  at weblogic.Server.main(Server.java:35)
  Reason: Fatal initialization exception
  In config.xml we've done (among others) following entries:
  <Security
  GuestDisabled="false"
  Name="benchbase"
  PasswordPolicy="mypasswordpolicy"
  Realm="myRealm"
  SystemUser="system"
  ConnectionFilter=""
  />
  <Realm
  Name="myRealm"
  CachingRealm="myCachingRealm"
  />
  <FileRealm
  Name="myFileRealm"
  />
  <CustomRealm
  Name="myCustomRealmPPA"
  RealmClassName="com.ppaworld.benchbase.ejb.eb.user.PpaRealm"
  />
  <CachingRealm
  ACLCacheEnable="true"
  AuthenticationCacheEnable="true"
  CacheCaseSensitive="true"
  GroupCacheEnable="true"
  Name="myCachingRealm"
  PermissionCacheEnable="true"
  UserCacheEnable="true"
  BasicRealm="myCustomRealmPPA"
  />
  <ShutdownClass
  ClassName="com.ppaworld.benchbase.ejb.eb.user.RealmShutdown"
  Name="disablePpaRealm"
  Targets="benchbaseServer"
  />
  <StartupClass
  ClassName="com.ppaworld.benchbase.ejb.eb.user.RealmStartup"
  Name="enablePpaRealm"
  Targets="benchbaseServer"
  />
  Do you know what can be done in order to solve our problem? Thanks a lot in advance.
  Best regards
  Elena

  On 25 Jun 2001 03:08:36 -0800, "Elena Kolodizki" <[email protected]>
  wrote:
  >
  Hi,
  we try to run our web application (developed and successfully deployed under WebLogic5.1)
  on the WebLogic6.0.
  After transforming the weblogic.properties file followed by adjusting the new
  config.xml and copying the necessary
  classes, *.jar, *.jsp, etc. files into the appropreate directories we unfortunately
  get following error message
  when trying to start the server:
  Starting WebLogic Server ....
  <25.06.2001 11:13:14 GMT+02:00> <Notice> <Management> <Loading configuration file
  \config\benchbase\config.xml ...>
  <25.06.2001 11:13:18 GMT+02:00> <Info> <Logging> <Only log messages of severity
  "Error" or worse will be displayed in this window. This can be changed at Admin
  Console> benchbase> Servers> benchbaseServer> Logging> Debugging> Stdout severity
  threshold>
  <25.06.2001 11:13:21 GMT+02:00> <Emergency> <Server> <Unable to initialize the
  server: 'Fatal initialization exception
  Throwable: java.lang.SecurityException: Authentication for user system denied
  in realm weblogic
  java.lang.SecurityException: Authentication for user system denied in realm weblogic
  at weblogic.security.acl.Realm.authenticate(Realm.java:209)
  at weblogic.security.acl.Realm.getAuthenticatedName(Realm.java:229)
  at weblogic.security.acl.internal.Security.authenticate(Security.java:113)
  at weblogic.security.SecurityService.initializeSuid(SecurityService.java:293)
  at weblogic.security.SecurityService.initialize(SecurityService.java:123)
  at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:343)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
  at weblogic.Server.main(Server.java:35)
  Do you know what can be done in order to solve our problem? Thanks a lot in advance.
  Best regards
  ElenaYou'll have to supply password when starting WebLogic. See
  http://e-docs.bea.com/wls/docs60/adminguide/startstop.html#1031706