Open LDAP Authenticator Configuration on WLSSP5

Similar Messages

• Open LDAP Authentication in SAPNW 7.0 AS ABAP ( Linux)

  Hello ! I need your help please.
  I need to authenticate the SAP Users in a SAPNW 7.0 AS ABAP in Linux  With an existing LDAP Directory (OPENLDAP).
  I Dont have any Windows Active Directory in the infraesctructure. 
  The front end is Windows Xp with SAPGUI7.10 for Windows.
  I know that is is possible to have a LDAP Directory as user data source but only in UME.
  I check this options:
  The Pluggable  Authentication Services ,requires the availability of Sap Web application Server or lower, since PAS interface is not supported any more by the SAP application Server from SAP NW 2004 and UP.
  Java Authentication and Authorization Service ( JAAS ) is not possible because i Need a Sap Netweaver Application Server Java.
  ¿ What options do I have , i am a bit confused ?
  Thanks in advance.

  Gabriel,
  If you want to logon via SAP GUI using any method of authentication which is not the normal userid+password logon via SAP GUI logon screen, then you need to use the SNC-interface which is included in SAP GUI and SAP ABAP AS. If you use SNC, then you need a cryptographic library which allows you to authenticate outside of SAP, then the credentials obtained are used to establish a security context for authentication purposes. The problem is that LDAP protocol is not a secure method of authentication. I therefore doubt you will find any LDAP authentication solution that works with SNC, mostly because it is not technical practical or even possible to code such an authentication method.
  For web logon to SAP ABAP, if you cannot use the standard methods included in ABAP engine, you need to use the JAAS custom login modules, which (as you indicated) will require a J2EE engine to be setup in your landscape, and use to authetnicate users to ABAP applications via a browser redirect.
  I am intersted how your XP wrokstation users logon to their workstation without Active Directory ? Are they using local accounts, and no domain is used, or are you using Novell as your domain for user authentication ?
  Thanks,
  Tim

• How to create a configuration file for open ldap.

  hi,
  I have installed open ldap on my machine. Now I want to configure it to NetWeaver.
  For this, I started configuration through configtool utility of NetWeaver. While configuring, we need to select or upload configuration file. But now as it is open ldap we need to write our own config file.
  I tried it by selecting dataSourceConfiguration_ads_deep_readonly_db.xml  as a configuratio file. it shows successful test connection but the user which  I have created is not appearing in UME store.
  Does any body having solution for this?
  I am trying to solve this problem from two days. I really appriciate one who will sove this problem

  Well the configuration file you chose does not allow users created in NetWeaver to be created in the LDAP.  That's why it's a "readonly" configuration.  I would guess that you need a custom configuration file specifically for open ldap.
  This should help get you started on a custom configuration file:
  http://help.sap.com/saphelp_nw2004s/helpdata/en/b7/14d43f2dd44821e10000000a1550b0/frameset.htm
  Then again, if the only problem with the .XML file you chose is that you can't write to the LDAP, give the dataSourceConfiguration_ads_writeable_db.xml configuration file a shot.

• Configuring Oracle 9iAS for LDAP Authentication

  I have installed OID Server on my PC. Now I want to switch my Login Server to External LDAP Authentication mode. For that I run the script ssoldap.sql passing the host, port, search base, etc.. from my login server schema (portal30_sso) The script throws me the following error :
  " Bind variable "CN" not declared ".
  I even compile the package ssoxldap.pkb before that. But still this error persists.
  tnsnames.ora and listener.ora files are fine and the tnsping to the external procedure is also working properly.
  Can anyone help me in this.

  I got that problem solved. Its little bit funny solution. Instead of running the sql file using the File->open->ssoldap.sql, we should directly write the whole path i.e. @d:\oracle9i\portal30\admin\plsql\sso\ssoldap.sql
  And secondly, I also found one small change related to the installation manual. Its related to Adding entries to the LDAP Server. the manual shows this syntax:
  ldapadd -h i3dt111 -p 389 -D 'cn=orcladmin'
  -w welcome -f d:\oracle\admin\phd\udump\users.ldif
  but instead we shoud write this:
  ldapadd -h i3dt111 -p 389 -D cn=orcladmin
  -w welcome -f d:\oracle\admin\phd\udump\users.ldif
  . Just remove the single quotes in the username string.
  Anyways, thanks for your suggestions.
  null

• Configuring LDAP authentication

  I've configured my weblogic 6.0 server to use LDAP authentication. The LDAP server
  is NDS.
  Using the wl console, I can see users and groups from the LDAP server.
  I then added security constraints to my war file (in web.xml and weblogic.xml
  (see attached)
  When I try and access my web from the browser, I get challenged and the userid/pwd
  is not accepted and eventually fails.
  How do I figure out what is going wrong ? There are no diagnostics :(
  Regards,
  Mike
  [security_constraints.txt]

  Adding wls60sp1_ldap.zip to the classpath made no difference at all.
  How do I figure out what is goping on ?
  The access logs on the LDAP server suggest that part is working but the authentication
  still fails.
  "Ilango Maragathavannan" <[email protected]> wrote:
  >
  Veena,
  It is available in the download center in the site as an upgrade
  patch.
  Ilango
  "veena" <[email protected]> wrote:
  hi Ilango,
  I have wl6.0 sp1. and I cannot find the jar that you are talkingabout.
  I also downloaded the sp1 from bea and installed it and tried to find
  the
  jar file, but did not find any. Could you send it to me or post itattached
  to this post.
  Can anyone from bea point me to a document containing all the jars
  that
  are supposed to exist in you bea lib directory.
  Thanks for your help.
  Veena.
  "Ilango Maragathavannan" <[email protected]> wrote in message
  news:3af85c30$[email protected]..
  Check if you have the file wls60sp1_ldap.jar in the classpath in thestartup script.
  This file comes with the service pack 1
  Ilango
  "Mike Westaway" <[email protected]> wrote:
  I've configured my weblogic 6.0 server to use LDAP authentication.
  The
  LDAP server
  is NDS.
  Using the wl console, I can see users and groups from the LDAP server.
  I then added security constraints to my war file (in web.xml andweblogic.xml
  (see attached)
  When I try and access my web from the browser, I get challenged andthe
  userid/pwd
  is not accepted and eventually fails.
  How do I figure out what is going wrong ? There are no diagnostics:(
  Regards,
  Mike

• Troubleshoot ldap-ISR configuration

  Hello
  i am testing ScanSafe features and was setup a ISR (C2900 Software (C2900-UNIVERSALK9-M), Version 15.2(2)T) to use ldap authentication to AD following http://www.cisco.com/en/US/docs/security/web_security/ISR_SS/ISR_ScanSafe_SolutionGuide.pdf.
  Unfortunatelly when user try to access the Internet any credentials i typed in do not work.
  Below is debug ldap all output from the ISR:
  Oct  1 20:28:43.160: LDAP: Received timer event
  Oct  1 20:28:43.160: LDAP: Connection timeout occured. Retrying
  Oct  1 20:28:43.160: LDAP: Opening ldap connection ( 10.1.1.1, 3268 )ldap_open
  ldap_init libldap 4.5 18-FEB-2000
  open_ldap_connection
  ldap_connect_to_host: 10.1.1.1:3268
  Oct  1 20:28:43.160: LDAP: socket 1 - connecting to 10.1.1.1 (3268)
  Oct  1 20:28:43.160: LDAP: socket 1 - connection in progress
  Oct  1 20:28:43.160: LDAP: socket 1 - local address 10.3.206.33 (54052)
  Oct  1 20:28:43.160: LDAP: Connection on socket 1
  Oct  1 20:28:43.160: LDAP: Connection to LDAP server (CDC02.domain.net, 10.19.146.14) attempted
  Oct  1 20:28:43.160: LDAP: Connection state: DOWN => CONNECTING
  Oct  1 20:28:43.176: LDAP: Received socket event
  Oct  1 20:28:43.176: LDAP: Checking the conn status
  Oct  1 20:28:43.176: LDAP: Socket read event socket=1
  Oct  1 20:28:43.176: LDAP: Found socket ctx
  Oct  1 20:28:43.176: LDAP: ldap tcp transport closing on socket 1
  Oct  1 20:28:43.176: LDAP: Protocol received transport down notification
  Oct  1 20:28:43.176: LDAP: Server-CDC02.domain.net connection going down !!!
  Oct  1 20:28:43.176: LDAP: Clearing all ldap transactions
  Oct  1 20:28:43.176: LDAP: Connection state: CONNECTING => DOWN
  Oct  1 20:28:43.176: LDAP: Connection state: DOWN => DOWN
  Oct  1 20:28:43.176: LDAP: Connection timer started for 30 seconds for CDC02.domain.netldap_unbind
  ldap_free_connection lc=0x2CAFBEF0
  ldap_free_connection: actually freed
  Oct  1 20:28:43.180: LDAP: socket 1 - CONN_WAIT->CONN_CLOSE
  Oct  1 20:28:43.180: LDAP: Received socket event
  Oct  1 20:29:13.176: LDAP: Received timer event
  Oct  1 20:29:13.176: LDAP: Connection timeout occured. Retrying
  Oct  1 20:29:13.176: LDAP: Opening ldap connection ( 10.1.1.1, 3268 )ldap_open
  ldap_init libldap 4.5 18-FEB-2000
  open_ldap_connection
  ldap_connect_to_host: 10.1.1.1:3268
  Oct  1 20:29:13.176: LDAP: socket 1 - connecting to 10.19.146.14 (3268)
  Oct  1 20:29:13.176: LDAP: socket 1 - connection in progress
  Oct  1 20:29:13.176: LDAP: socket 1 - local address 10.3.206.33 (48488)
  Oct  1 20:29:13.176: LDAP: Connection on socket 1
  Oct  1 20:29:13.176: LDAP: Connection to LDAP server (CDC02.domain.net, 10.19.146.14) attempted
  Oct  1 20:29:13.176: LDAP: Connection state: DOWN => CONNECTING
  Oct  1 20:29:13.192: LDAP: Received socket event
  Oct  1 20:29:13.192: LDAP: Checking the conn status
  Oct  1 20:29:13.192: LDAP: Socket read event socket=1
  Oct  1 20:29:13.192: LDAP: Found socket ctx
  Oct  1 20:29:13.192: LDAP: ldap tcp transport closing on socket 1
  Oct  1 20:29:13.192: LDAP: Protocol received transport down notification
  Oct  1 20:29:13.192: LDAP: Server-CDC02.domain.net connection going down !!!
  Oct  1 20:29:13.192: LDAP: Clearing all ldap transactions
  Oct  1 20:29:13.192: LDAP: Connection state: CONNECTING => DOWN
  Oct  1 20:29:13.192: LDAP: Connection state: DOWN => DOWN
  Oct  1 20:29:13.192: LDAP: Connection timer started for 30 seconds for CDC02.domain.netldap_unbind
  ldap_free_connection lc=0x2CAFBEF0
  ldap_free_connection: actually freed
  from the router i do have connectivity to AD controller configured in ISR config (ping works) and there is no firewall that will prevent ldap traffic.
  Any good troubleshooting ideas that will help getting this setup running?

  I have a similar problem as well with Scansafe, on a 3945 ISR with IOS 15 (C3900-UNIVERSALK9-M). LDAP binding to the LDAP Server when authenticating any domain user, except for the default Scansafe Bind Root-DN user, is failing. Which I believe could also be your problem, unless, from the logs you presented, it appears as connection to the LDAP Server itself is failing; post your LDAP configuration.
  Try running:
  # sh ldap server all   (to see if any LDAP server exists)
  Try testing the Scansafe AAA LDAP server via:
  # test aaa group new-code
  In my case, testing any user's sAMaccount name, is failing, and it defaults to the default usergroup.
  My config is exactly as the link you posted and I am using NTLM PASSIVE AUTHENTICATION.
  In that PDF, there is this paragraph that describes exactly what is happening to my Scansafe.
  Configuring a Default User Group
  You can configure a default user group to assign to each client when the ISR cannot determine the
  credentials for a user. Define a default user group using the following CLI command:
  [no] user-group default
  The ISR uses the default user group name here to iden
  tify all clients connected to a specific interface on
  the ISR when it cannot determine the user’s credenti
  als. You might want to define a default user group
  so that all traffic redirected to
  the ScanSafe proxy servers are assigned a user group so particular
  ScanSafe policies can be applied a
  ppropriately. For example, you might want to create a default user
  group for guest users on the wireless network.
  Only one user group can be defined per interface.
  Here is what my logs show regarding LDAP BINDING OPERATION, from # debug ldap all:
  -- Testing with jltestuser (this is just any random user, as all users are failing anyway)
  barra-gate#
  barra-gate#
  051646: Aug 23 23:10:34.983 BRST: LDAP: LDAP: Queuing AAA request 0 for processing
  051647: Aug 23 23:10:34.983 BRST: LDAP: Received queue event, new AAA request
  051648: Aug 23 23:10:34.983 BRST: LDAP: LDAP authentication request
  051649: Aug 23 23:10:34.983 BRST: LDAP: Invalid hash index 512, nothing to remove
  051650: Aug 23 23:10:34.983 BRST: LDAP: New LDAP request
  051651: Aug 23 23:10:34.983 BRST: LDAP: Attempting first  next available LDAP server
  051652: Aug 23 23:10:34.983 BRST: LDAP: Got next LDAP server :
  051653: Aug 23 23:10:34.983 BRST: LDAP: First Task: Send bind req
  051654: Aug 23 23:10:34.983 BRST: LDAP: Authentication policy: bind-first
  051655: Aug 23 23:10:34.983 BRST: LDAP: Bind: User-DN=cn=jltestuser,CN=Users,DC=,DC=,DC=com ldap_req_encode
  Doing socket write
  051656: Aug 23 23:10:34.983 BRST: LDAP:  LDAP bind request sent successfully (reqid=92)
  051657: Aug 23 23:10:34.983 BRST: LDAP: Sent transit request to server
  051658: Aug 23 23:10:34.983 BRST: LDAP: LDAP request successfully processed
  051659: Aug 23 23:10:35.539 BRST: LDAP: Received socket event
  051660: Aug 23 23:10:35.539 BRST: LDAP: Process socket event for socket = 0
  051661: Aug 23 23:10:35.539 BRST: LDAP: Conn Status = 4
  051662: Aug 23 23:10:35.539 BRST: LDAP: Non-TLS read event on socket 0
  051663: Aug 23 23:10:35.539 BRST: LDAP: Found socket ctx
  051664: Aug 23 23:10:35.539 BRST: LDAP: Receive event: read=1, errno=11 (Resource temporarily unavailable)
  051665: Aug 23 23:10:35.539 BRST: LDAP: Passing the client ctx=1855243Cldap_result
  wait4msg (timeout 0 sec, 1 usec)
  ldap_select_fd_wait (select)
  ldap_read_activity lc 0x1AADABD8
  Doing socket read
  LDAP-TCP:Bytes read = 110
  ldap_match_request succeeded for msgid 7 h 0
  changing lr 0x11A14BFC to COMPLETE as no continuations
  removing request 0x11A14BFC from list as lm 0x1AAB8494 all 0
  ldap_msgfree
  ldap_msgfree
  051666: Aug 23 23:10:35.539 BRST: LDAP: LDAP Messages to be processed: 1
  051667: Aug 23 23:10:35.539 BRST: LDAP: LDAP Message type: 97
  051668: Aug 23 23:10:35.539 BRST: LDAP: Got ldap transaction context from reqid 92ldap_parse_result
  051669: Aug 23 23:10:35.539 BRST: LDAP: resultCode:    49     (Invalid credentials)
  051670: Aug 23 23:10:35.539 BRST: LDAP: Received Bind Responseldap_parse_result
  ldap_err2string
  051671: Aug 23 23:10:35.539 BRST: LDAP: Ldap Result Msg: FAILED:Invalid credentials, Result code =49
  051672: Aug 23 23:10:35.539 BRST: LDAP: LDAP Bind operation result : failed  <<<<<<<<<<-----------------------LOOK!!!!!
  051673: Aug 23 23:10:35.539 BRST: LDAP: Connection 0 already exist for reuseldap_msgfree
  051674: Aug 23 23:10:35.539 BRST: LDAP: Closing transaction and reporting error to AAA
  051675: Aug 23 23:10:35.539 BRST: LDAP: Transaction context removed from list [ldap reqid=92]
  051676: Aug 23 23:10:35.539 BRST: LDAP: Notifying AAA: REQUEST FAILED
  051677: Aug 23 23:10:35.539 BRST: LDAP: Received socket event
  --- Testing with the scansafe assigned user that binds to the Bind DN. This is the only user that succeeds authentication!!!!
  barra-gate#
  barra-gate#
  barra-gate#
  051684: Aug 23 23:13:57.664 BRST: LDAP: LDAP: Queuing AAA request 0 for processing
  051685: Aug 23 23:13:57.664 BRST: LDAP: Received queue event, new AAA request
  051686: Aug 23 23:13:57.664 BRST: LDAP: LDAP authentication request
  051687: Aug 23 23:13:57.664 BRST: LDAP: Invalid hash index 512, nothing to remove
  051688: Aug 23 23:13:57.664 BRST: LDAP: New LDAP request
  051689: Aug 23 23:13:57.664 BRST: LDAP: Attempting first  next available LDAP server
  051690: Aug 23 23:13:57.664 BRST: LDAP: Got next LDAP server :
  051691: Aug 23 23:13:57.664 BRST: LDAP: First Task: Send bind req
  051692: Aug 23 23:13:57.664 BRST: LDAP: Authentication policy: bind-first
  051693: Aug 23 23:13:57.664 BRST: LDAP: Bind: User-DN=cn=,CN=Users,DC=,,DC=comldap_req_encode
  Doing socket write
  051694: Aug 23 23:13:57.664 BRST: LDAP:  LDAP bind request sent successfully (reqid=93)
  051695: Aug 23 23:13:57.664 BRST: LDAP: Sent transit request to server
  051696: Aug 23 23:13:57.664 BRST: LDAP: LDAP request successfully processed
  051697: Aug 23 23:13:58.164 BRST: LDAP: Received socket event
  051698: Aug 23 23:13:58.164 BRST: LDAP: Process socket event for socket = 0
  051699: Aug 23 23:13:58.164 BRST: LDAP: Conn Status = 4
  051700: Aug 23 23:13:58.164 BRST: LDAP: Non-TLS read event on socket 0
  051701: Aug 23 23:13:58.164 BRST: LDAP: Found socket ctx
  051702: Aug 23 23:13:58.164 BRST: LDAP: Receive event: read=1, errno=11 (Resource temporarily unavailable)
  051703: Aug 23 23:13:58.164 BRST: LDAP: Passing the client ctx=1855243Cldap_result
  wait4msg (timeout 0 sec, 1 usec)
  ldap_select_fd_wait (select)
  ldap_read_activity lc 0x1AADABD8
  Doing socket read
  LDAP-TCP:Bytes read = 22
  ldap_match_request succeeded for msgid 8 h 0
  changing lr 0x11A14BFC to COMPLETE as no continuations
  removing request 0x11A14BFC from list as lm 0x1AAB9D14 all 0
  ldap_msgfree
  ldap_msgfree
  051704: Aug 23 23:13:58.164 BRST: LDAP: LDAP Messages to be processed: 1
  051705: Aug 23 23:13:58.164 BRST: LDAP: LDAP Message type: 97
  051706: Aug 23 23:13:58.164 BRST: LDAP: Got ldap transaction context from reqid 93ldap_parse_result
  051707: Aug 23 23:13:58.164 BRST: LDAP: resultCode:    0     (Success)
  051708: Aug 23 23:13:58.168 BRST: LDAP: Received Bind Responseldap_parse_result
  051709: Aug 23 23:13:58.168 BRST: LDAP: Ldap Result Msg: SUCCESS, Result code =0
  051710: Aug 23 23:13:58.168 BRST: LDAP: LDAP Bind successful for DN:cn=CN=Users,DC=,DC=,DC=com
  Now, what does this problem affect? I cannot enforce the application of filters from the Scansafe site to specific user groups. Users can use the internet under the default usergroup. Everyone defaults to the default filter. I have a filter established for say Purchasing, allowing them extra leeway on what they can view, but the members of that group cannot authenticate, and thus their filter is not applied.
  Application of filters is essential to Scansafe, without them, it defeats the purpose.
  I appreciate all the help I can get on this.

• Open Ldap problem

  Hi all,
  I have to use OpenLdap with weblogic.I have gown through the documents for creating the Authentication provider.
  I created with one authentication provider for openLdap in the weblogic default realm and i configured it for openLdap. I am able to see the groups and users in my portal now.
  I have created a new portal using the portal administration for sample portal application which comes with weblogic and set the entitlements on the portal and desktops and portlets.
  When i access the portal with the Users in my openLdap i am not able to login.
  I am confused, Is there any thing else i need to do in order to allow the users in the openLdap to access the portal application.
  Please guide me.
  Thanks,
  Milind

  Hi Ravin,
  I am not sure which version of Portal you are using.
  for version Weblogic portal 9.2 i have used these parameters for Open Ldap Provider.
  Group Base DN:ou=groups, dc=example, dc=com
  Group base DN values will be based on the Structure you have created in your LDAP.
  User Base DN:ou=people, dc=example, dc=com
  Userbase DN values will be based on the structure you have crated in your LDAP.
  Host:The host where your LDAP is running
  Principal: DN for LDAP Admin user say for example cn=admin,dc=somevalue,dc=com based on whatever you have used in your environment.
  Credential:Admin password cridentials for LDAP
  Confirm Credential:Admin password cridential for LDAP
  Control Flag:SUFFICIENT, you must check control flag value and set it to sufficient for all the providers or atleast DefaultAuthenticator or SQLAuthenticator.
  About weblogic users,in Weblogic 8.X there is a DefaultAnthenticator is used and i think they are picked from the database.Same will be case with Weblogic 9.2 where SQLAuthenticator is used.
  All the best
  Milind

• Discoverer against Open-LDAP

  Did anyone have experience of using Discoverer against Open-Ldap? We are using discoverer in non-apps mode and dont want to create 300db user's. Our current application uses Open-Ldap and we want to make use of it for Discoverer authentication. Any ideas?
  Thanks

  Thanks Rod for the metalink documents.
  I'd tried using eul_trigger$post_login using a similar function as indicated in the article you refer before posting my question but it didn't work - may be because i was not paying attention to upper/lower case.
  But, after reading the article 372067.1 and following the exact instructions I still can't make it work. Not even with Discoverer desktop while logged in as EUL owner.
  Here is the function I created:
  CREATE OR REPLACE FUNCTION EUL_TRIGGER$POST_LOGIN RETURN NUMBER IS
  BEGIN
  insert into my_eul.test_logon values (sysdate);
  commit;
  RETURN 0;
  END EUL_TRIGGER$POST_LOGIN;
  Some values for this registered function from EUL5_FUNCTIONS metadata table are:
  FUN_NAME: eul_trigger$post_login
  FUN_DEVELOPE_KEY: EUL_TRIGGERPOST_LOGIN
  FUN_FUNCTION_TYPE: 8
  FUN_HIDDEN: 0
  FUN_DATE_TYPE: 2
  FUN_AVAILABLE: 1
  FUN_MAXIMUM_ARGS: 0
  FUN_EXT_NAME: EUL_TRIGGER$POST_LOGIN
  FUN_EXT_OWNER: MY_EUL
  Any thing seems missing/incorrect?
  I am not 100% sure about EnableTrigger preferences. My pref.txt does not have an entry for EnableTriggers and according to Configuration Guide you should not add an entry if not present because by default triggers are enabled. But, since the trigger was not firing I also tried adding the line and applied preferences using the applypreferences.bat but it didn't work.
  To make it work with Discoverer Desktop I tried updating the registry to add entry for EnableTrigger registry entry, but no successs (Finally I removed all changes to registry and preferences).
  Now I am clueless why the trigger is not working. Any help would be appreciated.
  Using Discoverer 10G R1 (9.0.4)
  thanks
  Message was edited by:
  user552591

• SSO, LDAP Authentication & IIS

  Hi All,
  I am trying to config the sso with the iis,
  1. after configuring the LDAP I manage to login to the dashboard with user "richard"
  2. but when I am trying to enter with "Domain_name\richard" I am getting an error massage "invalid username password.
  3. I configure the sso to work with the biee and the iis.
  4. when trying to login, I am getting an error massage "not logged in"
  5. in the log file I can see that the biee get "Domain_name\richard" as username and not "richard" and that is the reason for the failure.
  how can I solv this problem
  Best Regards,
  Ronen

  Hi,
  - you would need LDAP configured on your BOE Server
  - you would need SAP Authentication configured on your BOE Server
  -your SAP Portal needs to pass on the LDAP part to BOE or
  - your portal can pass on the SSO Token
  if you portal passes on the SSO Token - then InfoView needs to be configured for SSO with SAP - see here:
  Portal Part 1
  /people/ingo.hilgefort/blog/2010/03/29/sap-businessobjects-enterprise-sap-enterprise-portal--part-1-of-4
  Portal Part 2
  /people/ingo.hilgefort/blog/2010/03/30/sap-businessobjects-enterprise-sap-enterprise-portal-part-2-of-4
  Portal Part 3
  /people/ingo.hilgefort/blog/2010/04/08/sap-businessobjects-enterprise-sap-enterprise-portal--part-3-of-4
  Portal Part 4
  /people/ingo.hilgefort/blog/2010/04/21/sap-businessobjects-enterprise-and-sap-enterprise-portal--part-4-of-4
  but for sure you will need SNC configured between the BOE Server and the source system - assuming BW for now - so that you can combine the authentications.
  Ingo

• SharePoint 2010 with LDAP authentication, using NOVELL eDirectory

  One of my customers needs a SharePoint application that allows people to authenticate with either an Active Directory account (internal staff) or a Novell eDirectory account (external customers).
  Using the following article as a base guide (http://blogs.technet.com/b/speschka/archive/2009/11/05/configuring-forms-based-authentication-in-sharepoint-2010.aspx)
  I configured a claims-based test application that had Windows authentication enabled and Forms based authentication (FBA) enabled (this is on a Windows 2008 server and not a domain controller)
  In the Membership provider name text box I entered "LdapMember"
  In the Role provider name  text box I entered "LdapRole"
  In the web.config for the SharePoint Central Admin, I modified/added the following details right before </system.web>
  <membership>
  <providers>
  <add name="LdapMember"
  type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
  server="ldap.server.address"
  port="389"
  useSSL="false"
  connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
  connectionPassword= "validpassword"
  userDNAttribute="dn"
  userNameAttribute="cn"
  userContainer="OU=people,O=validobject"
  userObjectClass="person"
  userFilter="(ObjectClass=person)"
  scope="Subtree"
  otherRequiredUserAttributes="sn,givenname,cn" />
  </providers>
  </membership>
  <roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider" >
  <providers>
  <add name="LdapRole"
  type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
  server="ldap.server.address"
  port="389"
  useSSL="false"
  connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
  connectionPassword= "validpassword"
  groupContainer="OU=people,O=validobject"
  groupNameAttribute="cn"
  groupNameAlternateSearchAttribute="samAccountName"
  groupMemberAttribute="member"
  userNameAttribute="sAMAccountName"
  dnAttribute="distinguishedName"
  groupFilter="((ObjectClass=group)"
  userFilter="((ObjectClass=person)"
  scope="Subtree" />
  </providers>
  </roleManager>
  I modified the SecurityTokenServiceApplication web.config with these details
  <system.web>
  <membership>
  <providers>
  <add name="LdapMemebr"
  type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
  server="ldap.server.address"
  port="389"
  useSSL="false"
  connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
  connectionPassword= "validpassword"
  userDNAttribute="dn"
  userNameAttribute="cn"
  userContainer="OU=people,O=validobject"
  userObjectClass="person"
  userFilter="(ObjectClass=person)"
  scope="Subtree"
  otherRequiredUserAttributes="sn,givenname,cn" />
  </providers>
  </membership>
  <roleManager enabled="true">
  <providers>
  <add name="LdapRole"
  type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
  server="ldap.server.address"
  port="389"
  useSSL="false"
  connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
  connectionPassword= "validpassword"
  groupContainer="OU=people,O=validobject"
  groupNameAttribute="cn"
  groupNameAlternateSearchAttribute="samAccountName"
  groupMemberAttribute="member"
  userNameAttribute="sAMAccountName"
  dnAttribute="distinguishedName"
  groupFilter="(&amp;(ObjectClass=group))"
  userFilter="(&amp;(ObjectClass=person))"
  scope="Subtree" />
  </providers>
  </roleManager>
  </system.web>
  I modified the web.config of the test application I created with these details
  <roleManager defaultProvider="c" enabled="true" cacheRolesInCookie="false">
  <providers>
  <add name="c" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthRoleProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
  <add name="LdapRole" type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
  server="ldap.server.address"
  port="389"
  useSSL="false"
  connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
  connectionPassword= "validpassword"
  groupContainer="OU=people,O=validobject"
  groupNameAttribute="cn"
  groupNameAlternateSearchAttribute="samAccountName"
  groupMemberAttribute="member"
  userNameAttribute="cn"
  dnAttribute="dn"
  groupFilter="(&amp;(ObjectClass=group))"
  userFilter="(&amp;(ObjectClass=person))"
  scope="Subtree" />
  </providers>
  </roleManager>
  <membership defaultProvider="i">
  <providers>
  <add name="i" type="Microsoft.SharePoint.Administration.Claims.SPClaimsAuthMembershipProvider, Microsoft.SharePoint, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" />
  <add name="LdapMember" type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
  server="ldap.server.address"
  port="389"
  useSSL="false"
  connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
  connectionPassword= "validpassword"
  useDNAttribute="true"
  userDNAttribute="dn"
  userNameAttribute="cn"
  userContainer="OU=people,O=validobject"
  userObjectClass="person"
  userFilter="(ObjectClass=person)"
  scope="Subtree"
  otherRequiredUserAttributes="sn,givenname,cn" />
  </providers>
  </membership>
  With all of this configured, I can go to the new test site, I do see the form where I can choose either Windows authentication or Forms authentication. I can successfully login with Windows authentication, but forms authentication gives me me an error.
  The server could not sign you in. Make sure your user name and password are correct, and then try again.
  I can successfully login to a LDAP management tool, using the same credentials I entered on the form, so I know the username and password being submitted are correct. I get the following items in the event viewer
  8306 - SharePoint Foundation - The security token username and password could not be validated.
  in the SharePoint trace logs - Password check on 'testuser' generated exception: 'System.ServiceModel.FaultException`1[Microsoft.IdentityModel.Tokens.FailedAuthenticationException]: The security token username and password could not be validated. and
  then this:
  Request for security token failed with exception: System.ServiceModel.FaultException: The security token username and password could not be validated.
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.ReadResponse(Message response)
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst, RequestSecurityTokenResponse& rstr)
  at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannel.Issue(RequestSecurityToken rst)
  at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForContext(Uri context, Boolean bearerToken, SecurityToken onBehalfOf, SecurityToken actAs, SecurityToken delegateTo)
  I monitored the LDAP server and did a packet-trace on the communication happening between the SharePoint server and the LDAP server and it is a bit odd. It goes like this:
  The SharePoint server successfully connects to the LDAP server, binding the ldapserviceid+password
  The LDAP server tells the SharePoint server it is ready to communicate
  the SharePoint server sends an LDAP query to the LDAP server, asking if the name entered in the form authentication page can be found.
  The LDAP server does the query, successfully finds the entered name and sends a success message back to SharePoint
  The LDAP server sends notification that it is done and is closing the connection that was bound to theldapserviceid+password
  The SharePoint server acknowledges the connection is closing
  ... and then nothing happens, except the error on SharePoint
  What I understand is that the SharePoint server, once it gets confirmation that the submitted username exists in LDAP, should attempt to make a new LDAP connection, bound to the username and password submitted in the form (rather than the LDAP service account
  specified in the web.config). That part does not seem to be happening.
  I am at a standstill on this and any help would be greatly appreciated.

  OK, our problem was resolved by removing any information about the ASP.NET role manager. Initially, we had information about a role manager defined in three different web.config files, as well as in the SharePoint Central Administration site, where there
  is the checkbox to Enable Forms Based Authentication (you see this when you first create the new SharePoint app, or afterwards by modifying the Authentication Provider for the app.) In either case, you will see two text boxes, underneath the checkbox item
  for enabling Forms Based Authentication:
  "ASP.NET Membership provider name"
  "ASP.NET Role manager name"
  We entered a name for Membership provider, and left Role manager blank.
  In the web.config for the SharePoint Central Administration site, the SecurityTokenServiceApplication app, and the web app we created with FBA enabled, we entered the following:
  <membership>
  <providers>
  <add name="LdapMember"
  type="Microsoft.Office.Server.Security.LdapMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
  server="ldap.server.address"
  port="389"
  useSSL="false"
  connectionUsername="cn=ldapserviceid,ou=sharepoint,ou=test,ou=location,o=validobject"
  connectionPassword="validpassword"
  useDNAttribute="false"
  userDNAttribute="dn"
  userNameAttribute="cn"
  userContainer="OU=people,O=validobject"
  userObjectClass="person"
  userFilter="(ObjectClass=person)"
  scope="Subtree"
  otherRequiredUserAttributes="sn,givenname,cn" />
  </providers>
  </membership>
  <roleManager>
  <providers>
  </providers>
  </roleManager>
  useDNAttribute="false" turned out to be important as well.
  So, for us to get LDAP authentication working between SharePoint 2010 and Novel eDirectory, we had to:
  leave anything related to the role provider blank
  configure the web.config in three different applications, with the proper connection information to reach our Novel eDir
  Ensure that useDNAttribute="false" was used in all three on the modified web.config files.
  Since our eDir is flat and used pretty much exclusively for external users, we had never done any sort of advanced role management configuration in eDir. So, by having role manager details in the web.config files, SharePoint was waiting for information from
  a non-existent role manager.

• Weblogic Server 10.3.0 and LDAP authentication Issue

  Hi - I have configured my WebLogic Server 10.3.0 for LDAP authentication (OID = 10.1.4.3.0) and so far the authentication works fine but I am having issue in terms of authorization.
  I am not able to access the default web logic administrator console app using any of the LDAP user, getting Forbiden message.
  It appears to me that the Weblogic Server is not pulling out the proper groups from the LDAP where user belongs too.
  Can anyone please point me towards the right direction to get this resolved.
  Thanks,
  STEPS
  Here are my steps I have followed:
  - Created a group called Administrators in OID.
  - Created a test user call uid=myadmin in the OID and assigned the above group to this user.
  - Added a new Authentication Provider to the Weblogic and configured it what is required to communicate with OID (the config.xml file snipet is below)
  <sec:authentication-provider xsi:type="wls:ldap-authenticatorType">
  <sec:name>OIDAuthentication</sec:name>
  <sec:control-flag>SUFFICIENT</sec:control-flag>
  <wls:propagate-cause-for-login-exception>false</wls:propagate-cause-for-login-exception>
  <wls:host>pmpdeva-idm.ncr.pwgsc.gc.ca</wls:host>
  <wls:port>1389</wls:port>
  <wls:principal>cn=orcladmin</wls:principal>
  <wls:user-base-dn>ou=AppAdmins, o=gc, c=ca</wls:user-base-dn>
  <wls:credential-encrypted>removed from here</wls:credential-encrypted>
  <wls:group-base-dn>ou=IDM, ou=ServiceAccounts, o=gc, c=ca</wls:group-base-dn>
  </sec:authentication-provider>
  - Marked the default authentication provider as sufficient as well.
  - Re-ordered the authentication provide such that the OIDauthentication is first in the list and default one is the last.
  - Looking at the log file I see there are no groups returned for this user and that is the problem in my opinion.
  <LDAP Atn Login username: myadmin>
  <getConnection return conn:LDAPConnection {ldaps://pmpdeva-idm.ncr.pwgsc.gc.ca:1389 ldapVersion:3 bindDN:"cn=orcladmin"}>
  <authenticate user:myadmin>
  <getDNForUser search("ou=AppAdmins, o=gc, c=ca", "(&(uid=myadmin)(objectclass=person))", base DN & below)>
  <DN for user myadmin: uid=myadmin,ou=AppAdmins,o=gc,c=ca>
  <authenticate user:myadmin with DN:uid=myadmin,ou=AppAdmins,o=gc,c=ca>
  <authentication succeeded>
  <returnConnection conn:LDAPConnection {ldaps://pmpdeva-idm.ncr.pwgsc.gc.ca:1389 ldapVersion:3 bindDN:"cn=orcladmin"}>
  <LDAP Atn Authenticated User myadmin>
  <List groups that member: myadmin belongs to>
  <getConnection return conn:LDAPConnection {ldaps://pmpdeva-idm.ncr.pwgsc.gc.ca:1389 ldapVersion:3 bindDN:"cn=orcladmin"}>
  <getDNForUser search("ou=AppAdmins, o=gc, c=ca", "(&(uid=myadmin)(objectclass=person))", base DN & below)>
  <DN for user myadmin: uid=myadmin,ou=AppAdmins,o=gc,c=ca>
  *<search("ou=IDM, ou=ServiceAccounts, o=gc, c=ca", "(&(uniquemember=uid=myadmin,ou=AppAdmins,o=gc,c=ca)(objectclass=groupofuniquenames))", base DN & below)>*
  *<Result has more elements: false>*
  <returnConnection conn:LDAPConnection {ldaps://pmpdeva-idm.ncr.pwgsc.gc.ca:1389 ldapVersion:3 bindDN:"cn=orcladmin"}>
  <login succeeded for username myadmin>
  - I see the XACML RoleMapper getRoles() only returning the Anonymous role as oppose to Admin (because the OID user is a part of Administrators group in OID then it should be returning Admin as fars I can tell. Here is the log entry that shows that:
  <XACML RoleMapper getRoles(): returning roles Anonymous>
  - I did a ldap search and I found no issues in getting the results back:
  C:\>ldapsearch -h localhost -p 1389 -b"ou=IDM, ou=ServiceAccounts, o=gc, c=ca" -D cn=orcladmin -w "removed from here" (uniquemember=uid=myadmin,ou=AppAdmins,o=gc,c=ca)(objectclass=groupOfUniqueNames)
  cn=Administrators,ou=IDM,ou=ServiceAccounts,o=gc,c=ca
  objectclass=groupOfUniqueNames
  objectclass=orclGroup
  objectclass=top
  END
  Here are the log entries:
  <1291668685624> <BEA-000000> <LDAP ATN LoginModule initialized>
  <1291668685624> <BEA-000000> <com.bea.common.security.internal.service.LoginModuleWrapper.initialize delegated>
  <1291668685624> <BEA-000000> <com.bea.common.security.internal.service.LoginModuleWrapper.login>
  <1291668685624> <BEA-000000> <LDAP Atn Login>
  <1291668685624> <BEA-000000> <com.bea.common.security.internal.service.CallbackHandlerWrapper.handle>
  <1291668685624> <BEA-000000> <com.bea.common.security.internal.service.CallbackHandlerWrapper.handle callbcacks[0] will be delegated>
  <1291668685624> <BEA-000000> <com.bea.common.security.internal.service.CallbackHandlerWrapper.handle callbcacks[0] will use NameCallback to retrieve name>
  <1291668685624> <BEA-000000> <com.bea.common.security.internal.service.CallbackHandlerWrapper.handle callbcacks[1] will be delegated>
  <1291668685624> <BEA-000000> <com.bea.common.security.internal.service.CallbackHandlerWrapper.handle will delegate all callbacks>
  <1291668685624> <BEA-000000> <com.bea.common.security.internal.service.CallbackHandlerWrapper.handle delegated callbacks>
  <1291668685624> <BEA-000000> <com.bea.common.security.internal.service.CallbackHandlerWrapper.handle got username from callbacks[0], UserName=myadmin>
  <1291668685624> <BEA-000000> <LDAP Atn Login username: myadmin>
  <1291668685624> <BEA-000000> <getConnection return conn:LDAPConnection { ldapVersion:2 bindDN:""}>
  <1291668685624> <BEA-000000> <authenticate user:myadmin>
  <1291668685624> <BEA-000000> <getDNForUser search("ou=people,ou=myrealm,dc=MBR_Domain", "(&(uid=myadmin)(objectclass=person))", base DN & below)>
  <1291668685624> <BEA-000000> <getDNForUser search("ou=people,ou=myrealm,dc=MBR_Domain", "(&(uid=myadmin)(objectclass=person))", base DN & below)>
  <1291668685624> <BEA-000000> <returnConnection conn:LDAPConnection { ldapVersion:2 bindDN:""}>
  <1291668685624> <BEA-000000> <[Security:090302]Authentication Failed: User myadmin denied>
  <1291668685624> <BEA-000000> <com.bea.common.security.internal.service.LoginModuleWrapper.initialize LoginModuleClassName=weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl>
  <1291668685624> <BEA-000000> <com.bea.common.security.internal.service.LoginModuleWrapper.initialize ClassLoader=java.net.URLClassLoader@facf0b>
  <1291668685624> <BEA-000000> <com.bea.common.security.internal.service.LoginModuleWrapper.initialize created delegate login module>
  <1291668685624> <BEA-000000> <LDAP ATN LoginModule initialized>
  <1291668685624> <BEA-000000> <com.bea.common.security.internal.service.LoginModuleWrapper.initialize delegated>
  <1291668685624> <BEA-000000> <com.bea.common.security.internal.service.LoginModuleWrapper.login>
  <1291668685624> <BEA-000000> <LDAP Atn Login>
  <1291668685624> <BEA-000000> <com.bea.common.security.internal.service.CallbackHandlerWrapper.handle>
  <1291668685624> <BEA-000000> <com.bea.common.security.internal.service.CallbackHandlerWrapper.handle callbcacks[0] will be delegated>
  <1291668685624> <BEA-000000> <com.bea.common.security.internal.service.CallbackHandlerWrapper.handle callbcacks[1] will be delegated>
  <1291668685624> <BEA-000000> <com.bea.common.security.internal.service.CallbackHandlerWrapper.handle will delegate all callbacks>
  <1291668685624> <BEA-000000> <com.bea.common.security.internal.service.CallbackHandlerWrapper.handle delegated callbacks>
  <1291668685624> <BEA-000000> <com.bea.common.security.internal.service.CallbackHandlerWrapper.handle did not get username from a callback>
  <1291668685624> <BEA-000000> <LDAP Atn Login username: myadmin>
  <1291668685624> <BEA-000000> <getConnection return conn:LDAPConnection {ldaps://pmpdeva-idm.ncr.pwgsc.gc.ca:1389 ldapVersion:3 bindDN:"cn=orcladmin"}>
  <1291668685624> <BEA-000000> <authenticate user:myadmin>
  <1291668685624> <BEA-000000> <getDNForUser search("ou=AppAdmins, o=gc, c=ca", "(&(uid=myadmin)(objectclass=person))", base DN & below)>
  <1291668685671> <BEA-000000> <DN for user myadmin: uid=myadmin,ou=AppAdmins,o=gc,c=ca>
  <1291668685671> <BEA-000000> <authenticate user:myadmin with DN:uid=myadmin,ou=AppAdmins,o=gc,c=ca>
  <1291668685671> <BEA-000000> <authentication succeeded>
  <1291668685686> <BEA-000000> <returnConnection conn:LDAPConnection {ldaps://pmpdeva-idm.ncr.pwgsc.gc.ca:1389 ldapVersion:3 bindDN:"cn=orcladmin"}>
  <1291668685686> <BEA-000000> <LDAP Atn Authenticated User myadmin>
  <1291668685686> <BEA-000000> <List groups that member: myadmin belongs to>
  <1291668685686> <BEA-000000> <getConnection return conn:LDAPConnection {ldaps://pmpdeva-idm.ncr.pwgsc.gc.ca:1389 ldapVersion:3 bindDN:"cn=orcladmin"}>
  <1291668685686> <BEA-000000> <getDNForUser search("ou=AppAdmins, o=gc, c=ca", "(&(uid=myadmin)(objectclass=person))", base DN & below)>
  <1291668685686> <BEA-000000> <DN for user myadmin: uid=myadmin,ou=AppAdmins,o=gc,c=ca>
  <1291668685686> <BEA-000000> <search("ou=IDM, ou=ServiceAccounts, o=gc, c=ca", "(&(uniquemember=uid=myadmin,ou=AppAdmins,o=gc,c=ca)(objectclass=groupofuniquenames))", base DN & below)>
  <1291668685686> <BEA-000000> <Result has more elements: false>
  <1291668685686> <BEA-000000> <returnConnection conn:LDAPConnection {ldaps://pmpdeva-idm.ncr.pwgsc.gc.ca:1389 ldapVersion:3 bindDN:"cn=orcladmin"}>
  <1291668685686> <BEA-000000> <login succeeded for username myadmin>
  <1291668685686> <BEA-000000> <com.bea.common.security.internal.service.LoginModuleWrapper.login delegated, returning true>
  <1291668685686> <BEA-000000> <com.bea.common.security.internal.service.LoginModuleWrapper.commit>
  <1291668685686> <BEA-000000> <LDAP Atn Commit>
  <1291668685686> <BEA-000000> <com.bea.common.security.internal.service.LoginModuleWrapper.commit delegated, returning false>
  <1291668685686> <BEA-000000> <com.bea.common.security.internal.service.LoginModuleWrapper.commit>
  <1291668685686> <BEA-000000> <LDAP Atn Commit>
  <1291668685686> <BEA-000000> <LDAP Atn Principals Added>
  <1291668685686> <BEA-000000> <com.bea.common.security.internal.service.LoginModuleWrapper.commit delegated, returning true>
  <1291668685686> <BEA-000000> <com.bea.common.security.internal.service.JAASLoginServiceImpl.login logged in>
  <1291668685686> <BEA-000000> <com.bea.common.security.internal.service.JAASLoginServiceImpl.login subject=Subject:
       Principal: myadmin
  >
  <1291668685686> <BEA-000000> <weblogic.security.service.internal.WLSIdentityServiceImpl.getIdentityFromSubject Subject: 1
       Principal = class weblogic.security.principal.WLSUserImpl("myadmin")
  >
  <1291668685686> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.sign(Principals)>
  <1291668685686> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.sign(Principal) Principal=myadmin>
  <1291668685686> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.sign(Principal) PrincipalClassName=weblogic.security.principal.WLSUserImpl>
  <1291668685686> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.sign(Principal) trying PrincipalValidator for interface weblogic.security.principal.WLSPrincipal>
  <1291668685686> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.sign(Principal) PrincipalValidator handles this PrincipalClass>
  <1291668685686> <BEA-000000> <Signed WLS principal myadmin>
  <1291668685686> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.sign(Principal) PrincipalValidator signed the principal>
  <1291668685686> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.sign(Principal) All required PrincipalValidators signed this PrincipalClass, returning true>
  <1291668685686> <BEA-000000> <com.bea.common.security.internal.service.JAASLoginServiceImpl.login identity=Subject: 1
       Principal = class weblogic.security.principal.WLSUserImpl("myadmin")
  >
  <1291668685686> <BEA-000000> <weblogic.security.service.internal.WLSJAASLoginServiceImpl$ServiceImpl.authenticate authenticate succeeded for user myadmin, Identity=Subject: 1
       Principal = class weblogic.security.principal.WLSUserImpl("myadmin")
  >
  <1291668685686> <BEA-000000> <weblogic.security.service.internal.UserLockoutServiceImpl$ServiceImpl.isLocked(myadmin)>
  <1291668685686> <BEA-000000> <weblogic.security.service.internal.WLSJAASLoginServiceImpl$ServiceImpl.authenticate login succeeded and myadmin was not previously locked out>
  <1291668685702> <BEA-000000> <Using Common RoleMappingService>
  <1291668685702> <BEA-000000> <PrincipalAuthenticator.validateIdentity>
  <1291668685702> <BEA-000000> <PrincipalAuthenticator.validateIdentity will use common security service>
  <1291668685702> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.validate(Principals)>
  <1291668685702> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.validate(Principal) Principal=myadmin>
  <1291668685702> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.validate(Principal) PrincipalClassName=weblogic.security.principal.WLSUserImpl>
  <1291668685702> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.validate(Principal) trying PrincipalValidator for interface weblogic.security.principal.WLSPrincipal>
  <1291668685702> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.validate(Principal) PrincipalValidator handles this PrincipalClass>
  <1291668685702> <BEA-000000> <Validate WLS principal myadmin returns true>
  <1291668685702> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.validate(Principal) PrincipalValidator said the principal is valid>
  <1291668685702> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.validate(Principal) One or more PrincipalValidators handled this PrincipalClass, returning true>
  <1291668685702> <BEA-000000> <com.bea.common.security.internal.service.PrincipalValidationServiceImpl.validate(Principals) validated all principals>
  <1291668685702> <BEA-000000> <com.bea.common.security.internal.service.RoleMappingServiceImpl.getRoles Identity=Subject: 1
       Principal = class weblogic.security.principal.WLSUserImpl("myadmin")
  >
  <1291668685702> <BEA-000000> <com.bea.common.security.internal.service.RoleMappingServiceImpl.getRoles Resource=type=<url>, application=consoleapp, contextPath=/console, uri=/index.jsp, httpMethod=GET>
  <1291668685702> <BEA-000000> <XACML RoleMapper getRoles(): input arguments:>
  <1291668685702> <BEA-000000> <     Subject: 1
       Principal = weblogic.security.principal.WLSUserImpl("myadmin")
  >
  <1291668685702> <BEA-000000> <     Resource: type=<url>, application=consoleapp, contextPath=/console, uri=/index.jsp, httpMethod=GET>
  <1291668685702> <BEA-000000> <     Parent: type=<url>, application=consoleapp, contextPath=/console, uri=/index.jsp>
  <1291668685702> <BEA-000000> <     Parent: type=<url>, application=consoleapp, contextPath=/console, uri=/index.jsp/*, httpMethod=GET>
  <1291668685702> <BEA-000000> <     Parent: type=<url>, application=consoleapp, contextPath=/console, uri=/index.jsp/*>
  <1291668685702> <BEA-000000> <     Parent: type=<url>, application=consoleapp, contextPath=/console, uri=/*, httpMethod=GET>
  <1291668685702> <BEA-000000> <     Parent: type=<url>, application=consoleapp, contextPath=/console, uri=/*>
  <1291668685702> <BEA-000000> <     Parent: type=<url>, application=consoleapp, contextPath=/console, uri=*.jsp, httpMethod=GET>
  <1291668685702> <BEA-000000> <     Parent: type=<url>, application=consoleapp, contextPath=/console, uri=*.jsp>
  <1291668685702> <BEA-000000> <     Parent: type=<url>, application=consoleapp, contextPath=/console, uri=/, httpMethod=GET>
  <1291668685702> <BEA-000000> <     Parent: type=<url>, application=consoleapp, contextPath=/console, uri=/>
  <1291668685702> <BEA-000000> <     Parent: type=<url>, application=consoleapp, contextPath=/console>
  <1291668685702> <BEA-000000> <     Parent: type=<url>, application=consoleapp>
  <1291668685702> <BEA-000000> <     Parent: type=<app>, application=consoleapp>
  <1291668685702> <BEA-000000> <     Parent: type=<url>>
  <1291668685702> <BEA-000000> <     Parent: null>
  <1291668685702> <BEA-000000> <     Context Handler: >
  <1291668685702> <BEA-000000> <Accessed Subject: Id=urn:oasis:names:tc:xacml:2.0:subject:group, Value=[everyone,users]>
  <1291668685702> <BEA-000000> <Evaluate urn:oasis:names:tc:xacml:1.0:function:string-is-in(AdminChannelUsers,[everyone,users]) -> false>
  <1291668685702> <BEA-000000> <primary-rule evaluates to NotApplicable because of Condition>
  <1291668685702> <BEA-000000> <urn:bea:xacml:2.0:entitlement:role:AdminChannelUser:, 1.0 evaluates to Deny>
  <1291668685702> <BEA-000000> <XACML RoleMapper: accessing role AdminChannelUser: DENIED>
  <1291668685702> <BEA-000000> <Accessed Subject: Id=urn:oasis:names:tc:xacml:2.0:subject:group, Value=[everyone,users]>
  <1291668685702> <BEA-000000> <Evaluate urn:oasis:names:tc:xacml:1.0:function:string-is-in(AppTesters,[everyone,users]) -> false>
  <1291668685702> <BEA-000000> <primary-rule evaluates to NotApplicable because of Condition>
  <1291668685702> <BEA-000000> <urn:bea:xacml:2.0:entitlement:role:AppTester:, 1.0 evaluates to Deny>
  <1291668685702> <BEA-000000> <XACML RoleMapper: accessing role AppTester: DENIED>
  <1291668685702> <BEA-000000> <Accessed Subject: Id=urn:oasis:names:tc:xacml:2.0:subject:group, Value=[everyone,users]>
  <1291668685702> <BEA-000000> <Evaluate urn:oasis:names:tc:xacml:1.0:function:string-is-in(everyone,[everyone,users]) -> true>
  <1291668685702> <BEA-000000> <primary-rule evaluates to Permit>
  <1291668685702> <BEA-000000> <urn:bea:xacml:2.0:entitlement:role:Anonymous:, 1.0 evaluates to Permit>
  <1291668685702> <BEA-000000> <XACML RoleMapper: accessing role Anonymous: GRANTED>
  <1291668685702> <BEA-000000> <Accessed Subject: Id=urn:oasis:names:tc:xacml:2.0:subject:group, Value=[everyone,users]>
  <1291668685702> <BEA-000000> <Evaluate urn:oasis:names:tc:xacml:1.0:function:string-is-in(Monitors,[everyone,users]) -> false>
  <1291668685702> <BEA-000000> <primary-rule evaluates to NotApplicable because of Condition>
  <1291668685702> <BEA-000000> <urn:bea:xacml:2.0:entitlement:role:Monitor:, 1.0 evaluates to Deny>
  <1291668685702> <BEA-000000> <XACML RoleMapper: accessing role Monitor: DENIED>
  <1291668685702> <BEA-000000> <Accessed Subject: Id=urn:oasis:names:tc:xacml:2.0:subject:group, Value=[everyone,users]>
  <1291668685702> <BEA-000000> <Evaluate urn:oasis:names:tc:xacml:1.0:function:string-is-in(Operators,[everyone,users]) -> false>
  <1291668685702> <BEA-000000> <primary-rule evaluates to NotApplicable because of Condition>
  <1291668685702> <BEA-000000> <urn:bea:xacml:2.0:entitlement:role:Operator:, 1.0 evaluates to Deny>
  <1291668685702> <BEA-000000> <XACML RoleMapper: accessing role Operator: DENIED>
  <1291668685702> <BEA-000000> <Accessed Subject: Id=urn:oasis:names:tc:xacml:2.0:subject:group, Value=[everyone,users]>
  <1291668685702> <BEA-000000> <Evaluate urn:oasis:names:tc:xacml:1.0:function:string-is-in(CrossDomainConnectors,[everyone,users]) -> false>
  <1291668685702> <BEA-000000> <primary-rule evaluates to NotApplicable because of Condition>
  <1291668685702> <BEA-000000> <urn:bea:xacml:2.0:entitlement:role:CrossDomainConnector:, 1.0 evaluates to Deny>
  <1291668685702> <BEA-000000> <XACML RoleMapper: accessing role CrossDomainConnector: DENIED>
  <1291668685702> <BEA-000000> <Accessed Subject: Id=urn:oasis:names:tc:xacml:2.0:subject:group, Value=[everyone,users]>
  <1291668685702> <BEA-000000> <Evaluate urn:oasis:names:tc:xacml:1.0:function:string-is-in(Deployers,[everyone,users]) -> false>
  <1291668685702> <BEA-000000> <primary-rule evaluates to NotApplicable because of Condition>
  <1291668685702> <BEA-000000> <urn:bea:xacml:2.0:entitlement:role:Deployer:, 1.0 evaluates to Deny>
  <1291668685702> <BEA-000000> <XACML RoleMapper: accessing role Deployer: DENIED>
  <1291668685702> <BEA-000000> <Accessed Subject: Id=urn:oasis:names:tc:xacml:2.0:subject:group, SC=null, Value=[everyone,users]>
  <1291668685702> <BEA-000000> <Evaluate urn:oasis:names:tc:xacml:1.0:function:string-is-in(Administrators,[everyone,users]) -> false>
  <1291668685702> <BEA-000000> <primary-rule evaluates to NotApplicable because of Condition>
  <1291668685702> <BEA-000000> <urn:bea:xacml:2.0:entitlement:role:Admin:, 1.0 evaluates to Deny>
  <1291668685702> <BEA-000000> <XACML RoleMapper: accessing role Admin: DENIED>
  <1291668685702> <BEA-000000> <XACML RoleMapper getRoles(): returning roles Anonymous>
  <1291668685702> <BEA-000000> <com.bea.common.security.internal.service.RoleMappingServiceImpl.getRoles returning [ "Anonymous" ]>
  <1291668685702> <BEA-000000> <AuthorizationManager will use common security for ATZ>
  <1291668685702> <BEA-000000> <weblogic.security.service.WLSAuthorizationServiceWrapper.isAccessAllowed>
  <1291668685702> <BEA-000000> <com.bea.common.security.internal.service.AccessDecisionServiceImpl.isAccessAllowed Identity=Subject: 1
       Principal = class weblogic.security.principal.WLSUserImpl("myadmin")
  >
  <1291668685702> <BEA-000000> <com.bea.common.security.internal.service.AccessDecisionServiceImpl.isAccessAllowed Roles=[ "Anonymous" ]>
  <1291668685702> <BEA-000000> <com.bea.common.security.internal.service.AccessDecisionServiceImpl.isAccessAllowed Resource=type=<url>, application=consoleapp, contextPath=/console, uri=/index.jsp, httpMethod=GET>
  <1291668685702> <BEA-000000> <com.bea.common.security.internal.service.AccessDecisionServiceImpl.isAccessAllowed Direction=ONCE>
  <1291668685702> <BEA-000000> <XACML Authorization isAccessAllowed(): input arguments:>
  <1291668685702> <BEA-000000> <     Subject: 1
       Principal = weblogic.security.principal.WLSUserImpl("myadmin")
  >
  <1291668685702> <BEA-000000> <     Roles:Anonymous>
  <1291668685702> <BEA-000000> <     Resource: type=<url>, application=consoleapp, contextPath=/console, uri=/index.jsp, httpMethod=GET>
  <1291668685702> <BEA-000000> <     Direction: ONCE>
  <1291668685702> <BEA-000000> <     Context Handler: >
  <1291668685702> <BEA-000000> <Accessed Subject: Id=urn:oasis:names:tc:xacml:2.0:subject:role, SC=null, Value=Anonymous>
  <1291668685702> <BEA-000000> <Evaluate urn:oasis:names:tc:xacml:1.0:function:string-at-least-one-member-of([Admin,Operator,Deployer,Monitor],Anonymous) -> false>
  <1291668685702> <BEA-000000> <primary-rule evaluates to NotApplicable because of Condition>
  <1291668685702> <BEA-000000> <urn:bea:xacml:2.0:entitlement:resource:type@E@Furl@G@M@Oapplication@Econsoleapp@M@OcontextPath@E@Uconsole@M@Ouri@E@U, 1.0 evaluates to Deny>
  <1291668685702> <BEA-000000> <XACML Authorization isAccessAllowed(): returning DENY>
  <1291668685702> <BEA-000000> <com.bea.common.security.internal.service.AccessDecisionServiceImpl.isAccessAllowed AccessDecision returned DENY>
  <1291668685702> <BEA-000000> <com.bea.common.security.internal.service.AdjudicationServiceImpl.adjudicate Results=[ DENY ]>
  <1291668685702> <BEA-000000> <com.bea.common.security.internal.service.AdjudicationServiceImpl.adjudicate Resource=type=<url>, application=consoleapp, contextPath=/console, uri=/index.jsp, httpMethod=GET>
  <1291668685702> <BEA-000000> <DefaultAdjudicatorImpl.adjudicate results: DENY >
  <1291668685702> <BEA-000000> <com.bea.common.security.internal.service.AdjudicationServiceImpl.adjudicate Adjudictor returned false, returning that value>
  <1291668685702> <BEA-000000> <com.bea.common.security.internal.service.AuthorizationServiceImpl.isAccessAllowed returning adjudicated: false>

  Okay Finally the issue is resolved. Here is the findings to help others in case they ran into the same issue.
  The OID version that we are using is not returning the groups the way Weblogic is building the ldapsearch command. We captured the ldap traffic to go deeper and noticed the filters and attributes list that wls was asking. For example, the filter was like:
  "(&(uniquemember=uid=myadmin,ou=AppAdmins,o=gc,c=ca)(objectclass=groupofuniquenames))" cn
  its was the "cn" attribute that was causing the result set to be empty.
  from a command line we tried
  "(&(uniquemember=uid=myadmin,ou=AppAdmins,o=gc,c=ca)(objectclass=groupofuniquenames))" uniquemember
  and got the results back.
  Then we start looking into OID configuration and one of my coworker pointed me towards the orclinmemfiltprocess attributes in cn=dsaconfig entry and told me that they had lot of issues in the past in relation to this attribute.
  So as a test we removed the groupofuniquenames objectclass from the orclinmemfiltprocess attribute list and bingo it worked!
  Since we needed the groupofuniquenames in this list for performance/other reasons and decided to use a different objectclass for our groups instead i.e. orclGroup.
  Thanks everyone for showing interest on the problem and providing suggestions.

• ERROR: Ldap Authentication failed for dap during installation of iAS 6.0 SP3

  I am attempting to install ias Enterprise Edition (6.0 SP3) on solaris 2.8 using typical in basesetup. I am trying to install new Directory server as I don't have an existing one.
  During the installation I got the following error.
  ERROR: Ldap Authentication failed for url ldap://hostname:389/o=NetScape Root user id admin (151: Unknown Error)
  Fatal Slapd did not add Directory server information to config Server.
  Warning slapd could'nt populate with ldif file Yes error code 151.
  ERROR:Failure installing iPlanet Directory Server.
  Do you want to continue: ( I entered yes )
  Configuring Administration Server Segmentation fault core dumped.
  Error: Failure installing Netscape Administration Server.
  Do you want to continue:( I responded with yes).
  And during the Extraction I got the following
  ERROR:mple_bind: Can't connect to the LDAP server - No route to host
  ERROR: Unable to connect to LDAP Directory Server
  Hostname: hostname
  Port: 389
  User: cn=Directory Manager
  Password: <password-for-cn=Directory Manager
  Please make sure this Directory Server is currently running.
  You might need to run 'stop-slapd' and then
  'start-slapd' in the Directory Server home directory, in order to restart
  LDAP. When finished, press ENTER to continue, or S to skip this step:
  Start registering Bootstrap EJB...
  javax.naming.NameNotFoundException
  at java.lang.Throwable.fillInStackTrace(Native Method)
  at java.lang.Throwable.fillInStackTrace(Compiled Code)
  at java.lang.Throwable.<init>(Compiled Code)
  at java.lang.Exception.<init>(Compiled > Code)
  at javax.naming.NamingException.<init>(NamingException.java:114)
  at javax.naming.NameNotFoundException.<init>(NameNotFoundException.java: 48)
  at com.netscape.server.jndi.RootContext.resolveCtx(Unknown Source)
  "ldaperror" 76 lines, 2944 characters
  at com.netscape.server.jndi.RootContext.resolveCtx(Unknown Source)
  at com.netscape.server.jndi.RootContext.bind(Unknown Source)
  at com.netscape.server.jndi.RootContext.bind(Unknown Source)
  at javax.naming.InitialContext.bind(InitialContext.java:371)
  at com.netscape.server.deployment.EjbReg.deployToNaming(Unknown Source)
  at com.netscape.server.deployment.EjbReg.registerEjbJar(Compiled Code)
  at com.netscape.server.deployment.EjbReg.registerEjbJar(Compiled Code)
  at com.netscape.server.deployment.EjbReg.run(Compiled Code)
  at com.netscape.server.deployment.EjbReg.main(Unknown Source)
  Start registering iAS 60 Fortune Application...
  Start iPlanet Application Server
  Start iPlanet Application Server
  Start Web Server iPlanet-WebServer-Enterprise/6.0SP1 B08/20/200100:58
  warning: daemon is running as super-user
  [LS ls1] http://gedemo1.plateau.com, port 80 ready
  to accept requests
  startup: server started successfully.
  After completion of installation, I tried to start the console. But I got the following error;
  "Cant connect ot the admin server. The url is not correct or the server is not running.
  Finally,when I started the admintool(iASTT),it shows the iAS1
  was registered( marked with a red cross mark) and says "cant login. make sure the user
  name & passwdord are correct" when i click on it.
  Thanks in advance for any help
  Madhavi

  Hi,
  Make sure that the directory server is installed first. If it is running
  ok, then you can try adding an admin user, please check the following
  technote.
  http://knowledgebase.iplanet.com/ikb/kb/articles/4106.html
  regards
  Swami
  madhavi korupolu wrote:
  I am attempting to install ias Enterprise Edition (6.0 SP3) on
  solaris 2.8 using typical in basesetup. I am trying to install new
  Directory server as I don't have an existing one.
  During the installation I got the following error.
  ERROR: Ldap Authentication failed for url
  ldap://hostname:389/o=NetScape Root user id admin (151: Unknown
  Error)
  Fatal Slapd did not add Directory server information to config
  Server.
  Warning slapd could'nt populate with ldif file Yes error code 151.
  ERROR:Failure installing iPlanet Directory Server.
  Do you want to continue: ( I entered yes )
  Configuring Administration Server Segmentation fault core dumped.
  Error: Failure installing Netscape Administration Server.
  Do you want to continue:( I responded with yes).
  And during the Extraction I got the following
  ERROR:mple_bind: Can't connect to the LDAP server - No route to host
  ERROR: Unable to connect to LDAP Directory Server
  Hostname: hostname
  Port: 389
  User: cn=Directory Manager
  Password: <password-for-cn=Directory Manager
  Please make sure this Directory Server is currently running.
  You might need to run 'stop-slapd' and then
  'start-slapd' in the Directory Server home directory, in order to
  restart
  LDAP. When finished, press ENTER to continue, or S to skip this
  step:
  Start registering Bootstrap EJB...
  javax.naming.NameNotFoundException
  at java.lang.Throwable.fillInStackTrace(Native Method)
  at java.lang.Throwable.fillInStackTrace(Compiled Code)
  at java.lang.Throwable.<init>(Compiled Code)
  at java.lang.Exception.<init>(Compiled > Code)
  at javax.naming.NamingException.<init>(NamingException.java:114)
  at
  javax.naming.NameNotFoundException.<init>(NameNotFoundException.java:
  48)
  at com.netscape.server.jndi.RootContext.resolveCtx(Unknown Source)
  "ldaperror" 76 lines, 2944 characters
  at com.netscape.server.jndi.RootContext.resolveCtx(Unknown Source)
  at com.netscape.server.jndi.RootContext.bind(Unknown Source)
  at com.netscape.server.jndi.RootContext.bind(Unknown Source)
  at javax.naming.InitialContext.bind(InitialContext.java:371)
  at com.netscape.server.deployment.EjbReg.deployToNaming(Unknown
  Source)
  at com.netscape.server.deployment.EjbReg.registerEjbJar(Compiled
  Code)
  at com.netscape.server.deployment.EjbReg.registerEjbJar(Compiled
  Code)
  at com.netscape.server.deployment.EjbReg.run(Compiled Code)
  at com.netscape.server.deployment.EjbReg.main(Unknown Source)
  Start registering iAS 60 Fortune Application...
  Start iPlanet Application Server
  Start iPlanet Application Server
  Start Web Server iPlanet-WebServer-Enterprise/6.0SP1 B08/20/200100:58
  warning: daemon is running as super-user
  [LS ls1] http://gedemo1.plateau.com, port 80 ready
  to accept requests
  startup: server started successfully.
  After completion of installation, I tried to start the console. But I
  got the following error;
  "Cant connect ot the admin server. The url is not correct or the
  server is not running.
  Finally,when I started the admintool(iASTT),it shows the iAS1
  was registered( marked with a red cross mark) and says "cant login.
  make sure the user
  name & passwdord are correct" when i click on it.
  Thanks in advance for any help
  Madhavi
  Try our New Web Based Forum at http://softwareforum.sun.com
  Includes Access to our Product Knowledge Base!

• VS 2013 crashes on opening Worker Role configuration

  After creating a cloud project using Azure SDK for .NET 2.4 then Visual Studio 2013 (update 3) crashes when I attempt to edit the Role Configuration via the UI by double clicking the [Cloud Project] -> Roles -> [Worker Role Name] in Solution Explorer.
  The event details as text looks like this.
  Application Error
  Log Name: Application
  Source: Application Error
  Date: 12-09-2014 10:33:59
  Event ID: 1000
  Task Category: (100)
  Level: Error
  Keywords: Classic
  User: N/A
  Computer: [removed].[removed].com
  Description:
  Faulting application name: devenv.exe, version: 12.0.30723.0, time stamp: 0x53cf6f00
  Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x53159a86
  Exception code: 0xe0434352
  Fault offset: 0x0000c42d
  Faulting process id: 0x1f54
  Faulting application start time: 0x01cfce63c98e92fb
  Faulting application path: C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
  Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
  Report Id: 8a86cb32-3a57-11e4-857a-0026b9e0fb6f
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
  <Provider Name="Application Error" />
  <EventID Qualifiers="0">1000</EventID>
  <Level>2</Level>
  <Task>100</Task>
  <Keywords>0x80000000000000</Keywords>
  <TimeCreated SystemTime="2014-09-12T08:33:59.000000000Z" />
  <EventRecordID>213664</EventRecordID>
  <Channel>Application</Channel>
  <Computer>[removed].[removed].com</Computer>
  <Security />
  </System>
  <EventData>
  <Data>devenv.exe</Data>
  <Data>12.0.30723.0</Data>
  <Data>53cf6f00</Data>
  <Data>KERNELBASE.dll</Data>
  <Data>6.1.7601.18409</Data>
  <Data>53159a86</Data>
  <Data>e0434352</Data>
  <Data>0000c42d</Data>
  <Data>1f54</Data>
  <Data>01cfce63c98e92fb</Data>
  <Data>C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe</Data>
  <Data>C:\Windows\syswow64\KERNELBASE.dll</Data>
  <Data>8a86cb32-3a57-11e4-857a-0026b9e0fb6f</Data>
  </EventData>
  </Event>
  .NET Runtime
  Log Name: Application
  Source: .NET Runtime
  Date: 12-09-2014 10:33:59
  Event ID: 1026
  Task Category: None
  Level: Error
  Keywords: Classic
  User: N/A
  Computer: [removed].[removed].com
  Description:
  Application: devenv.exe
  Framework Version: v4.0.30319
  Description: The process was terminated due to an unhandled exception.
  Exception Info: System.AggregateException
  Stack:
  at System.Runtime.CompilerServices.AsyncMethodBuilderCore.<ThrowAsync>b__4(System.Object)
  at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
  at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
  at System.Windows.Threading.DispatcherOperation.InvokeImpl()
  at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
  at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
  at System.Windows.Threading.DispatcherOperation.Invoke()
  at System.Windows.Threading.Dispatcher.ProcessQueue()
  at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
  at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
  at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
  at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
  at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
  at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
  at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
  <Provider Name=".NET Runtime" />
  <EventID Qualifiers="0">1026</EventID>
  <Level>2</Level>
  <Task>0</Task>
  <Keywords>0x80000000000000</Keywords>
  <TimeCreated SystemTime="2014-09-12T08:33:59.000000000Z" />
  <EventRecordID>213663</EventRecordID>
  <Channel>Application</Channel>
  <Computer>[removed].[removed].com</Computer>
  <Security />
  </System>
  <EventData>
  <Data>Application: devenv.exe
  Framework Version: v4.0.30319
  Description: The process was terminated due to an unhandled exception.
  Exception Info: System.AggregateException
  Stack:
  at System.Runtime.CompilerServices.AsyncMethodBuilderCore.&lt;ThrowAsync&gt;b__4(System.Object)
  at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
  at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
  at System.Windows.Threading.DispatcherOperation.InvokeImpl()
  at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)
  at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
  at System.Windows.Threading.DispatcherOperation.Invoke()
  at System.Windows.Threading.Dispatcher.ProcessQueue()
  at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
  at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)
  at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)
  at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)
  at MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)
  at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)
  at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)
  </Data>
  </EventData>
  </Event>
  Just prior to the crash...
  ...it seems like VS 2013 is attempting to log me in to a company server (active directory?). Regardless of my action (providing my login credentials or cancelling the login) VS 2013 then proceeds to crash.
  My other computers
  On my private laptop that connects to the internet via a private internet connection, the same type of project loads the configuration page w.o. issues (same VS and SDK configuration).
  Others have this issue as well
  There is also a thread about this on SO, although without a solution:
  Visual Studio 2013 crashes when opening up service configuration for edit
  Can anybody provide any help about how to solve this, please?
  Br,
  Claus

  Hi Will
  Thanks for your answer - I have added my findings below:
  The problem apparently stems from the authentication process.
  If you are using your company email as username on Azure, the inherent domain name will cause the authentication method to redirect you to your company's Active Directory.
  The problem can be solved by choosing a different email as username on Azure.
  The problem can also be replicated by setting up a website with authentication using Azure Active Directory. During login through Azure AD, the exact moment you enter the domain name in your username, the login screen redirects you from the Azure AD to the
  AD at sts.[email domain name] - and consequently, the login fails. Using a different username the Azure AD authentication works flawlessly.
  Br,
  Claus

• ASA 8.2.5 LDAP authentication by memberof doesn't always work

  I've configured LDAP authentication to allow access if  members are a member of the "VPN_Users" Group.  This configuration is  working, but only for some users.  For other users it isn't.  The output  of the 'debug ldap 255' shows an output of memberOf for the users that  it's working for, but shows nothing for users it's not working for.   I've not been able to figure out any connection or differences that are  the same between those users that work and those that don't.  Any idea on what might be causing this problem?  Both working and non-working users will authenticate, its just some of them don't pull the memberof data in the ldap query.
  Config:
  aaa-server AD protocol ldap
  aaa-server AD (inside) host btfs2
  ldap-base-dn dc=localdomain,dc=com
  ldap-scope subtree
  ldap-naming-attribute samAccountName
  ldap-login-password *****
  ldap-login-dn [email protected]
  server-type microsoft
  ldap-attribute-map VPNGroup
  ldap attribute-map VPNGroup
    map-name  memberOf IETF-Radius-Class
    map-value memberOf "CN=VPN_Users,OU=Security Groups,OU=Company OU,DC=localdomain,DC=com" btvpn
  group-policy NOACCESS internal
  group-policy NOACCESS attributes
  vpn-simultaneous-logins 0
  vpn-tunnel-protocol IPSec svc
  webvpn
    svc ask none default svc
  group-policy btvpn internal
  group-policy btvpn attributes
  banner value This is a private data network. All connections are logged and are subject to
  banner value monitoring. Unauthorized access is prohibited and will be prosecuted.
  dns-server value 10.0.0.x 10.0.0.y
  vpn-simultaneous-logins 10
  vpn-tunnel-protocol IPSec l2tp-ipsec svc
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value splittun
  default-domain value localdomain.com
  webvpn
    svc keep-installer installed
    svc rekey time 120
    svc rekey method ssl
    svc ask enable default svc
  tunnel-group btvpn type remote-access
  tunnel-group btvpn general-attributes
  address-pool vpnpool
  authentication-server-group AD LOCAL
  default-group-policy NOACCESS
  tunnel-group btvpn webvpn-attributes
  group-alias webvpn enable
  tunnel-group btvpn ipsec-attributes
  pre-shared-key *****
  Non-working user:
  [1575] Session Start
  [1575] New request Session, context 0xd7fbf210, reqType = Authentication
  [1575] Fiber started
  [1575] Creating LDAP context with uri=ldap://10.0.0.x:389
  [1575] Connect to LDAP server: ldap://10.0.0.x:389, status = Successful
  [1575] supportedLDAPVersion: value = 3
  [1575] supportedLDAPVersion: value = 2
  [1575] Binding as [email protected]
  [1575] Performing Simple authentication for [email protected] to 10.0.0.x
  [1575] LDAP Search:
          Base DN = [dc=localdomain,dc=com]
          Filter  = [samAccountName=cmcbride]
          Scope   = [SUBTREE]
  [1575] User DN = [CN=Chris McBride,OU=Administrators,OU=Company OU,DC=localdomain,DC=com]
  [1575] Talking to Active Directory server 10.0.0.x
  [1575] Reading password policy for cmcbride, dn:CN=Chris McBride,OU=Administrators,OU=Company OU,DC=localdomain,DC=com
  [1575] Binding as cmcbride
  [1575] Performing Simple authentication for cmcbride to 10.0.0.x
  [1575] Processing LDAP response for user cmcbride
  [1575] Message (cmcbride):
  [1575] Authentication successful for cmcbride to 10.0.0.x
  [1575] Retrieved User Attributes:
  [1575]  objectClass: value = top
  [1575]  objectClass: value = person
  [1575]  objectClass: value = organizationalPerson
  [1575]  objectClass: value = user
  [1575]  cn: value = Chris McBride
  [1575]  sn: value = McBride
  [1575]  l: value = Tulsa
  [1575]  description: value = cmcbride non-admin test account
  [1575]  givenName: value = Chris
  [1575]  distinguishedName: value = CN=Chris McBride,OU=Administrators,OU=Company OU,DC=localdomain,DC=co
  [1575]  displayName: value = Chris McBride
  [1575]  name: value = Chris McBride
  [1575]  objectGUID: value = ....5..L...[..K.
  [1575]  codePage: value = 0
  [1575]  countryCode: value = 0
  [1575]  primaryGroupID: value = 513
  [1575]  objectSid: value = ...............1...{C..2....
  [1575]  sAMAccountName: value = cmcbride
  [1575]  sAMAccountType: value = 805306368
  [1575]  userPrincipalName: value = [email protected]
  [1575]  objectCategory: value = CN=Person,CN=Schema,CN=Configuration,DC=localdomain,DC=com
  [1575] Fiber exit Tx=616 bytes Rx=2007 bytes, status=1
  [1575] Session End
  Working user:
  [1585] Session Start
  [1585] New request Session, context 0xd7fbf210, reqType = Authentication
  [1585] Fiber started
  [1585] Creating LDAP context with uri=ldap://10.0.0.x:389
  [1585] Connect to LDAP server: ldap://10.0.0.x:389, status = Successful
  [1585] supportedLDAPVersion: value = 3
  [1585] supportedLDAPVersion: value = 2
  [1585] Binding as [email protected]
  [1585] Performing Simple authentication for [email protected] to 10.0.0.x
  [1585] LDAP Search:
          Base DN = [dc=localdomain,dc=com]
          Filter  = [samAccountName=cmcbride_a]
          Scope   = [SUBTREE]
  [1585] User DN = [CN=Admin Chris McBride,OU=Administrators,OU=Company OU,DC=localdomain,DC=com]
  [1585] Talking to Active Directory server 10.0.0.x
  [1585] Reading password policy for cmcbride_a, dn:CN=Admin Chris McBride,OU=Administrators,OU=Company OU,DC=localdomain,DC=com
  [1585] Read bad password count 0
  [1585] Binding as cmcbride_a
  [1585] Performing Simple authentication for cmcbride_a to 10.0.0.x
  [1585] Processing LDAP response for user cmcbride_a
  [1585] Message (cmcbride_a):
  [1585] Authentication successful for cmcbride_a to 10.0.0.x
  [1585] Retrieved User Attributes:
  [1585]  objectClass: value = top
  [1585]  objectClass: value = person
  [1585]  objectClass: value = organizationalPerson
  [1585]  objectClass: value = user
  [1585]  cn: value = Admin Chris McBride
  [1585]  sn: value = McBride
  [1585]  description: value = PTC User, cjm 05312011
  [1585]  givenName: value = Chris
  [1585]  distinguishedName: value = CN=Admin Chris McBride,OU=Administrators,OU=Company OU,DC=localdomain
  [1585]  instanceType: value = 4
  [1585]  whenCreated: value = 20110525173004.0Z
  [1585]  whenChanged: value = 20110619154158.0Z
  [1585]  displayName: value = Admin Chris McBride
  [1585]  uSNCreated: value = 6188062
  [1585]  memberOf: value = CN=VPN_Users,OU=Security Groups,OU=Company OU,DC=localdomain,DC=com
  [1585]          mapped to IETF-Radius-Class: value = btvpn
  [1585]          mapped to LDAP-Class: value = btvpn
  [1585]  memberOf: value = CN=Websense Filtered Group,OU=Distribution Groups,OU=Company OU,DC=baer-t
  [1585]          mapped to IETF-Radius-Class: value = CN=Websense Filtered Group,OU=Distribution Groups,OU=Company OU,DC=localdomain,DC=com
  [1585]          mapped to LDAP-Class: value = CN=Websense Filtered Group,OU=Distribution Groups,OU=Company OU,DC=localdomain,DC=com
  [1585]  memberOf: value = CN=TS_Sec_Admin,OU=Terminal Server 2003,DC=localdomain,DC=com
  [1585]          mapped to IETF-Radius-Class: value = CN=TS_Sec_Admin,OU=Terminal Server 2003,DC=localdomain,DC=com
  [1585]          mapped to LDAP-Class: value = CN=TS_Sec_Admin,OU=Terminal Server 2003,DC=localdomain,DC=com
  [1585]  memberOf: value = CN=Domain Admins,CN=Users,DC=localdomain,DC=com
  [1585]          mapped to IETF-Radius-Class: value = CN=Domain Admins,CN=Users,DC=localdomain,DC=com
  [1585]          mapped to LDAP-Class: value = CN=Domain Admins,CN=Users,DC=localdomain,DC=com
  [1585]  memberOf: value = CN=Enterprise Admins,CN=Users,DC=localdomain,DC=com
  [1585]          mapped to IETF-Radius-Class: value = CN=Enterprise Admins,CN=Users,DC=localdomain,DC=com
  [1585]          mapped to LDAP-Class: value = CN=Enterprise Admins,CN=Users,DC=localdomain,DC=com
  [1585]  memberOf: value = CN=Schema Admins,CN=Users,DC=localdomain,DC=com
  [1585]          mapped to IETF-Radius-Class: value = CN=Schema Admins,CN=Users,DC=localdomain,DC=com
  [1585]          mapped to LDAP-Class: value = CN=Schema Admins,CN=Users,DC=localdomain,DC=com
  [1585]  uSNChanged: value = 6560745
  [1585]  name: value = Admin Chris McBride
  [1585]  objectGUID: value = ..Kj4..E..c.VCHT
  [1585]  userAccountControl: value = 512
  [1585]  badPwdCount: value = 0
  [1585]  codePage: value = 0
  [1585]  countryCode: value = 0
  [1585]  badPasswordTime: value = 129531669834218721
  [1585]  lastLogoff: value = 0
  [1585]  lastLogon: value = 129532463799841621
  [1585]  scriptPath: value = SLOGIC.BAT
  [1585]  pwdLastSet: value = 129508182041981337
  [1585]  primaryGroupID: value = 513
  [1585]  objectSid: value = ...............1...{C..2. ..
  [1585]  adminCount: value = 1
  [1585]  accountExpires: value = 9223372036854775807
  [1585]  logonCount: value = 90
  [1585]  sAMAccountName: value = cmcbride_a
  [1585]  sAMAccountType: value = 805306368
  [1585]  userPrincipalName: value = [email protected]
  [1585]  objectCategory: value = CN=Person,CN=Schema,CN=Configuration,DC=localdomain,DC=com
  [1585]  dSCorePropagationData: value = 20110525174152.0Z
  [1585]  dSCorePropagationData: value = 16010101000000.0Z
  [1585]  lastLogonTimestamp: value = 129529717185508866
  [1585]  msTSExpireDate: value = 20110803160858.0Z
  [1585]  msTSLicenseVersion: value = 393216
  [1585]  msTSManagingLS: value = 92573-029-5868087-27549
  [1585] Fiber exit Tx=633 bytes Rx=3420 bytes, status=1
  [1585] Session End

  As far as your configuration is concerned it looks perfectly fine. As you mentioned that the difference between the working and non working debugs is that in the non working debugs we do not see memberof attribute being retrieved.
  the main reason could be that the username "[email protected]" with which you are performing the LDAP bind does not have sufficient privileges to retreive all the attributes from all the users in the AD. This looks like permission issue at the AD user level.
  One thing you can try on the AD is to "Delegate Control" to this user ([email protected]) to "Read all properties" for all users and not just a subset of users. Please get in touch with AD Admin before making such a change on the AD.
  Here is an external link just to give an idea about delegation of control to "Read all properties"
  http://www.advproxy.net/ldapads.html

• Problem OIM OID Ldap Sync Configuration in 11g.

  Hi Team,
  I am doing OIM and OID LDAP Sync configuration There It is failed in "Configuration Process" Step.
  and also in weblogic OIM Maganaged server in ADMIN mode not in running mode.
  please find the both logs.
  *********************************Weblogic Logs**********************************************
  Enter username to boot WebLogic server:weblogic
  Enter password to boot WebLogic server:
  <28-Sep-2012 14:07:44 o'clock BST> <Info> <Management> <BEA-141107> <Version: We
  bLogic Server 10.3.5.0 Fri Apr 1 20:20:06 PDT 2011 1398638 >
  <28-Sep-2012 14:07:47 o'clock BST> <Notice> <WebLogicServer> <BEA-000365> <Serve
  r state changed to STARTING>
  <28-Sep-2012 14:07:47 o'clock BST> <Info> <WorkManager> <BEA-002900> <Initializi
  ng self-tuning thread pool>
  <28-Sep-2012 14:07:48 o'clock BST> <Notice> <Log Management> <BEA-170019> <The s
  erver log file E:\Oracle\Middleware\user_projects\domains\IAM_domain\servers\oim
  server1\logs\oimserver1.log is opened. All server side log events will be writ
  ten to this file.>
  28-Sep-2012 14:07:56 oracle.security.am.common.nap.util.NAPLogger log
  SEVERE: Failed to communicate with any of configured Access Server, ensure that
  it is up and running.
  <28-Sep-2012 14:07:57 o'clock BST> <Notice> <Security> <BEA-090082> <Security in
  itializing using security realm myrealm.>
  <28-Sep-2012 14:08:04 o'clock BST> <Notice> <WebLogicServer> <BEA-000365> <Serve
  r state changed to STANDBY>
  <28-Sep-2012 14:08:04 o'clock BST> <Notice> <WebLogicServer> <BEA-000365> <Serve
  r state changed to STARTING>
  <28-Sep-2012 14:08:20 o'clock BST> <Warning> <oracle.jps.upgrade> <JPS-06003> <C
  annot migrate credential folder/key ADF/anonymous#oimBpelCredKey.Reason oracle.s
  ecurity.jps.service.credstore.CredentialAlreadyExistsException: JPS-01007: The c
  redential with map ADF and key anonymous#oimBpelCredKey already exists..>
  <28-Sep-2012 14:08:21 o'clock BST> <Warning> <oracle.adf.share.ADFContext> <BEA-
  000000> <Automatically initializing a DefaultContext for getCurrent.
  Caller should ensure that a DefaultContext is proper for this use.
  Memory leaks and/or unexpected behaviour may occur if the automatic initializati
  on is performed improperly.
  This message may be avoided by performing initADFContext before using getCurrent
  To see the stack trace for thread that is initializing this, set the logging lev
  el of oracle.adf.share.ADFContext to FINEST>
  <28-Sep-2012 14:08:24 o'clock BST> <Error> <Deployer> <BEA-149205> <Failed to in
  itialize the application 'oim [Version=11.1.1.3.0]' due to error oracle.iam.plat
  form.utils.OIMAppInitializationException:
  OIM application intialization failed because of the following reasons:
  oim-config.xml was not found in MDS Repository.
  Unable to find keystore ".xldatabasekey" in <DOMAIN_HOME>/config/fmwconfig/.
  Password for OIMSchemaPassword is not seeded in CSF.
  Password for xell is not seeded in CSF.
  Password for DataBaseKey is not seeded in CSF.
  Password for JMSKey is not seeded in CSF.
  Password for .xldatabasekey is not seeded in CSF.
  Password for default-keystore.jks is not seeded in CSF.
  Password for SOAAdminPassword is not seeded in CSF.
  oracle.iam.platform.utils.OIMAppInitializationException:
  OIM application intialization failed because of the following reasons:
  oim-config.xml was not found in MDS Repository.
  Unable to find keystore ".xldatabasekey" in <DOMAIN_HOME>/config/fmwconfig/.
  Password for OIMSchemaPassword is not seeded in CSF.
  Password for xell is not seeded in CSF.
  Password for DataBaseKey is not seeded in CSF.
  Password for JMSKey is not seeded in CSF.
  Password for .xldatabasekey is not seeded in CSF.
  Password for default-keystore.jks is not seeded in CSF.
  Password for SOAAdminPassword is not seeded in CSF.
  at oracle.iam.platform.utils.OIMAppInitializationListener.preStart(OIMAp
  pInitializationListener.java:145)
  at weblogic.application.internal.flow.BaseLifecycleFlow$PreStartAction.r
  un(BaseLifecycleFlow.java:282)
  at weblogic.security.acl.internal.AuthenticatedSubject.doAs(Authenticate
  dSubject.java:321)
  at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:
  120)
  at weblogic.application.internal.flow.BaseLifecycleFlow$LifecycleListene
  rAction.invoke(BaseLifecycleFlow.java:199)
  Truncated. see log file for complete stacktrace
  Caused By: oracle.iam.platform.utils.OIMAppInitializationException:
  OIM application intialization failed because of the following reasons:
  oim-config.xml was not found in MDS Repository.
  Unable to find keystore ".xldatabasekey" in <DOMAIN_HOME>/config/fmwconfig/.
  Password for OIMSchemaPassword is not seeded in CSF.
  Password for xell is not seeded in CSF.
  Password for DataBaseKey is not seeded in CSF.
  Password for JMSKey is not seeded in CSF.
  Password for .xldatabasekey is not seeded in CSF.
  Password for default-keystore.jks is not seeded in CSF.
  Password for SOAAdminPassword is not seeded in CSF.
  at oracle.iam.platform.utils.OIMAppInitializationListener.preStart(OIMAp
  pInitializationListener.java:145)
  at weblogic.application.internal.flow.BaseLifecycleFlow$PreStartAction.r
  un(BaseLifecycleFlow.java:282)
  at weblogic.security.acl.internal.AuthenticatedSubject.doAs(Authenticate
  dSubject.java:321)
  at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:
  120)
  at weblogic.application.internal.flow.BaseLifecycleFlow$LifecycleListene
  rAction.invoke(BaseLifecycleFlow.java:199)
  Truncated. see log file for complete stacktrace
  >
  <28-Sep-2012 14:08:24 o'clock BST> <Warning> <Munger> <BEA-2156203> <A version a
  ttribute was not found in element application in the deployment descriptor in E:
  \Oracle\Middleware\Oracle_IDM1\server\apps\spml-xsd.ear/META-INF/application.xml
  . A version attribute is required, but this version of the Weblogic Server will
  assume that the JEE5 is used. Future versions of the Weblogic Server will reject
  descriptors that do not specify the JEE version.>
  <28-Sep-2012 14:08:24 o'clock BST> <Warning> <Munger> <BEA-2156203> <A version a
  ttribute was not found in element application in the deployment descriptor in E:
  \Oracle\Middleware\user_projects\domains\IAM_domain\servers\oim_server1\tmp\_WL_
  user\spml-xsd\s8d2b9/META-INF/application.xml. A version attribute is required,
  but this version of the Weblogic Server will assume that the JEE5 is used. Futur
  e versions of the Weblogic Server will reject descriptors that do not specify th
  e JEE version.>
  <28-Sep-2012 14:08:24 o'clock BST> <Emergency> <Deployer> <BEA-149259> <Server '
  oim_server1' in cluster 'OIM_Cluster' is being brought up in administration stat
  e due to failed deployments.>
  Loading xalan.jar for XPathAPI.
  14:08:30 INFO [[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default
  (self-tuning)'] -
  ----------------- NEXAWEB SERVER LICENSE ------------------
  - Customer ID : 122
  - License type : Enterprise
  - Max unique IPs : unlimited
  - Max XUL sessions : unlimited
  - Max CPUs/server : unlimited
  - Clustering allowed : true
  - Expiration date : none
  Nexaweb Technologies Inc.(C)2000-2004. All Rights Reserved.
  Nexaweb Technologies Inc.
  10 Canal Park
  Cambridge, MA 02141
  Tel: 617.577.8100. Email: [email protected]
  14:08:31 INFO [[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default
  (self-tuning)'] - Clustering is OFF.
  14:08:31 INFO [[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default
  (self-tuning)'] - Servlet Engine: WebLogic Server 10.3.5.0 Fri Apr 1 20:20:06 PD
  T 2011 1398638 Oracle WebLogic Server Module Dependencies 10.3 Thu Mar 3 14:37:5
  2 PST 2011 Oracle WebLogic Server on JRockit Virtual Edition Module Dependencies
  10.3 Thu Feb 3 16:30:47 EST 2011
  14:08:31 INFO [[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default
  (self-tuning)'] - Servlet API Version: 2.5
  14:08:31 INFO [[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default
  (self-tuning)'] - Nexaweb Server Info = Nexaweb Server 3.3.1072
  14:08:31 INFO [[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default
  (self-tuning)'] - Nexaweb Server initialized successfully.
  <28-Sep-2012 14:08:34 o'clock BST> <Notice> <Log Management> <BEA-170027> <The S
  erver has established connection with the Domain level Diagnostic Service succes
  sfully.>
  <28-Sep-2012 14:08:34 o'clock BST> <Notice> <Cluster> <BEA-000197> <Listening fo
  r announcements from cluster using unicast cluster messaging>
  <28-Sep-2012 14:08:34 o'clock BST> <Notice> <Cluster> <BEA-000133> <Waiting to s
  ynchronize with other running members of OIM_Cluster.>
  <28-Sep-2012 14:09:04 o'clock BST> <Notice> <Server> <BEA-002613> <Channel "Defa
  ult[2]" is now listening on 127.0.0.1:14000 for protocols iiop, t3, CLUSTER-BROA
  DCAST, ldap, snmp, http.>
  <28-Sep-2012 14:09:04 o'clock BST> <Notice> <Server> <BEA-002613> <Channel "Defa
  ult[3]" is now listening on 0:0:0:0:0:0:0:1:14000 for protocols iiop, t3, CLUSTE
  R-BROADCAST, ldap, snmp, http.>
  <28-Sep-2012 14:09:04 o'clock BST> <Notice> <Server> <BEA-002613> <Channel "Defa
  ult[1]" is now listening on fe80:0:0:0:0:5efe:a2f:f22a:14000 for protocols iiop,
  t3, CLUSTER-BROADCAST, ldap, snmp, http.>
  <28-Sep-2012 14:09:04 o'clock BST> <Warning> <Server> <BEA-002611> <Hostname "UK
  SHWTOAP03A.skandia.co.uk", maps to multiple IP addresses: 10.47.242.42, 0:0:0:0:
  0:0:0:1>
  <28-Sep-2012 14:09:04 o'clock BST> <Notice> <Server> <BEA-002613> <Channel "Defa
  ult" is now listening on 10.47.242.42:14000 for protocols iiop, t3, CLUSTER-BROA
  DCAST, ldap, snmp, http.>
  <28-Sep-2012 14:09:04 o'clock BST> <Notice> <WebLogicServer> <BEA-000330> <Start
  ed WebLogic Managed Server "oim_server1" for domain "IAM_domain" running in Prod
  uction Mode>
  <28-Sep-2012 14:09:04 o'clock BST> <Notice> <WebLogicServer> <BEA-000365> <Serve
  r state changed to ADMIN>
  <28-Sep-2012 14:09:04 o'clock BST> <Notice> <WebLogicServer> <BEA-000360> <Serve
  r started in ADMIN mode>
  **********************************OIM OID Ldap Sync Configuration Logs****************************
  [2012-09-28T14:49:11.171+01:00] [as] [NOTIFICATION] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [[
  [OIM_CONFIG] Updating Ldap Sync Configuration
  [2012-09-28T14:49:11.171+01:00] [as] [TRACE:16] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [SRC_CLASS: LdapSync] [SRC_METHOD: configurationLdap] ENTRY
  [2012-09-28T14:49:11.171+01:00] [as] [TRACE] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [SRC_CLASS: oracle.as.install.oim.config.util.LdapSync] [SRC_METHOD: configurationLdap] Create the Database connection
  [2012-09-28T14:49:11.171+01:00] [as] [TRACE:16] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [SRC_CLASS: LdapSync] [SRC_METHOD: createDBConnection] ENTRY
  [2012-09-28T14:49:11.296+01:00] [as] [TRACE] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [SRC_CLASS: oracle.as.install.oim.config.util.LdapSync] [SRC_METHOD: configurationLdap] isLIBOVD:true
  [2012-09-28T14:49:11.312+01:00] [as] [TRACE:16] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [SRC_CLASS: LdapSync] [SRC_METHOD: closeDBConnection] ENTRY
  [2012-09-28T14:49:11.312+01:00] [as] [TRACE:16] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [SRC_CLASS: LdapSync] [SRC_METHOD: closeDBConnection] RETURN
  [2012-09-28T14:49:11.312+01:00] [as] [TRACE:16] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [SRC_CLASS: LdapSync] [SRC_METHOD: configurationLdap] RETURN
  [2012-09-28T14:49:11.312+01:00] [as] [NOTIFICATION] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [[
  Updated LDAP Server Details in mds schema
  [2012-09-28T14:49:11.312+01:00] [as] [TRACE:16] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [SRC_CLASS: LdapSync] [SRC_METHOD: configurationLdap] RETURN
  [2012-09-28T14:49:11.812+01:00] [as] [NOTIFICATION] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [OIM_CONFIG] Updated LDAPContainerRules.xml.
  [2012-09-28T14:49:11.812+01:00] [as] [TRACE:16] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [SRC_CLASS: mdsMetadata] [SRC_METHOD: loadEventhandler] RETURN
  [2012-09-28T14:49:14.687+01:00] [as] [NOTIFICATION] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [[
  [OIM_CONFIG] Created jobs using seedSchedulerData. Log location C:\Program Files\Oracle\Inventory\logs
  [2012-09-28T14:49:14.687+01:00] [as] [ERROR] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] File not found[[
  java.io.FileNotFoundException: File not found
       at java.util.zip.ZipFile.open(Native Method)
       at java.util.zip.ZipFile.<init>(ZipFile.java:117)
       at java.util.jar.JarFile.<init>(JarFile.java:135)
       at java.util.jar.JarFile.<init>(JarFile.java:72)
       at oracle.as.install.oim.config.util.RoleSODJarUtil.updateFile(RoleSODJarUtil.java:32)
       at oracle.as.install.oim.config.OIMConfigManager.configureOIM(OIMConfigManager.java:783)
       at oracle.as.install.oim.config.OIMConfigManager.doExecute(OIMConfigManager.java:538)
       at oracle.as.install.engine.modules.configuration.client.ConfigAction.execute(ConfigAction.java:335)
       at oracle.as.install.engine.modules.configuration.action.TaskPerformer.run(TaskPerformer.java:87)
       at oracle.as.install.engine.modules.configuration.action.TaskPerformer.startConfigAction(TaskPerformer.java:104)
       at oracle.as.install.engine.modules.configuration.action.ActionRequest.perform(ActionRequest.java:15)
       at oracle.as.install.engine.modules.configuration.action.RequestQueue.perform(RequestQueue.java:63)
       at oracle.as.install.engine.modules.configuration.standard.StandardConfigActionManager.start(StandardConfigActionManager.java:158)
       at oracle.as.install.engine.modules.configuration.boot.ConfigurationExtension.kickstart(ConfigurationExtension.java:81)
       at oracle.as.install.engine.modules.configuration.ConfigurationModule.run(ConfigurationModule.java:83)
       at java.lang.Thread.run(Thread.java:662)
  [2012-09-28T14:49:14.687+01:00] [as] [NOTIFICATION] [] [oracle.as.provisioning] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] [[
  [OIM_CONFIG] Failed configuration step Configure OIM Server
  [2012-09-28T14:49:14.702+01:00] [as] [ERROR] [] [oracle.as.install.engine.modules.configuration.standard.StandardConfigActionManager] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] One or More configurations failed. Exiting
  [2012-09-28T14:49:14.702+01:00] [as] [NOTIFICATION] [] [oracle.as.install.engine.modules.statistics] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] Install Adapter: Mark End for:CONFIG
  [2012-09-28T14:49:14.702+01:00] [as] [NOTIFICATION] [] [oracle.as.install.engine.modules.statistics] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] Install Adapter: Mark End for:INTERVIEW
  [2012-09-28T14:49:14.702+01:00] [as] [NOTIFICATION] [] [oracle.as.install.engine.modules.statistics] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] Install Adapter: Mark End for:INSTALL
  [2012-09-28T14:49:14.702+01:00] [as] [NOTIFICATION] [] [oracle.as.install.engine.modules.statistics] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] Install Adapter: Mark End for:COPY
  [2012-09-28T14:49:14.702+01:00] [as] [NOTIFICATION] [] [oracle.as.install.engine.modules.statistics] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] Install Adapter: Mark End for:LINK
  [2012-09-28T14:49:14.765+01:00] [as] [NOTIFICATION] [] [oracle.as.install.engine] [tid: 12] [ecid: 0000JcD8obD9pYjpp0_AiY1GPQHh000003,0] Setting valueOf(IS CONFIGURATION SUCCESSFUL) to:false. Value obtained from:USER
  [2012-09-28T15:11:21.461+01:00] [as] [NOTIFICATION] [] [oracle.as.install.engine] [tid: 11] [ecid: 0000JcD2jfD9pYjpp0_AiY1GPQHh000002,0] Setting valueOf(IS CONFIGURATION SUCCESSFUL) to:false. Value obtained from:USER
  [2012-09-28T15:11:27.914+01:00] [as] [NOTIFICATION] [] [oracle.as.install.engine] [tid: 11] [ecid: 0000JcD2jfD9pYjpp0_AiY1GPQHh000002,0] Setting valueOf(IS CONFIGURATION SUCCESSFUL) to:false. Value obtained from:USER
  Regards,
  Ravi.

  Your log files too give some hint... Please verify whether following files like .xldatabasekey are present in your environment:-
  OIM application intialization failed because of the following reasons:
  oim-config.xml was not found in MDS Repository.
  Unable to find keystore ".xldatabasekey" in <DOMAIN_HOME>/config/fmwconfig/.
  Password for OIMSchemaPassword is not seeded in CSF.
  Password for xell is not seeded in CSF.
  Password for DataBaseKey is not seeded in CSF.
  Password for JMSKey is not seeded in CSF.
  Password for .xldatabasekey is not seeded in CSF.
  Password for default-keystore.jks is not seeded in CSF.
  Password for SOAAdminPassword is not seeded in CSF.
  I doubt whether OIM is properly installed in your environment otherwise .xldatabasekey would have been present in <DOMAIN_HOME>/config/fmwconfig..
  Also, as far as Weblogic starting in ADMIN mode is concerned, you may try to do the following...
  ps -eaf| grep AdminServer
  Kill the process
  Then remove the lok file. i.e. Lock files...
  rm -rf /home/oracle/Oracle/Middleware/user_projects/domains/oimdomain/servers/oim_server1/tmp/*oim_server1.lok*
  rm -rf /home/oracle/Oracle/Middleware/user_projects/domains/oimdomain/servers/soa_server1/tmp/*soa_server1.lok*
  rm -rf /home/oracle/Oracle/Middleware/user_projects/domains/oimdomain/servers/AdminServer/tmp/*AdminServer.lok*
  After that
  Take the backup of /home/oracle/Oracle/Middleware/user_projects/domains/<DOMAIN_HOME>/servers/AdminServer/data/ldap/ldapfiles (I mean CUT this folder and save it in Backup folder..
  Share the result with us....