PAS with LDAP bind

Hi,
I have a similar requirement re PAS with LDAP bind. Is anybody on SCN able to share your solution?
Thanks & regards
Anthony
Message was edited by: Oisin ONidh
Branched to a NEW thread as was posted onto an OLD thread. Modify thread to reflect this change
ITS SCN Moderator

Hello Anthony,
Can you provide further details on your query and also it's relation to using ITS/WEBGUI?
Regards,
Oisin

Similar Messages

  • Error in authentication with ldap server with certificate

    Hi,
    i have a problem in authentication with ldap server with certificate.
    here i am using java API to authenticate.
    Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed.
    I issued the new certificate which is having the up to 5 years valid time.
    is java will authenticate up to one year only?
    Can any body help on this issue...
    Regards
    Ranga

    sorry i am gettting ythe same error
    javax.naming.CommunicationException: simple bind failed: servername:636 exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed]
    here when i am using the old certificate and changing the system date means i can get the authentication.
    can you tell where we can concentrate and solve the issue..
    where is the issue
    1. need to check with the ldap server only
    2. problem in java code only.
    thanks in advance

  • EDSPermissionError(-14120) problems with LDAP, SSL and Directory Utility

    Hello everyone,
    Apologies for the repost but I think I may have made a mistake by posting this originally in the Installation, Setup and Migration forum instead of the Open Directory forum. At least I think that may be why I didn't receive any responses.
    Anyway, I've been trying to get my head around Open Directory and SSL as they are implemented in Mac OS X Server 10.5 Leopard, and have been having a few issues. I would like to set up a secure internal infrastructure based around a local Certificate Authority that signs certificates for other internal services like LDAP, email, websites, etc.
    I only have one Mac OS X Server and it is kind of a small office so I have gone against best practice and simply made it a CA (through Keychain Utility). I then generated a self-signed SSL certificate through Server Admin, and used the "Generate CSR" option to create a Certificate Signing Request. This went fine, but I did have some problems signing it with the CA, because the server documentation suggested that once I signed it it would pop open a Mail message containing the ASCII version of the signed certificate - it did not, and it took me a loooong time to realize that I could simply export the copy of the signed certificate it put in my local Keychain on the server as a PEM file and paste this back into the "Add Signed or Renewed Certificate from Certificate Authority" dialog box in Server Admin. Hopefully this can be fixed in a forthcoming patch, but I thought I would mention it here in case anyone else is stuck on this issue.
    Once I did this I was able to use this certificate in the web server on the same machine and sure enough I was able to connect to it with with clients who had installed the CA certificate in their system Keychains without getting any error messages - very cool.
    However, I haven't had quite as much luck getting it going with LDAP/Open Directory. I installed the certificate there as well, but have run into a number of problems. At first I could not get clients (also running 10.5.2) to talk to the server at all over SSL, receiving an error in Directory Utility that the server did not support SSL. I eventually discovered that the problem seemed to lie in the fact that the OpenLDAP implementation on Leopard is not tied in with the system Keychain, necessitating some command-line voodoo to install a copy of the CA cert in a local directory and point /etc/openldap/ldap.conf at it, as documented here: http://www.afp548.com/article.php?story=20071203011158936
    This allowed me to do an ldapsearch command over SSL, and seemingly turn SSL on on clients that were previously bound to the directory, and additionally allowed me to run Directory Utility on new clients and put in the server name with the SSL box checked and begin to go through the process of binding. Once this seemed to work, I turned off all plaintext LDAP communication and locked down the service by checking the "Enable authenticated directory binding," "Require authenticated binding," "Disable clear text passwords," and "Encrypt all packets" options in Server Admin. However, I am now running into a new problem, specifically that I cannot successfully bind a local account to a directory account over SSL.
    Here's what happens:
    1) I run Directory Utility, (or it auto-runs) and add a server, typing in the DNS name and clicking the SSL box.
    2) I get asked to authenticate, and type in user credentials, including computer name (incidentally, should this be a FQDN or just a hostname?)
    3) Provided I put admin credentials in here and not user-level credentials, I get taken to the "Do you want to set up Mail, VPN, etc.?" box that normally appears when you autodiscover or connect to an Open Directory server.
    4) I click through, and am asked for a username and password on the server, as well as the password for my local account.
    5) When I put this information in, I get a popup with the dreaded "eDSPermissionError(-14120)" and it fails.
    Checking the logs in Server Admin reveals nothing special, and while I have seen a couple other threads on this error and various other binding problems:
    http://discussions.apple.com/thread.jspa?messageID=5967023
    http://discussions.apple.com/message.jspa?messageID=5982070
    these have not solved the problem. In the Open Directory user name field I am putting the short username. I have tried putting [email protected] and the user's longname but this fails by saying the account does not exist. For some reason it does seem to work if I bind it to the initial admin account I created, but no other user accounts.
    If I turn all the encryption stuff off I am able to join just fine, so I am suspecting that the error may lie in some other "under the hood" piece of software that doesn't get the CA trust settings from the Keychain or the ldap.conf file, but I'm stymied as to which piece of software this might be. Does anyone have any clues on what I might be able to do here?
    Thanks,
    Andrew

    Hard to tell what is happening without looking at the application
    source, knowing what OS & hardware you're using etc. You might want to
    try running with different JVM versions to see if it's actually the VM
    that is the problem. If you have a support contract with BEA you could
    ask support to help you diagnose this.
    Regards,
    /Helena
    Ayub Khan wrote:
    I have an application running on Weblogic 8.1 ( with JRockit as the JVM). This
    application in turns talks to an iPlanet Directory server via LDAP/SSL. The problem
    seems to happen on loading the machine..the performance progressively gets worse
    and after a couple of seconds, all the threads stop responding. I checked the
    heap, cpu and the idle threads in the execute queue and there is nothing there
    to trigger alarms...there are quite a few idle threads still and the heap and
    the cpu utilization seem OK. On doing a thread dump, Is see that all the other
    threads seem to be in a state where they are waiting for data from LDAP and it
    is basically read only data that they are waiting on.
    Does anyone know what it is going on and help point me in the right direction.
    -Ayub

  • LDAP Binding issue.

    Hi,
    I've been testing out the novell ldap library against an openldap
    server and found an issue with the binding.
    When I try to do the following (c#):
    Code:
    string password = "MyPass"
    LdapConnection conn = new LdapConnection();
    conn.Connect("ldap", 389);
    conn.Bind("uid="michael",ou=people,o=myfirm", password + "test"); // should not authenticate as I add test to the password string.
    This seems to authenticate me all fine and don't give me a ldap
    exception that I get if "MyPass" is wrong. So as long as the password is
    correct I can add whatever chars to the end and it will still
    authenticate.
    Am I doing something wrong or is this a bug?
    Regards,
    Michael.
    mikeso
    mikeso's Profile: http://forums.novell.com/member.php?userid=48915
    View this thread: http://forums.novell.com/showthread.php?t=367505

    Did some more testing with our operations deparment and this seems to be
    an error on our ldap server with some users.
    Sorry for taking up your time.
    Regards,
    Michael.
    mikeso
    mikeso's Profile: http://forums.novell.com/member.php?userid=48915
    View this thread: http://forums.novell.com/showthread.php?t=367505

  • Integrating Hyperion Shared services with LDAP

    Hi All,
    I have a quick question regarding managing LDAP users using Shared services. I was able to create connection with LDAP using "anonymous bind" but now when I try to see the LDAP users in Shared services , it says no records. How can I see the records ?
    Please help.

    Suggest you talk to your IT people who setup that specific id. Tell them you need the Distinguished Name (DN) of that user -- usually they will have the user placed in a set of containers which may be several levels deep depending on how they organize the directory.
    If you were using Active Directory rather than LDAP you could use AD Explorer to locate the user and you can find the DN yourself. AD Explorer is available at: http://technet.microsoft.com/en-us/sysinternals/bb963907
    Regards,
    John A. Booth
    http://www.metavero.com

  • Heimdal with LDAP backend?

    Has anyone gotten the LDAP backend for Heimdal to work? I've recompiled Heimdal with ldap backend support, and I have LDAP all set up, but no matter what I do, when I run kadmin to init the realm, I get this:
    [arew264@Reno src]$ sudo kadmin -l
    kadmin> init LINUXLAB.FHS
    kadmin: hdb_open: ldap_sasl_bind_s: Can't contact LDAP server
    From what I've read, Heimdal connects to LDAP through the unix socket that LDAP creates when you start it with the option "-h ldapi://", but if I start it with this option, it crashes with a file not found error. I think it's trying to create a socket in the directory where it was built because it outputs this:
    [arew264@Reno slapd]$ sudo /usr/sbin/slapd -h ldapi:// -f /etc/openldap/slapd.conf -d 1023
    @(#) $OpenLDAP: slapd 2.3.40 (Jan 17 2008 23:58:45) $
    nobody@tygra:/build/src/openldap-2.3.40/servers/slapd
    daemon_init: ldapi://
    daemon_init: listen on ldapi://
    daemon_init: 1 listeners to open...
    ldap_url_parse_ext(ldapi://)
    daemon: bind(7) failed errno=2 (No such file or directory)
    slap_open_listener: failed on ldapi://
    slapd stopped.
    connections_destroy: nothing to destroy.
    [arew264@Reno slapd]$
    That nobody@tygra line... that must be from the package maintainer's computer because, as you can see, my box is named Reno.

    I answered my own question. Appending LDAPI:// to the server list tells OpenLDAP to create a unix socket at... /var/lib/openldap/run/ldapi. Apparantly it's a strange side effect of the configure options that TomK used.

  • DNS with LDAP

    Hello all I finally got authentication working with LDAP and we would like to integrate DNS into our DS51 is anyone else doing this ?? We are currently using Bind9 I have been search over the bind9 archives nad have not been able to come up with anyting if anyone here has DNS integrated can you please give me a heads up on how you are doing this thankyou.

    Try using LDAPDNS (http://www.nimh.org/code/ldapdns/)...
    It doesn't use any of the old bind cruft, it's entirely new code based on ldap.

  • Ldap bind mechanism in java

    Hello all,
    Im facing find solution for ldap bind similar to [ldap_bind|http://php.net/manual/en/function.ldap-bind.php] function in php.
    it seems easy and nice.
    I had look around the web and some forums and got direction to use this
    But this is not similar solution as in php.
    ldap_bind use only conection, userName and password dont know nothing about password hash method and will verify credentials as valid or invalid.
    Anyone have informaiton or ideas how to do it in java?
    Petr, cz
    Edited by: PetrCZ on May 19, 2010 11:22 PM
    Edited by: PetrCZ on May 19, 2010 11:23 PM

    You don't need to know the LDAP hash at all to do a bind and user password check. That's against security - why would a administrator let anyone know what hashing he uses - thats letting an important piece of your security out (even though thesemodern hashes are pretty much ir-reversible)
    All you need is use Sun JNDI code to do a bind , use authentication method Simple and then gives user's id and password in clear-text. Directory server will itself take care of converting clear text password passed by you and comparing it with hashed user password in LDAP.
    From your code perspective if you get a DirContext back - your bind was successful otherwise you will get a NamingEnumeration exception.
    try reading through DirContext InitialDirContext ... just do a random search and you should get numerous helper code over internet.

  • Untrusted server cert chain - while connecting with ldap

    Hi All,
    I am getting the following error while running a standalone java program in windows 2000+jdk1.3 environment to connect with LDAP.
    javax.naming.CommunicationException: hostname:636 [Root exception is ja
    vax.net.ssl.SSLException: untrusted server cert chain]
    javax.naming.CommunicationException: hostname:636. Root exception is j
    avax.net.ssl.SSLException: untrusted server cert chain
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.a(DashoA12275)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(DashoA12
    275)
    at com.sun.net.ssl.internal.ssl.Handshaker.process_record(DashoA12275)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
    at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA12275)
    at java.io.OutputStream.write(Unknown Source)
    at com.sun.jndi.ldap.Connection.<init>(Unknown Source)
    at com.sun.jndi.ldap.LdapClient.<init>(Unknown Source)
    at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
    at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
    at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)
    at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
    at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
    at javax.naming.InitialContext.init(Unknown Source)
    at javax.naming.InitialContext.<init>(Unknown Source)
    at javax.naming.directory.InitialDirContext.<init>(Unknown Source)
    at Test2.getProxyDirContext(Test2.java:66)
    at Test2.main(Test2.java:40)
    Any help would be appreciated
    Thanks in Advance
    Somu

    This got resolved when in the code the following
    System.setProperty("javax.net.ssl.tmrustStore", CertFileName);
    where cert file name is the filename with complete path.the file is a CA certificate of the LDAP server
    in X509 format

  • Problem with LDAP in BEA Portal

    Problem with LDAP in BEA Portal
    I have a list of 50 user which should be cerated in portal staging(devlopment) machine and should be transfered to
    production machine using LDAP
    Steps which i followed to create Users
    1.Create User Profile with 2 parameters branch and Role
    2.I have list user in the Xls file with Username,password ,branch and Role
    3.Write a java File which will read the Xls File
    4.The users are created in the staging machine for the portal
    Steps which i followed in LDAP to tranfer the created User form Devlopment to Production
    1.Export the created user from Devlopment (which was moved as .DAT in my local directory)
    2.import the user from local direcory to production machine
    The Users are imported in the production machine with username and password but the role and branch values are empty
    We need a solution for importing the user with role and branch corresponding to each user.
    Thanks in Adv
    Suresh

    In Portal 8.1, user name and password in stored in LDAP where as user profile values are stored in database. That is the reason you are not able to see the user profile values.
    Check once again whether you can see these values through admin tool. In case,it is not(after confirmation again),you might have to use APIs to do this for you incase you dont want to manage through Admin Tool.
    Thanks,
    Prashanth Bhat.

  • Is there a way to create SQL Dev reports with validated binds?

    Is there a way to create SQL Dev reports with validated binds similar to the way user defined extensions can have <prompts> with a <value> that is a SQL statement returning a list of possible values?
    This sure would make select appropriate values for binds in reports easier and less error prone.

    Maybe a forum search on "Windows registry" would turn up some useful things. You're not the first to ask this. You might save yourself and everyone else some time if you'd simply do that.

  • Problem with users in portal - login conflict with LDAP.

    Hi.
    Let me describe our problem:
    We've a EP5 portal with LDAP conected to a central LDAP server, users access with the same user and password to all the different systems.
    The problem happens to users who have theyr passwords expired. We already set to 0 the password expiration days to avoid future problems but that didn't applied to the already expired ones.
    This affected users cannot change the password due to problems with the connection rights to LDAP server.
    We're trying to find the place there it's set that the user is in some kind of "password expired" status, directly in a database table if neccesary, to change the status manually, as system does not allow os to set it by user administration in portal.
    Any suggestions would be appreciated.

    Restoring expired Portal passwords
    Solved

  • LDAP/AD Role group user login issue in sharepoint 2010 FBA with LDAP

    Hi.
    I created sharepoint 2010 site with LDAP FBA.If I add the AD user as form based user and try to login to my site its working very well but if I add a AD Group in to my site and try to login with one of the AD user of this group its say "Access
    Denied".
    In my project we want add AD group in sharepoin Groups not a individual AD users.
    Can anyone help me with this please its urgant?

    I added both LDAP membership and LDAP Role provider.And I can also find groups in people picker in my Central Admin and FBA Web app site colleciton.  
    <add name="ADMembers"
    type="Microsoft.Office.Server.Security.LDAPMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"
    server="company.com"
    port="389"
    useSSL="false"
    userNameAttribute="sAMAccountName"
    userContainer="DC=company,DC=com"
    userObjectClass="person"
    userFilter="(|(ObjectCategory=group)(ObjectClass=person))"
    userDNAttribute="distinguishedName"
    scope="Subtree"
    enableSearchMethods="true"
    otherRequiredUserAttributes="sn,givenname,cn"
    />
    <add name="ADRoles"
    type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
    server="Company.com"
    port="389"
    useSSL="false"
    groupContainer="DC=Company,DC=com"
    groupNameAttribute="cn"
    groupNameAlternateSearchAttribute="samAccountName"
    groupMemberAttribute="member"
    userNameAttribute="sAMAccountName"
    dnAttribute="distinguishedName"
    groupFilter="(ObjectClass=group)"
    userFilter="(ObjectClass=person)"
    scope="Subtree" />

  • Policy agent 2.2 amfilter local authentication with session binding failed

    Hi All,
    I have policy agent 2.2 for weblogic 8.1 sp4 installed on redhat linux. All are working fine in my development box. But I was running all the process under user root, so today I decided to change it to a regular user, joe. I changed all the files' owner for weblogic server and policy agent from root to joe, and restart server as user Joe. After the change, I can not access the application on Weblogic server. I changed file ownership back to root and restart weblogic server as root, still same error.
    Here is the error I got:
    10.4.4 403 Forbidden
    The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated. If the request method was not HEAD and the server wishes to make public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity. This status code is commonly used when the server does not wish to reveal exactly why the request has been refused, or when no other response is applicable.
    Here is the error I found from agent log file, amFilter:
    AmFilter: now processing: SSO Task Handler
    05/24/2006 06:27:08:127 PM PDT: Thread[ExecuteThread: '14' for queue: 'weblogic.kernel.Default',5,Thread Group for Queue: 'weblogic.kernel.Default']
    SSOTaskHandler: caching SSO Token for user uid=amAdmin,ou=People,dc=etouch,dc=net
    05/24/2006 06:27:08:127 PM PDT: Thread[ExecuteThread: '14' for queue: 'weblogic.kernel.Default',5,Thread Group for Queue: 'weblogic.kernel.Default']
    AmBaseSSOCache: cached the sso token for user principal : uid=amadmin,ou=people,dc=etouch,dc=net sso token: AQIC5wM2LY4Sfcx4XY/x/M7G1Y3ScVjFj8E3oT0BV45mh0Q=@AAJTSQACMDE=#, cache size = 1
    05/24/2006 06:27:08:127 PM PDT: Thread[ExecuteThread: '14' for queue: 'weblogic.kernel.Default',5,Thread Group for Queue: 'weblogic.kernel.Default']
    SSOTaskHandler: SSO Validation successful for uid=amAdmin,ou=People,dc=etouch,dc=net
    05/24/2006 06:27:08:128 PM PDT: Thread[ExecuteThread: '14' for queue: 'weblogic.kernel.Default',5,Thread Group for Queue: 'weblogic.kernel.Default']
    AmFilter: now processing: J2EE Local Logout Task Handler
    05/24/2006 06:27:08:128 PM PDT: Thread[ExecuteThread: '14' for queue: 'weblogic.kernel.Default',5,Thread Group for Queue: 'weblogic.kernel.Default']
    AmFilter: local logout skipped SSO User => amAdmin, principal =>null
    05/24/2006 06:27:08:128 PM PDT: Thread[ExecuteThread: '14' for queue: 'weblogic.kernel.Default',5,Thread Group for Queue: 'weblogic.kernel.Default']
    AmFilter: now processing: J2EE Local Auth Task Handler
    05/24/2006 06:27:08:128 PM PDT: Thread[ExecuteThread: '14' for queue: 'weblogic.kernel.Default',5,Thread Group for Queue: 'weblogic.kernel.Default']
    LocalAuthTaskHandler: No principal found. Initiating local authentication for amAdmin
    05/24/2006 06:27:08:128 PM PDT: Thread[ExecuteThread: '14' for queue: 'weblogic.kernel.Default',5,Thread Group for Queue: 'weblogic.kernel.Default']
    LocalAuthTaskHandler: doing local authentication with session binding
    05/24/2006 06:27:08:129 PM PDT: Thread[ExecuteThread: '14' for queue: 'weblogic.kernel.Default',5,Thread Group for Queue: 'weblogic.kernel.Default']
    LocalAuthTaskHandler: Local authentication failed, invalidating session.05/24/2006 06:27:08:129 PM PDT: Thread[ExecuteThread: '14' for queue: 'weblogic.kernel.Default',5,Thread Group for Queue: 'weblogic.kernel.Default']
    WARNING: LocalAuthTaskHandler: Local authentication failed for : /portal/index.jsp, SSO Token: AQIC5wM2LY4Sfcx4XY/x/M7G1Y3ScVjFj8E3oT0BV45mh0Q=@AAJTSQACMDE=#
    05/24/2006 06:27:08:129 PM PDT: Thread[ExecuteThread: '14' for queue: 'weblogic.kernel.Default',5,Thread Group for Queue: 'weblogic.kernel.Default']
    AmFilter: result =>
    FilterResult:
         Status      : FORBIDDEN
         RedirectURL     : null
         RequestHelper:
              null
         Data:
              null
    -----------------------------------------------------------

    Hi,
    I'm having the exact same problem in the Prod environment, but on a Sun App Server. In development all is fine, in prod we now have:
    ERROR: AmFilter: Error while delegating to inbound handler: J2EE Local Auth Task Handler, access will be denied
    java.lang.IllegalStateException: invalidate: Session already invalidated
    at org.apache.catalina.session.StandardSession.invalidate(StandardSession.java:1258)
    at org.apache.catalina.session.StandardSessionFacade.invalidate(StandardSessionFacade.java:164)
    at com.sun.identity.agents.filter.LocalAuthTaskHandler.doLocalAuthWithSessionBinding(LocalAuthTaskHandler.java:289)
    at com.sun.identity.agents.filter.LocalAuthTaskHandler.authenticate(LocalAuthTaskHandler.java:159)
    at com.sun.identity.agents.filter.LocalAuthTaskHandler.process(LocalAuthTaskHandler.java:106)
    at com.sun.identity.agents.filter.AmFilter.processTaskHandlers(AmFilter.java:185)
    at com.sun.identity.agents.filter.AmFilter.isAccessAllowed(AmFilter.java:152)
    at com.sun.identity.agents.filter.AmAgentBaseFilter.doFilter(AmAgentBaseFilter.java:38)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:210)
    at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:55)
    at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:161)
    at java.security.AccessController.doPrivileged(Native Method)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:263)
    at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:551)
    at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:225)
    FilterResult:
    Status : FORBIDDEN
    RedirectURL : null
    RequestHelper:
    null
    Data:
    null
    Also, we I debug I see:
    LocalAuthTaskHandler: No principal found. Initiating local authentication for ...
    Did you receive any solution for this?
    Many, many thanks,
    Philip

  • Issue with LDAP login authentication in CMC console

    We have a existing issues with Business Objects BOE XIR2 SP2 and LDAP authentication with the BOE CMC Console.
    We use websphere as the application server and it is installed on the same machine (Solaris) as BOE.
    We have this issue on both our production and our recently rebuilt development environment to duplicate the issue.
    Both environment have configured LDAP over SSL and we can login to BOE Infoview Reports with LDAP and we can map groups and users if we login to CMC but we can not login to CMC with secLDAP.
    The specific error still being shown is "Security plugin error: Failed to set parameters on plugin".
    Both environments (DEV and PROD) are fresh installs of BOE XIR2 SP2.
    Any ideas are much appreciated
    Thankyou

    The CMC in XIR2 used com components for the SSL (rather than java like infoview) and I'm betting the WAS deployment is not finding them. Is WAS on a seperate server or is BOE installed there as well?
    I'm not familiar with any regular fixes for an issue like this. If no other replies I'd recommend opening a case with either deployment(WAS on "nix") or authentication(WAS on windows) to see if they can trace down the problem.
    Regards,
    Tim

Maybe you are looking for

  • Bridge/ACR don't translate settings to batch processed JPGs/PDFs

    I edit a batch of RAW images in ACR via Bridge, hit "done" and then send them to Image Processor to create JPGS or use the Output Module in Bridge CC to make a PDF. Sometimes the settings I just applied in ACR don't translate to the JPGs and/or Outpu

  • Ringtones BACK to itunes

    Hey all, Computer crashed. Windows XP btw. Everythings recovered. How do I take ringtones on my iphone and put them back in itunes to resync instead of them being deleted since thier not present in my library now. Thanks.

  • ISight camera exposure time control for astrophotography

    Does anyone know of a way, or an application that allows you to control the shutter speed/exposure time when taking a photo with an external iSight camera? I am trying to adapt an external iSight camera for astro-photography.  There are some excellen

  • Syncing and restore issues

    I was installing iOS4 on my iPad when I got error 2006. My only option was to restore to factory settings and I lost all the content on my iPad as the back-up prior to the OS installation hadn't backed up everything I bought. Is there any way I can r

  • Condition type JM01 and JM02

    hi all. i have facing a problem in creating condition JM01 and JM02 for CIN. can anybody suggest me about whole procedure.