Proposal for a Solaris LDAP server

Does any one has or have a template or document for a proposal to create a Solaris LDAP server for upper managerment considerations.
If any please forward a copy of document to [email protected]
Thanks for any who helps....
joe

Similar Messages

Format Of LDAP Server List for Netmail

Could anyone please explain what the format for using an ldap server for address lookups in Netmail. ie:
servername:port/searchbase or ldap://servername:port/searchbase. I have tried a few but can't seem to get it to work. Everytime I try to add a server to this list, the Java Netmail will not allow me compose a message.. anyone have any ideas..

Chris -
Each entry is a comma separated list of name/value pairs in the following format: name="value". Quotation marks are not allowed in any value. The valid names and corresponding preference are:
name the user-friendly name for the server; this is what the user sees in the NetMail Address Search tab.
server the host name of the LDAP server. If a port is needed, use host:port.
base the search base expression, e.g., ou=People
searchin the list of attributes to search in, e.g., cn,givenname
result the attribute to use as the result, defaults to mail
filter additional search filters to be applied
referral whether or not to follow referrals, true or false
Only the server value is required, all others are filled in with defaults if necessary. A typical entry might be:
name="Company Address Book", server="ourldap.xyz.com", base="dc=xyz,dc=com"
Stephen

How to determine the error code, returned from LDAP server

I use the next code for connect to LDAP server:
        try{
            ctx = new InitialLdapContext(env, null);
             //if connection successfull ...
        } catch (NamingException){
             //if error occured ...
        }Is it possible to determine the numeric error code, returned from server?

I was just working on using openldap, binding to it and checking for expired passwords and locked accounts and it looks like that an AuthenticationException is thrown in these circumstances and the ctx is null so it is not possible process connection response controls. But you can look at operation attributes if you have password policy enabled and you are looking for these type of errors

OpenLDAP authentication provider with CA LDAP server

Hi,
I am trying to get authentication to work using an OpenLDAP AP connecting to CA LDAP server (formerly eTrust LDAP server). I am at the point where the bind is successful, the user account is authenticated in LDAP, but I am unable to retrieve the group information.
Here is the error for the group lookup:
####<Apr 8, 2013 9:48:33 AM CDT> <Debug> <SecurityAtn> <EPMDOWCS8> <ms1> <[ACTIVE] ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <01f9ee928bc01ecd:275c5c34:13dea1201e3:-7ffd-000000000000021d> <1365432513554> <BEA-000000> <[Security:090278]Error listing member groups myACID>
This is the final error, presumably because the group lookup failed:
####<Apr 8, 2013 9:48:33 AM CDT> <Debug> <SecurityAtn> <EPMDOWCS8> <ms1> <[ACTIVE] ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <01f9ee928bc01ecd:275c5c34:13dea1201e3:-7ffd-000000000000021d> <1365432513554> <BEA-000000> <javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User myACID denied
     at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:229)
     at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
     at com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:106)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:597)
     at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
     at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
     at javax.security.auth.login.LoginContext$4.run(LoginContext.java:684)
     at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
     at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
     at com.bea.common.security.internal.service.JAASLoginServiceImpl.login(JAASLoginServiceImpl.java:113)
The CA LDAP server is pointed to a Top Secret database, so the attribute names are atypical as far as directory services objects are concerned. I've tried modifying the group and static group information to search both groups and profiles, but both fail. I've also tried omitting the static group information, and specifying dynamic group info, but that failed as well.
Here is the search it is running:
(&(memberOf=tssacid=myACID,tssadmingrp=acids,host=ourdevsysid,o=our.ORG)(objectclass=tssprofile))
Here the is the group based DN: tssadmingrp=profiles,host=ourdevsysid,o=our.org
The group search scope is subtree. I tried unlimited, and a limited of 2 levels.
If I execute the filtered search using a third party tool (JXplorer), I receive this error:
javax.naming.NamingException: [LDAP: error code 80 - LDP2900E Unknown attribute, , in filter string]; remaining name 'tssadmingrp=profiles,host=ourdevsysid,o=our.org'
     at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3085)
     at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2987)
     at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2794)
     at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1826)
     at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1749)
     at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
     at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)
     at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:257)
     at com.ca.commons.jndi.JNDIOps.rawSearch(JNDIOps.java:1192)
     at com.ca.commons.jndi.JNDIOps.rawSearchSubTree(JNDIOps.java:1039)
     at com.ca.commons.naming.DXOps.rawSearchSubTree(DXOps.java:343)
     at com.ca.commons.jndi.JNDIOps.searchSubTree(JNDIOps.java:1030)
     at com.ca.directory.jxplorer.broker.JNDIDataBroker.unthreadedSearch(JNDIDataBroker.java:772)
     at com.ca.directory.jxplorer.broker.DataBroker.doSearchQuery(DataBroker.java:485)
     at com.ca.directory.jxplorer.broker.DataBroker.processRequest(DataBroker.java:253)
     at com.ca.directory.jxplorer.broker.JNDIDataBroker.processRequest(JNDIDataBroker.java:376)
     at com.ca.directory.jxplorer.broker.DataBroker.processQueue(DataBroker.java:200)
     at com.ca.directory.jxplorer.broker.JNDIDataBroker.processQueue(JNDIDataBroker.java:883)
     at com.ca.directory.jxplorer.broker.DataBroker.run(DataBroker.java:165)
     at java.lang.Thread.run(Thread.java:662)
When I execute that same search in JXplorer directly on one of the profile objects (e.g. tssprofile=@oneofourprofiles,tssadmingrp=profiles,host=a12sysid,o=tgslc.org), it runs successfully.
Here is an old post. Seems the op encountered the same problem I did.
authentication provider for CA eTrust LDAP server
Anyone work with these technologies in a past life?
Thanks,
Rob

Are you able to see the users in weblogic?Not for this AP. I have a ReadOnly SQL authenticator as well. I am able to see users for that, and for the Default Authenticator.
Have you assigned admin roles to the user in weblogic?No. I do not intend to do that, and I don't believe I am required to do that.
is the group base dn properly configured?Yes.

Getting Sun Calendar (csconfigurator.sh/comm_dssetup.pl) - my LDAP server

I currently am trying to install a Sun Calendar server on a CentOS4
machine which has working kerberos/ldap server access. Unfortunately
when I try to run the csconfigurator script, despite correct entries
and connections verified through 'ldapsearch' on a command line, I
receive a protocol error #2 when csconfigurator tries to verify the
connection to the LDAP server.
I am using openldap on a ubuntu instance for the kerberos/ldap server,
I believe that it is using v3 of LDAP. Is there anything in
particular I need to know about how Calendar wants to access LDAP? I
know that I saw a lot of documentation referring to Sun's Directory
Server; all of the documentation that I dug up on this gave me the
impression that it was just a standard LDAP server, thus leading me to
believe that my current LDAP server should work alright.
I would appreciate any pointers in the right direction or tips, and
I'm certainly able to cut 'n paste any information that would be
applicable to this issue. I really need to try to get this calendar
server online as fast as possible, but the documentation that I've
found seems to gloss over some of the areas where I'm having issues.
Thanks for your time!
-Damon Getsman

You didn't mention which LDAP server you are using, however, JCS is really designed to work with Sun Directory Server.
That isn't to say that one could not run JCS against OpenLDAP, etc but you would need to potentially modify the schema files that are part of comm_dssetup.pl
The JCS 5 release notes contain product requirements:
[http://docs.sun.com/app/docs/doc/819-4439/6n6jehs0r?a=view]
The sequence is to install LDAP (nominally Sun DSEE), run comm_dssetup.pl, and then install Calendar Server against your LDAP instance.

Failover ldap server

I've two ldap server and replication.
messaging server v6.0 show error messages after start the start-msg command.
What is the below error message mean ?
Could you suggest me how to start the messaging server without error messages.
1. run configutil -o local.ugldaphost -v "mail.domain.com ldap2.domain.com"
2. run configutil -o local.ugldapuselocal -v yes
3. run configutil -o local.ldaphost -v "mail.domain.com ldap2.domain.com"
error messages
# start-msg
[21/Mar/2004:12:03:32 +0700] mail [12167]: General Warning: could not get server configuration in ldap, using cached configuration information
[21/Mar/2004:12:03:32 +0700] mail [12168]: General Warning: could not get server configuration in ldap, using cached configuration information
Connecting to watcher ...
Launching watcher ...
ens is running already
store is running already
imap is running already
pop is running already
http is running already
sched is running already
dispatcher is running already
Starting job_controller server ....[21/Mar/2004:12:03:32 +0700] mail [12170]: General Warning: could not get server configuration in ldap, using cached configuration information
12170

Your error indicates that your step 3 was not the correct thing to do.
local.ldaphost
is for the "configuration" ldap server. If you've not replicated/duplicated the o=NetscapeRoot tree from your originally installed LDAP server, then the server is rightly complaining that it can't get its' config information from the failed over ldap server.

Settings for monitoring Solaris CPU and memory using ATS serverstats

Hi,
I need to set up some monitors for a Solaris 10 server (hosting Web server for Application Under test) using OLT. Can someone please advise as to what set up I will need to access the Solaris CPU/Memory/vmstat data during the performance tests?
Do I need to install something on the server side? What user priviledge will I need to access this monitor on the Server and what ports should I open?
Regards

Hello
Nothing to install. It's completely remote using ssh or telnet. (so standard ports to consider).
You need to setup what we call a "virtual agent".
Create a "monitor" using "Virtual Agent" as a data source.
Then you need to setup your remote system and particularly to configure the prompt returned when logging in with the given user (try manually with plink first).
Then you can try predefined metrics which are not so good in my opinion. So better to create your own metrics. (find the proper unix command line to retrieve the information needed and use regular expression to get the value out of the output.
Pls first, you should update plink.exe in the c:\oracleats dir (don't remember where) by downloading a newer version on internet.
I'm sure it's not all clear, but with the documentation, google & some effort, you should find the solution.
Cheers
JB

How to Configure the Microsoft LDAP server??

Hi,
can any body tell me the steps for configuring microsoft LDAP server.

Step 1. Change your browser's URL from http://forums.oracle.com to http://support.microsoft.com

Are there any rough processes for Solaris administrator to setup Sun LDAP as nameing server at Sun sparc host? like: 1st: modify /etc/nfsswitch.nfs 2nd: add LDAP server in /etc/hosts. 3rd: ......

Besides, can we install the LDAP server in sparc hosts as nameing system? Can we use Sun LDAP server or iPlanet Directory Server? or need BIND DNS server too?

There is a nice book from Michael Haines and Tom Bialaski: "Solaris and LDAP Naming Services" which contains all you need to configure Directory Server, LDAP, Naming Switch...
Ludovic.

Solaris 8 | LDAP Server | ERROR MESSAGES

Hi All,
We are using Solaris 8 LDAP server for authentication.
When I look into the /var/log/messages file, I am getting the following error messages.
Jan 31 17:33:09 sol8LDAP ldap_cachemgr[5879]: [ID 722288 daemon.error] Error: Unable to refresh from profile:. (error=2)
Jan 31 18:33:09 sol8LDAP ldap_cachemgr[5879]: [ID 722288 daemon.error] Error: Unable to refresh from profile:. (error=2)
Jan 31 19:33:09 sol8LDAP ldap_cachemgr[5879]: [ID 722288 daemon.error] Error: Unable to refresh from profile:. (error=2)
Jan 31 20:33:09 sol8LDAP ldap_cachemgr[5879]: [ID 722288 daemon.error] Error: Unable to refresh from profile:. (error=2)
Jan 31 21:33:09 sol8LDAP ldap_cachemgr[5879]: [ID 722288 daemon.error] Error: Unable to refresh from profile:. (error=2)
Jan 31 22:33:09 sol8LDAP ldap_cachemgr[5879]: [ID 722288 daemon.error] Error: Unable to refresh from profile:. (error=2)
Jan 31 23:33:09 sol8LDAP ldap_cachemgr[5879]: [ID 722288 daemon.error] Error: Unable to refresh from profile:. (error=2)
Feb 1 00:33:09 sol8LDAP ldap_cachemgr[5879]: [ID 722288 daemon.error] Error: Unable to refresh from profile:. (error=2)
Feb 1 01:33:09 sol8LDAP ldap_cachemgr[5879]: [ID 722288 daemon.error] Error: Unable to refresh from profile:. (error=2)
Feb 1 02:33:09 sol8LDAP ldap_cachemgr[5879]: [ID 722288 daemon.error] Error: Unable to refresh from profile:. (error=2)
Feb 1 03:33:09 sol8LDAP ldap_cachemgr[5879]: [ID 722288 daemon.error] Error: Unable to refresh from profile:. (error=2)
Feb 1 04:33:09 sol8LDAP ldap_cachemgr[5879]: [ID 722288 daemon.error] Error: Unable to refresh from profile:. (error=2)
Feb 1 05:33:09 sol8LDAP ldap_cachemgr[5879]: [ID 722288 daemon.error] Error: Unable to refresh from profile:. (error=2)
Feb 1 06:33:09 sol8LDAP ldap_cachemgr[5879]: [ID 722288 daemon.error] Error: Unable to refresh from profile:. (error=2)
Feb 1 07:33:09 sol8LDAP ldap_cachemgr[5879]: [ID 722288 daemon.error] Error: Unable to refresh from profile:. (error=2)
Feb 1 08:33:09 sol8LDAP ldap_cachemgr[5879]: [ID 722288 daemon.error] Error: Unable to refresh from profile:. (error=2)
Feb 1 09:33:09 sol8LDAP ldap_cachemgr[5879]: [ID 722288 daemon.error] Error: Unable to refresh from profile:. (error=2)
Can you please tell me why we are getting these error messages, and how fix this issue.
Thanks in Advance...
Mack

There's a possibility that the cache is corrupted. Try clearing the cache and reload.
Cheers,
Erick Ramirez
Melbourne, Australia

LDAP native solaris 10 server - client

Hi,
Can someone give me some link or instructions on how to configure a solaris 10 to be a Native Ldap server and i need also to have a client that will run on solaris 10 also.
I did follow PeterVG post, but have tried so many times that i need to do a clean install and get it from scratch.
anyway, what i did:
on the server:
a. set domain, add hots, install pkgs, and run directoryserver setup (it gives me some warning saying that i have an already installed instance, but i keep on trying).
b. run idsconfig => this part goes without problem.
when i go to try to add a client with hostA.ldif as:
dn: cn=hou-sol-dev,ou=hosts,dc=qatestit,dc=com
changetype: add
cn: qates001
iphostnumber: 10.38.133.124
objectclass: top
objectclass: device
objectclass: ipHost
goes and gives me ldap_add: No such object.
and of course, when i go to the client and try to run
ldapclient -v init ... with the server information gives me a fail, with some old dc=domain (which i have changed later).
if anybody can help, i really appreciate.
thank you,
./antonio/.

I finally got it working. I think my problem was that I was coping and pasting the /etc/pam.conf from Gary's guide into the pam.conf file.
There was unseen carriage returns mucking things up. So following a combination of the two docs worked. Starting with:
http://web.singnet.com.sg/~garyttt/Configuring%20Solaris%20Native%20LDAP%20Client%20for%20Fedora%20Directory%20Server.htm
Then following the steps at "Authentication Option #1: LDAP PAM configuration " from this doc:
http://docs.lucidinteractive.ca/index.php/Solaris_LDAP_client_with_OpenLDAP_server
for the pam.conf, got things working.
Note: ensure that your user has the shadowAccount value set in the objectClass

Issues with LDAP Server | Solaris 8

Hi All,
In my project we are using Solaris 8 as LDAP server for authentication. Some folders owner and group is assigned to LDAP user by default. I think it should be root and others.
Please find the below example:
*8 drwxr-xr-x 42 gip_admin set_investors_author 3584 Jan 24 00:01 .
*8 drwxr-xr-x 42 gip_admin set_investors_author 3584 Jan 24 00:01 ..
6 -rw-rw-r-- 1 gip_admin ampm_retail_english_author 2062 Jan 22 14:03 archive
2 drwxr-xr-x 2 root nobody 512 Aug 6 2003 cdrom
2 drwx--l--- 3 gip_admin set_investors_author 512 Dec 9 07:33 data
2 drwxr-x--- 2 root other 512 Nov 12 16:20 data1
Can you please help me to solve this issue.....
Thanks in Advance
Manju

Hi,
Its is not mounted on NFS. It is local disk only.
Its is Solaris 8 server.
# ls -lan
drwxr-xr-x 18 0 0 1536 Dec 11 05:00 .
drwxr-xr-x 46 91550 94293 2560 Jan 11 10:37 ..
-rw-rw-rw- 1 0 1 524204 Aug 2 2006 110951-06.jar
drwxr-xr-x 2 0 1 512 Dec 11 05:01 Backup_files
-rw------- 1 0 1 17 Apr 22 2005 DBVERSION
drwxrwxr-x 2 101 2000 512 Oct 18 2004 DD
drwxr-xr-x 2 0 1 512 Sep 19 2006 J2SEPatch-13092006
#cat /etc/passwd
root:x:0:1:Super-User:/:/usr/bin/bash
daemon:x:1:1::/:
bin:x:2:2::/usr/bin:
sys:x:3:3::/:
adm:x:4:4:Admin:/var/adm:
lp:x:71:8:Line Printer Admin:/usr/spool/lp:
uucp:x:5:5:uucp Admin:/usr/lib/uucp:
nuucp:x:9:9:uucp Admin:/var/spool/uucppublic:/usr/lib/uucp/uucico
listen:x:37:4:Network Admin:/usr/net/nls:
nobody:x:60001:60001:Nobody:/:
noaccess:x:60002:60002:No Access User:/:
nobody4:x:65534:65534:SunOS 4.x Nobody:/:
basant:x:1001:10::/apps/basant:/bin/sh
tis:x:1003:1::/apps/tis/:/usr/bin/bash
ldap:x:1004:100::/home/ldap:/bin/sh
iwui:x:100001:60001:Interwoven TeamSite UI Daemons User:/apps/iw-home:/bin/sh
oracle:x:1002:101: Oracle user:/apps/oracle:/bin/sh
vadmin:x:100002:1::/apps/vadmin/:/bin/sh
sshd:x:100003:2003:sshd privsep:/var/empty:/bin/false
temp:x:111112:1::/home/temp:/bin/sh
verity:x:111113:1::/apps/verity/:/usr/bin/bash
test1:x:12312311:1::/home/test1:/bin/sh
hai:x:12312312:1::/home/hai:/bin/sh
#cat /etc/group
[root@sun5-/opt]# cat /etc/group
root::0:root,tomcat
other::1:bpeditor,lpg_admin,lpg_author,lpg_publisher
bin::2:root,bin,daemon
sys::3:root,bin,sys,adm
adm::4:root,adm,daemon
uucp::5:root,uucp
mail::6:root
tty::7:root,tty,adm
lp::8:root,lp,adm
nuucp::9:root,nuucp
staff::10:
daemon::12:root,daemon
sysadmin::14:
nobody::60001:
noaccess::60002:
nogroup::65534:
iplanet::100:
dba::101:
sshd::2003:
apps::94356:
testa::12312323:
oat_users_test::12312325:
Thanks

Access read-only LDAP for username/password, Directory Server LDAP for rest

Hello! I keep trying to find documentation on the above, but thus far I have been unable to find something that explains this well (and my attempts at figuring out thus far have failed).
I have a read-only LDAP that is used University wide, and I am not allowed to change how it currently operates. It uses double-bind authentication in that you search for a user to get their DN, then bind to that DN with the users password to see if it was correct.
I'd like to use the above setup to verify a user's credential as well as return some basic information about them (name, email, etc). After this, I'd like to use another freshly installed Directory Server LDAP to manage the roles that seem to be needed for Portal Server (as I cannot write to the original LDAP).
Any help or advice on the above would be appreciated! Thank you.

The authentication you described is the default way LDAP authentication works.
AM Ldap auth-module allows you to 'pull' attributes from the LDAP server you're using for authentication and store it in it's 'amSDK' Directory Server - which is leveraged by Portal Server (if you're talking about Sun's Portal Server).
However this is only done if the profile is created (set 'dynamic profile generation' in auth - service).
As Portal Server does not support the new 'identity repsoistory API' of AM you have to stick to AM's legacy mode when using Portal Server.
To keep the the data in sync (if needed) you have to write a post-auth class.
-Bernhard

What should be done in certmap.conf for 2-way SSL support from a standalone Java application to an SSL enabled LDAP Server

To support certficate based client authentication using 2-way SSL from a standalone java application which uses JNDI and JSSE1.0.2 to connect to an SSL enabled LDAP Server how do we configure the certmap.conf?Is there any additional setup required at the LDAP Server side apart from enablinf SSL with the option"Required Client Authentication" enabled.The 2 way SSL handshake goes through but the access log file (After configuring the certmap.conf for the issuer DN of the client certficate etc..)shows SSL failed to LDAP DN?But inspite of this access log error the Java client does get an SSL Connection object with which it is able to connect to the LDAP.IS the certmap.conf file being looked up by the LDAP Server at all?

have you out.flush() and out.close() before you call connection.getInputStream()?

Error in LDAP Authentication for Sun One App Server 8..pls help

I need to authenticate my sun java system application server 8 with openldap server.....
i have added ldap realm as given in the administrators guide http://docs.sun.com/source/817-6088/security.html
My settings in the sun app server were like this:
Realm: ldap
Class Name: com.sun.enterprise.security.auth.realm.ldap.LDAPRealm
directory ldap://10.1.1.79:389
base-dn o=stooges
jaas-context ldapRealm
search-bind-dn cn=StoogeAdmin,o=stooges
search-bind-password secret1
My openldap schema is as follows
file : /etc/openldap/slapd.conf
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
database ldbm
suffix "o=stooges"
rootdn "cn=StoogeAdmin,o=stooges"
rootpw secret1
directory /var/lib/ldap/stooges
defaultaccess read
schemacheck off
lastmod on
index cn,sn,st pres,eq,sub
index uid,userPassword eq
file : /var/lib/ldap/stooges/stooges.ldif
dn: o=stooges
objectClass: top
objectClass: organization
o: stooges
description: The Three Stooges
dn: cn=StoogeAdmin,o=stooges
objectClass: organizationalRole
cn: StoogeAdmin
description: LDAP Directory Administrator
dn: ou=MemberGroupA,o=stooges
ou: MemberGroupA
objectClass: top
objectClass: organizationalUnit
description: Members of MemberGroupA
dn: ou=MemberGroupB,o=stooges
ou: MemberGroupB
objectClass: top
objectClass: organizationalUnit
description: Members of MemberGroupB
dn: uid=vikram,ou=MemberGroupA,o=stooges
uid:vikram
givenName:vicky
objectClass:top
objectClass:person
objectClass:organizationalPerson
objectClass:inetorgperson
sn:kone
cn:Kone Vikram
userPassword:glamsham
When i start ldap server and sun server,
the login page for sun server asks for username and password ....
when i give
username : vikram
password : glamsham
Error page comes.....
HTTP Status 403 - Access to the requested resource has been denied
type Status report
message Access to the requested resource has been denied
description Access to the specified resource (Access to the requested resource has been denied) has been forbidden.
Sun-Java-System/Application-Server-PE-8.0
Subsequent attempts to login gives another error page
HTTP Status 500 -
type Exception report
message
description The server encountered an internal error () that prevented it from fulfilling this request.
exception
com.sun.enterprise.tools.guiframework.exception.FrameworkException: Unabled to handle pre-compiled JSP '/jsp/j_security_check'. Expected pre-compiled classname: 'org.apache.jsp.jsp.j_005fsecurity_005fcheck'.
com.sun.enterprise.tools.admingui.servlet.HandlePrecompiledJsp.doPost(HandlePrecompiledJsp.java:59)
javax.servlet.http.HttpServlet.service(HttpServlet.java:768)
javax.servlet.http.HttpServlet.service(HttpServlet.java:861)
sun.reflect.GeneratedMethodAccessor55.invoke(Unknown Source)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:324)
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:289)
java.security.AccessController.doPrivileged(Native Method)
javax.security.auth.Subject.doAsPrivileged(Subject.java:500)
org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:311)
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:205)
note The full stack trace of the root cause is available in the Sun-Java-System/Application-Server-PE-8.0 logs.
Sun-Java-System/Application-Server-PE-8.0
So pls... help as to how to go about this..
P.S. My ldap server runs as "ldap" user not as root

Try with "vikram" as a member of "cn=asadmin" group in your LDAP directory...

Proposal for a Solaris LDAP server

Similar Messages

Maybe you are looking for