Upgrade to 3.0.8 with LDAP failure

Has anyone managed to upgrade Portal on W2000 from 3.0.7 to 3.0.8 and use LDAP. Our site was working with LDAP before the upgrade, and now we are getting the WWC-40100 error on attempting to login. The directory is not getting the connection.
We have re-copied the ssoxldap.dll and created the library again to no avail. We have checked that the install works when not using LDAP. Does anyone have this working, or know where we may look to find errors.
Thanks for your time
null

Have you verified that the external procedure
listener is up and running. If it is could you please enable debugging?
null

Similar Messages

  • BO XI R2 problems with LDAP plugin talking to OID

    Hi all,
    We have a customer with OID 10g (Oracle Internet Directory, exact version 10.1.0.4), and BO 6.5, and we are in the process of upgrading to BO XI R2 (sp3).
    In our BO XI R2 (sp3) server, we are facing problems configuring the LDAP plugin. When we map a LDAP group (a dynamic group created in OID), BO retrieves the users that belog to the group but when we go to the Users list and try to see which groups this users belongs to, the CCM does not list our LDAP group.
    Moreover, when we try to login with LDAP authentication in infoview, the following error:
    "Account Information Not Recognized: An error occurred at the server : LDAP Authorization failed. Please make sure your entry belongs to a mapped LDAP group."
    Has anybody faced similar issues? Any idea how can we solve this?
    This issue is very important for our customer and could block the migration progress....
    Thank you very much in advance.
    Regards

    In that case a support engineer will likely need to scan the CMS and possibly packet scan the LDAP queries. When going to a group and viewing users a live query is sent to LDAP, is this info correct (do groups contain the right users)?
    But when viewing users (groups) this information is based on a cached graph that should be updated approximately every 15 minutes by default. Your issue seems to indicate this process is either slow or failing all together. Tracing with an engineer is the best rout to take. Let me know if I can offer anymore help from this end.
    Regards,
    Tim

  • Untrusted server cert chain - while connecting with ldap

    Hi All,
    I am getting the following error while running a standalone java program in windows 2000+jdk1.3 environment to connect with LDAP.
    javax.naming.CommunicationException: hostname:636 [Root exception is ja
    vax.net.ssl.SSLException: untrusted server cert chain]
    javax.naming.CommunicationException: hostname:636. Root exception is j
    avax.net.ssl.SSLException: untrusted server cert chain
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.a(DashoA12275)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(DashoA12
    275)
    at com.sun.net.ssl.internal.ssl.Handshaker.process_record(DashoA12275)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
    at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA12275)
    at java.io.OutputStream.write(Unknown Source)
    at com.sun.jndi.ldap.Connection.<init>(Unknown Source)
    at com.sun.jndi.ldap.LdapClient.<init>(Unknown Source)
    at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
    at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
    at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)
    at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
    at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
    at javax.naming.InitialContext.init(Unknown Source)
    at javax.naming.InitialContext.<init>(Unknown Source)
    at javax.naming.directory.InitialDirContext.<init>(Unknown Source)
    at Test2.getProxyDirContext(Test2.java:66)
    at Test2.main(Test2.java:40)
    Any help would be appreciated
    Thanks in Advance
    Somu

    This got resolved when in the code the following
    System.setProperty("javax.net.ssl.tmrustStore", CertFileName);
    where cert file name is the filename with complete path.the file is a CA certificate of the LDAP server
    in X509 format

  • Problem with LDAP in BEA Portal

    Problem with LDAP in BEA Portal
    I have a list of 50 user which should be cerated in portal staging(devlopment) machine and should be transfered to
    production machine using LDAP
    Steps which i followed to create Users
    1.Create User Profile with 2 parameters branch and Role
    2.I have list user in the Xls file with Username,password ,branch and Role
    3.Write a java File which will read the Xls File
    4.The users are created in the staging machine for the portal
    Steps which i followed in LDAP to tranfer the created User form Devlopment to Production
    1.Export the created user from Devlopment (which was moved as .DAT in my local directory)
    2.import the user from local direcory to production machine
    The Users are imported in the production machine with username and password but the role and branch values are empty
    We need a solution for importing the user with role and branch corresponding to each user.
    Thanks in Adv
    Suresh

    In Portal 8.1, user name and password in stored in LDAP where as user profile values are stored in database. That is the reason you are not able to see the user profile values.
    Check once again whether you can see these values through admin tool. In case,it is not(after confirmation again),you might have to use APIs to do this for you incase you dont want to manage through Admin Tool.
    Thanks,
    Prashanth Bhat.

  • I updated to 3.6.15 and every time I open Firefox the Thank You for upgrading window pops up along with my normal homepage. How do I get rid of that?

    I updated to 3.6.15 and every time I open Firefox the Thank You for upgrading window pops up along with my normal homepage. How do I get rid of that?

    This link shows how to do that - https://support.mozilla.com/kb/Firefox+has+just+updated+tab+shows+each+time+you+start+Firefox

  • HELP! How can i restore/recover files from Bootcamp with Boot Failure - Missing operating system error?

    Hi,
    I am having a few problems with bootcamp on my imac. When i tried to move the bootcamp partition on windows 7 into free space, it crashed and turned off. Ever since i have had the error 'Missing operating system' and it fails to boot. I have some very important files on the bootcamp partition. Is it possible to recover these files or even to restore the bootcamp partition to it's original state? I do not have a backup of my bootcamp partition. Another problem i have is that ever since i tried to expand my macintosh HD partition into free space, when i hold alt while booting up (to choose which partition to boot like i normally do), the bootcamp partition has stopped appearing. This means that i cannot even boot the windows 7 bootcamp partition anymore!
    So basically here are my 2 questions:
    How can i restore/recover files from Bootcamp with Boot Failure - Missing operating system error?
    How can i make the Bootcamp partition appear in Startup Disk and when i hold the option key while starting up my computer to allow me to boot windows 7?
    Any solutions are very much apreciated!
    Thanks!
    I know that bootcamp (disk0s4) hasn't been fully deleted since it appears in disk utility (i cant do anything to it though)
    And here is the error i see when i try to launch bootcamp (back when i was actually able to boot up bootcamp to the error screen)

    WinClone 3 is OS X and saves Windows image it makes for restore - that should work but you will have to try and you would need to make a new image unless it also works with a native Windows system restore image. It is now supported and has come a long way.
    http://www.twocanoes.com/
    Paragon Clone OS works and does disk-to-disk clone just like CCC you end up with two bootable drives. But does not work with your setup. It would let you clone and move your Windows install to an SSD or another disk drive though and be bootable.
    During its clone process it checks for errors which is very helpful and lets you know - something CCC and others should adopt more of.
    http://www.paragon-software.com/downloads/demo.html
    I wish for our/my sake you had re-read and rewritten the long 'story' and broken it into a brief list of facts we needed.
    OS X
    Windows
    Backup (though external is much safer) and you want bootable OS X clones as well as TimeMachine
    https://support.apple.com/kb/HT1427
    https://support.apple.com/kb/HT1553
    There are a number of things to do like chkdsk and others as well as Windows DVD to do automatic system repairs and find out why.
    AppleHFS - the abilty to mount and read HFS volumes can be notorious.
    I would rearrange and redo your storage setup and how you use the 4-5 internal hard drive bays.

  • Error in authentication with ldap server with certificate

    Hi,
    i have a problem in authentication with ldap server with certificate.
    here i am using java API to authenticate.
    Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed.
    I issued the new certificate which is having the up to 5 years valid time.
    is java will authenticate up to one year only?
    Can any body help on this issue...
    Regards
    Ranga

    sorry i am gettting ythe same error
    javax.naming.CommunicationException: simple bind failed: servername:636 exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed]
    here when i am using the old certificate and changing the system date means i can get the authentication.
    can you tell where we can concentrate and solve the issue..
    where is the issue
    1. need to check with the ldap server only
    2. problem in java code only.
    thanks in advance

  • Problem with users in portal - login conflict with LDAP.

    Hi.
    Let me describe our problem:
    We've a EP5 portal with LDAP conected to a central LDAP server, users access with the same user and password to all the different systems.
    The problem happens to users who have theyr passwords expired. We already set to 0 the password expiration days to avoid future problems but that didn't applied to the already expired ones.
    This affected users cannot change the password due to problems with the connection rights to LDAP server.
    We're trying to find the place there it's set that the user is in some kind of "password expired" status, directly in a database table if neccesary, to change the status manually, as system does not allow os to set it by user administration in portal.
    Any suggestions would be appreciated.

    Restoring expired Portal passwords
    Solved

  • EDSPermissionError(-14120) problems with LDAP, SSL and Directory Utility

    Hello everyone,
    Apologies for the repost but I think I may have made a mistake by posting this originally in the Installation, Setup and Migration forum instead of the Open Directory forum. At least I think that may be why I didn't receive any responses.
    Anyway, I've been trying to get my head around Open Directory and SSL as they are implemented in Mac OS X Server 10.5 Leopard, and have been having a few issues. I would like to set up a secure internal infrastructure based around a local Certificate Authority that signs certificates for other internal services like LDAP, email, websites, etc.
    I only have one Mac OS X Server and it is kind of a small office so I have gone against best practice and simply made it a CA (through Keychain Utility). I then generated a self-signed SSL certificate through Server Admin, and used the "Generate CSR" option to create a Certificate Signing Request. This went fine, but I did have some problems signing it with the CA, because the server documentation suggested that once I signed it it would pop open a Mail message containing the ASCII version of the signed certificate - it did not, and it took me a loooong time to realize that I could simply export the copy of the signed certificate it put in my local Keychain on the server as a PEM file and paste this back into the "Add Signed or Renewed Certificate from Certificate Authority" dialog box in Server Admin. Hopefully this can be fixed in a forthcoming patch, but I thought I would mention it here in case anyone else is stuck on this issue.
    Once I did this I was able to use this certificate in the web server on the same machine and sure enough I was able to connect to it with with clients who had installed the CA certificate in their system Keychains without getting any error messages - very cool.
    However, I haven't had quite as much luck getting it going with LDAP/Open Directory. I installed the certificate there as well, but have run into a number of problems. At first I could not get clients (also running 10.5.2) to talk to the server at all over SSL, receiving an error in Directory Utility that the server did not support SSL. I eventually discovered that the problem seemed to lie in the fact that the OpenLDAP implementation on Leopard is not tied in with the system Keychain, necessitating some command-line voodoo to install a copy of the CA cert in a local directory and point /etc/openldap/ldap.conf at it, as documented here: http://www.afp548.com/article.php?story=20071203011158936
    This allowed me to do an ldapsearch command over SSL, and seemingly turn SSL on on clients that were previously bound to the directory, and additionally allowed me to run Directory Utility on new clients and put in the server name with the SSL box checked and begin to go through the process of binding. Once this seemed to work, I turned off all plaintext LDAP communication and locked down the service by checking the "Enable authenticated directory binding," "Require authenticated binding," "Disable clear text passwords," and "Encrypt all packets" options in Server Admin. However, I am now running into a new problem, specifically that I cannot successfully bind a local account to a directory account over SSL.
    Here's what happens:
    1) I run Directory Utility, (or it auto-runs) and add a server, typing in the DNS name and clicking the SSL box.
    2) I get asked to authenticate, and type in user credentials, including computer name (incidentally, should this be a FQDN or just a hostname?)
    3) Provided I put admin credentials in here and not user-level credentials, I get taken to the "Do you want to set up Mail, VPN, etc.?" box that normally appears when you autodiscover or connect to an Open Directory server.
    4) I click through, and am asked for a username and password on the server, as well as the password for my local account.
    5) When I put this information in, I get a popup with the dreaded "eDSPermissionError(-14120)" and it fails.
    Checking the logs in Server Admin reveals nothing special, and while I have seen a couple other threads on this error and various other binding problems:
    http://discussions.apple.com/thread.jspa?messageID=5967023
    http://discussions.apple.com/message.jspa?messageID=5982070
    these have not solved the problem. In the Open Directory user name field I am putting the short username. I have tried putting [email protected] and the user's longname but this fails by saying the account does not exist. For some reason it does seem to work if I bind it to the initial admin account I created, but no other user accounts.
    If I turn all the encryption stuff off I am able to join just fine, so I am suspecting that the error may lie in some other "under the hood" piece of software that doesn't get the CA trust settings from the Keychain or the ldap.conf file, but I'm stymied as to which piece of software this might be. Does anyone have any clues on what I might be able to do here?
    Thanks,
    Andrew

    Hard to tell what is happening without looking at the application
    source, knowing what OS & hardware you're using etc. You might want to
    try running with different JVM versions to see if it's actually the VM
    that is the problem. If you have a support contract with BEA you could
    ask support to help you diagnose this.
    Regards,
    /Helena
    Ayub Khan wrote:
    I have an application running on Weblogic 8.1 ( with JRockit as the JVM). This
    application in turns talks to an iPlanet Directory server via LDAP/SSL. The problem
    seems to happen on loading the machine..the performance progressively gets worse
    and after a couple of seconds, all the threads stop responding. I checked the
    heap, cpu and the idle threads in the execute queue and there is nothing there
    to trigger alarms...there are quite a few idle threads still and the heap and
    the cpu utilization seem OK. On doing a thread dump, Is see that all the other
    threads seem to be in a state where they are waiting for data from LDAP and it
    is basically read only data that they are waiting on.
    Does anyone know what it is going on and help point me in the right direction.
    -Ayub

  • What keyscrambler software is the upgraded version of Mozilla comptible with? My QFX is no longer working, many thanks jian

    What keyscrambler softward is the upgraded version of Mozilla compatible with? My QFX is now no longer working since the update. Many thanks jian

    I sent QFX an email asking about this,and they never responded.Of course,I have the free version.

  • I just got an iPhone 4 as an upgrade from the original iPhone 3.  I came home and tried to sync it with my iTunes and it says I need to upgrade my iTunes to work with the 4.  The current version of iTunes isn't compatible with my G5 mac?????

    I just got an iPhone 4 as an upgrade from the original iPhone 3.  I came home and tried to sync it with my iTunes and it says I need to upgrade my iTunes to work with the 4.  The current version of iTunes isn't compatible with my G5 mac?????  Help

    Return it.
    The requirements are on the box and on the website:
    Mac system requirements
    Mac computer with USB 2.0 port
    Mac OS X v10.5.8 or later
    iTunes 10.1 or later (free download fromwww.itunes.com/download)
    iTunes Store account
    Internet access
    http://www.apple.com/iphone/specs.html

  • LDAP/AD Role group user login issue in sharepoint 2010 FBA with LDAP

    Hi.
    I created sharepoint 2010 site with LDAP FBA.If I add the AD user as form based user and try to login to my site its working very well but if I add a AD Group in to my site and try to login with one of the AD user of this group its say "Access
    Denied".
    In my project we want add AD group in sharepoin Groups not a individual AD users.
    Can anyone help me with this please its urgant?

    I added both LDAP membership and LDAP Role provider.And I can also find groups in people picker in my Central Admin and FBA Web app site colleciton.  
    <add name="ADMembers"
    type="Microsoft.Office.Server.Security.LDAPMembershipProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C"
    server="company.com"
    port="389"
    useSSL="false"
    userNameAttribute="sAMAccountName"
    userContainer="DC=company,DC=com"
    userObjectClass="person"
    userFilter="(|(ObjectCategory=group)(ObjectClass=person))"
    userDNAttribute="distinguishedName"
    scope="Subtree"
    enableSearchMethods="true"
    otherRequiredUserAttributes="sn,givenname,cn"
    />
    <add name="ADRoles"
    type="Microsoft.Office.Server.Security.LdapRoleProvider, Microsoft.Office.Server, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"
    server="Company.com"
    port="389"
    useSSL="false"
    groupContainer="DC=Company,DC=com"
    groupNameAttribute="cn"
    groupNameAlternateSearchAttribute="samAccountName"
    groupMemberAttribute="member"
    userNameAttribute="sAMAccountName"
    dnAttribute="distinguishedName"
    groupFilter="(ObjectClass=group)"
    userFilter="(ObjectClass=person)"
    scope="Subtree" />

  • CUCM 8.6.1 Refresh upgrade to 10.5 fails with Internal Error (Function: ipmReadNormalizedInputLine) [SOLVED]

    Hi,
    we are upgrading our CUCM 8.6.1 to 10.5.1 on VMWare Enviroment (vSphere 5.5 running on UCS). 
    We are running this upgrade in a sandbox, in order to avoid any problem in the production cluster.
    We followed the refresh upgrade guide ( http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/upgrade/10_0_1/CUCM_BK_U4214F9D_00_upgrade-guide-cucm-100.pdf)
    Pre-configuration steps
    Take a clone of the running publisher and put it in the sandbox
    Remove DNS servers (they are not available in the sandbox)
    Change the NTP Server with a ntp that is recheable from the sandbox
    Check that Gateway and NTP connectivity are OK for the CUCM
    Pre-upgrade:
    Run the cop files to update keys and increase disk space (log partition is 80% full)
    Shutdown the CUCM VM and
    Increase disk space on the VM configuration
    change VM OS from RedHat5 (32bit) to RedHat 6  (64bits)
    change VM nic from flexible to VMNIX3
    Restart the VM
    Upgrade
    1. mount the iso
    2. connect to OS Administration web interface and perform the Software installation from CD/DVD
    3. upgrade process works fine up to the post-installation task
    During post-installation tasks (after completing the DB Load and Transforming Copy) the Upgrade process always fails fails with an internal error
    IPM|Internal Error, File:ipm.c:2011, Function: ipmReadNormalizedInputLine(), "/usr/local/cm/script/cm-dbl-install RU PostInstall 10.5.1.10000-7 8.6.1.21019-1 /usr/local/cm/ /common/component/database /common/log/install/capture.txt " failed (1)|<LVL::Critical>
    IPM|  end-of-session "Installing database component": 1109.369 secs.|<LVL::Info>
    IPM|Close progress meter "Component Install"|<LVL::Info>
    We also tried the intermediate steps:
    - upgrade from 8.6.1 to 9.1 : worked
    - from 9.1 to 10.5: Failed with the same error
    - from 9.1 to 10.1: Failed with the same error
    any help will be greatly appreciated, thanks
    Stefano

    Issue was related to Dial Plans, the logs showed
    16:45:46.204 |   DBUtil::BlockCopyTable ### *ERROR* ###:  (diagnosis):  Bulk Data Migration for table availdialplan failed due to data constraint issue, (-971).
    16:45:46.611 |   DBUtil::BlockCopyTable *
    16:46:16.555 |*ERROR* Error fetching column information: [Informix][Informix ODBC Driver][Informix]Could not position within a table (informix.systables).
    16:46:16.588 |   DataConverter_5to6::CopyTables *ERROR* BlockCopyTable failed to process table (availdialplan)
    16:47:52.395 |   installFull *ERROR* Prior Cancel or Error Processing convert5to6()
    Cisco TAC fixed by updating the primary key in the DB.
    After the fix we were able to perform the RU as expected.

  • [Forum FAQ]How to upgrade Windows Server 2008 R2 with a GUI to Windows Server 2012 Server Core

    We found that some customers willing to upgrade Windows Server 2008 R2 GUI to Windows Server 2012 Server Core recently. This article provides detailed steps to perform the upgrade.
    Analysis
    Upgrading from Windows Server 2008 R2 with a GUI installation to Windows Server 2012 with Server Core directly
    is not supported. If you do that, you will receive the error message below(Figure 1) in Compatibility report: 
    Figure 1.
    In these scenario, you can upgrade to Windows Server 2012 firstly. After the upgrade process is completed, you can switch freely between Server Core and Server with a GUI modes.
    Produces
    You can follow the steps below to perform an upgrade from Windows Server 2008 R2 with a GUI installation to Windows Server 2012 Server Core mode:
    1. Upgrade to Windows Server 2012 with a GUI mode
    1) Firstly, please boot into Windows Server 2008 R2 with a Windows Server 2012 installation DVD inserted.
    2) Select the operating system you want to install with a GUI mode.
    We can see 2 options (Server Core Installation or Server with a GUI) for each operating system version. (Figure 2)
    Figure 2.
    Note: Please make sure you have enough disk space on system partition. Or you will get such an error in Compatibility report.(Figure 3)
    Figure 3.
    After the Compatibility check, the installation will continue. It will take several minutes until upgrading is done.(Figure 4)
    Figure 4.
    2. Switch the GUI mode to Server Core
    Method 1: Using Server Manager
    1) Open Server Manager, click
    Manger and select “Remove Roles and Features” to start the
    Remove Roles and Features Wizard.
    2) In Features,
    uncheck the box next to the “User Interfaces and Infrastructure” option, and then click “Next”. (Figure 5)
    Figure 5.
    Now tick the “Restart the destination Server automatically if required” box, then click “Remove”. (Figure 6)
    Figure 6.
    Method 2: Using Windows PowerShell
    There are multiple ways to remove the GUI via Windows PowerShell, we introduce the way of using the ServerManager module.
    You can also run the commands in Windows PowerShell with an administrator to remove the GUI feature:
    “Import-Module ServerManager”
    “Uninstall-Windowsfeature Server-Gui-Shell –Restart”
    or
    “Uninstall-WindowsFeature Server-Gui-Shell, Server-Gui-Mgmt-Infra –Restart”
    It will take a period of time to remove the GUI feature and reboot. When the system boots up, you will get into the Windows Server 2012 with Server Core mode. (Figure 7)
    Figure 7.
    More information:
    Switch between Full and Server Core in Windows Server 2012 using PowerShell 3.0
    http://blogs.technet.com/b/puneetvig/archive/2012/10/16/switch-between-full-and-core-in-windows-server-2012-using-powershell-3-0.aspx
    Windows Server Installation and Upgrade
    http://technet.microsoft.com/en-us/windowsserver/dn527667.aspx
    Please click to vote if the post helps you. This can be beneficial to other community members reading the thread.

    Hi,
    Brian is right, for mange the Server 2008r2 sp1 we recommend use the Windows 7 or 7.1 platform.
    More information:
    Remote Server Administration Tools for Windows 7 with Service Pack 1 (SP1)
    http://www.microsoft.com/en-us/download/details.aspx?id=7887
    Hope this helps.
    We
    are trying to better understand customer views on social support experience, so your participation in this
    interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.

  • Issue with LDAP login authentication in CMC console

    We have a existing issues with Business Objects BOE XIR2 SP2 and LDAP authentication with the BOE CMC Console.
    We use websphere as the application server and it is installed on the same machine (Solaris) as BOE.
    We have this issue on both our production and our recently rebuilt development environment to duplicate the issue.
    Both environment have configured LDAP over SSL and we can login to BOE Infoview Reports with LDAP and we can map groups and users if we login to CMC but we can not login to CMC with secLDAP.
    The specific error still being shown is "Security plugin error: Failed to set parameters on plugin".
    Both environments (DEV and PROD) are fresh installs of BOE XIR2 SP2.
    Any ideas are much appreciated
    Thankyou

    The CMC in XIR2 used com components for the SSL (rather than java like infoview) and I'm betting the WAS deployment is not finding them. Is WAS on a seperate server or is BOE installed there as well?
    I'm not familiar with any regular fixes for an issue like this. If no other replies I'd recommend opening a case with either deployment(WAS on "nix") or authentication(WAS on windows) to see if they can trace down the problem.
    Regards,
    Tim

Maybe you are looking for