Weblogic Portal 9.2 LDAP user listing resulting in NullPointer

Similar Messages

• User status shows active in portal for inactive LDAP users

  Hi all,
  Users listed in the LDAP as deleted or inactive are still listed in EP
  User Management as valid active users.
  1) is there any process or OSS note which can help us to get users
  inactive in portal user management to the corresponding LDAP inactive
  users?
  2) is there any chance that any inactive or deleted entries in LDAP
  should not be searchable from User admin Portal search?
  Any solution for the above problem?
  Please reply.
  Regards,
  haroon

  Hello there,
  i have the same problem: We have several domains that sometimes contain users with the same user-id. This happens, if a user is "moved" from one domain to another: A new user with the same user-id is created in the new domain and the user-status of the user in the old domain is set to "inactive".
  But SAP NetWeaver Portal (7.0 EHP 1) ignores this user-status flag and thus login (with SPNego / Integrated Windows Authentication, which does not send the domain of an identified user to the portal) fails.
  Is there a possibility to get the portal to "ignore" LDAP users (meaning no longer list them in the UME) that have their user-status flag set to "inactive"?
  Thanks for a reply in advance!
  Regards,
  René

• Unable to find user list in Active Directory Authenticator

  Hi all,
  I am using weblogic 10.3 and want to configure ActiveDirectory Authenticator for my weblogic application. We have one managed srever under admin server . I have configured a Active Directory Authenticator named "ADAuthenticator" and made following changes as per the below values:
  I set the control flag to "OPTIONAL" .
  Security Realms-->myrealm-->Providers-->ADAuthenticator-->Provider Specific
  UserName Attribute : ServiceBEA
  Principal : ServiceBEA
  Host : xxxxxx
  User Search Scope : subtree
  Group From Name Filter : (&(ServiceBEA=%g)(objectclass=group))
  Credential : xxxxxx
  Confirm Credential : xxxxxx
  User From Name Filter : (&(ServiceBEA=%u)(objectclass=user))
  Static Group Name Attribute : ServiceBEA
  User Base DN : values provided as per requirement
  Port : 389
  User Object Class : user
  Use Retrieved User Name as Principal : checked
  Group Base DN : same values as per User Base DN
  Static Group Object Class : group
  Group Membership Searching : unlimited
  Max Group Membership Search Level : 0
  These are my AD settings. After doing this i click on save and then activate changes and then restarted the admin server.
  But the problem is when i login to weblogic console to check the user list under "User and Group" i am unble to find any Active Directory users.
  I don't know where i made the mistake. Can some make me out of this trouble.
  Any help is highly appreciated.
  Thanks in advance !

  Hi Sean,
  Actually we have already a Active Directory with username "ServiceBEA" in our windows server. So i used this "ServiceBEA" as UserName Attribute in weblogic console while creating a Active Directory Authenticator.
  You mean to say that we should go for "sAMAccountName" or what? If that is the case then i have also tested with following values, but still no luck.
  UserName Attribute : sAMAccountName
  Principal : ServiceBEA
  Host : xxxxxx
  User Search Scope : subtree
  Group From Name Filter : (&(sAMAccountName=%g)(objectclass=group))
  Credential : xxxxxx
  Confirm Credential : xxxxxx
  User From Name Filter : (&(sAMAccountName=%u)(objectclass=user))
  Static Group Name Attribute : sAMAccountName
  User Base DN : values provided as per requirement
  Port : 389
  User Object Class : user
  Use Retrieved User Name as Principal : checked
  Group Base DN : same values as per User Base DN
  Static Group Object Class : group
  Group Membership Searching : unlimited
  Max Group Membership Search Level : 0
  Please advise what to be place in case of User Name Attribute.
  Any help is highly appreciated.
  Thanks in advance !

• Capture event in weblogic portal 8.1

  Hi
  I have observed some changed behaviour in weblogic portal 8.1.
  in weblogic portal 7.0,whenever user minimize portlet and log off,he again gets
  the same state after login(minimized portlet).
  It is not happeneing in weblogic portal 8.1 ..everytime user is getting same
  (normal state) ,even if he minimized portlet before log out.
  cheers

  Please check out this thread for some details about this behavior:
  http://mktnews1.bea.com/cgi-bin/dnewsweb?cmd=article&group=weblogic.developer.interest.portal&item=6292&utag=
  Cordially,
  George Murnock
  "ashshish" <[email protected]> wrote:
  >
  Hi
  I have observed some changed behaviour in weblogic portal 8.1.
  in weblogic portal 7.0,whenever user minimize portlet and log off,he
  again gets
  the same state after login(minimized portlet).
  It is not happeneing in weblogic portal 8.1 ..everytime user is getting
  same
  (normal state) ,even if he minimized portlet before log out.
  cheers

• LDAP user groups not visible for configuring a Group Portal

  Hi,
  We have created a Custom Security Realm(myRealm) on WebLogic 7.0 SP2 in which
  I've added the Novell LDAP Authentication provider as the authentication provider
  and then set "myRealm" as the default realm for the domain. I am able to start
  the WLS server instance and login to portalAppTools with the "administrator" account.
  We would like to configure a Group Portal. In Portal Administration interfaces,
  when I click on Group Administartion, I am unable to see any of my external LDAP
  groups. I know that we cannot create/delete users or groups in the external LDAP
  repository thru the Admin UI but the documentation says that I should be able
  to view the users/groups in the Admin UI. Authentication against the external
  LDAP repository works fine. Can anybody suggest the reason why we are unable to
  view any of the Users or Groups in our external LDAP repository thru the User
  Administration interfactes.
  Appreciate any feedback.
  Thanks
  Vikram

  Hi Jim,
  I've configured a default LDAP V2 Compatibility Realm by modifying the Config.xml
  file. I was able to restart Weblogic and see the LDAP Groups and Users thru the
  WLS console. In our project we've a unique requirement wherein all Application
  Groups and User Accounts would be stored in an LDAP repository and all BEA SERVICE
  level accounts and groups are stored in a Database (groups like AdminEligible,
  Administrators etc.). We need to be able to look at the groups in both the Database
  and LDAP repositories in order to administer and configure a Group Portal. On
  the outset it looks like we will not be able to do what we want to with the current
  portal framework. Please suggest if there are any alternatives in order to implement
  this solution. I am sure there are lot of other Clients who cannot create groups
  like Administrators, AdminEligible etc in their LDAP repositories and will be
  forced to think of alternatives.
  I would appreciate if you can reply back at your earliest convenience.
  Thanks
  Vikram
  Jim Litton <replyto@newsgroup> wrote:
  The Weblogic 7.0 Authentication Providers (new JAAS Framework) is not
  supported with Portal 7.0. You will need to configure the Compatibility
  Security CustomRealm for Novell to try to get Portal working.
  see defaultLDAPRealmForNovellDirectoryServices at
  http://e-docs.bea.com/wls/docs61/adminguide/cnfgsec.html#1083149
  In addition, remember to test functionality through the Weblogic
  Console. If you can see groups and users there okay it is very likely
  that Portal will operate.
  -- Jim
  Vikram wrote:
  Hi,
  We have created a Custom Security Realm(myRealm) on WebLogic 7.0 SP2in which
  I've added the Novell LDAP Authentication provider as the authenticationprovider
  and then set "myRealm" as the default realm for the domain. I am ableto start
  the WLS server instance and login to portalAppTools with the "administrator"account.
  We would like to configure a Group Portal. In Portal Administrationinterfaces,
  when I click on Group Administartion, I am unable to see any of myexternal LDAP
  groups. I know that we cannot create/delete users or groups in theexternal LDAP
  repository thru the Admin UI but the documentation says that I shouldbe able
  to view the users/groups in the Admin UI. Authentication against theexternal
  LDAP repository works fine. Can anybody suggest the reason why we areunable to
  view any of the Users or Groups in our external LDAP repository thruthe User
  Administration interfactes.
  Appreciate any feedback.
  Thanks
  Vikram

• Authentication in weblogic portal server 8.1 sp2 using external LDAP

  Hi,
  I am trying to use external LDAP for authentication.
  I have configured the ActiveDirectoryAuthenticator giving the necessary
  values
  ( and added
  "-Dcom.bea.p13n.usermgmt.AuthenticationProviderName=ActiveDirectoryAuthentic
  ator" in startWeblgoic.cmd )
  and can see the users and the groups from my LDAP provider in the admin
  console and in the admin portal's "users and groups".
  A set of users are given permission to access the restricted site and those
  users are visible in the global role with the permission.
  The web.xml is configured for BASIC auth-method, and the role is
  <externally-defined/> in weblogic.xml.
  Now when I access a restricted page, I am shown a dialog prompt to key in
  the username and password.
  Even when I key in the valid credentials, the restricted page is not shown
  and an "Unauthorized xxx" 401 access error is thrown.
  Any clue, on what i am missing.?
  Please let me know if any suggestion / idea.
  Regards,
  Arun.

  Assuming your application is a WebLogic Portal application, then yes you would definitely need to install WLP 8.1. WLP version 8.1 is the only version of WLP that will run on WLS/WLW version 8.1.
  In order to obtain the product installer, you'll need to contact Oracle Support and file a request. It is not available for download from any Oracle public site. Only version 10.3 is available for download.
  Brad

• How to force a new password in portal with LDAP user? external users

  With an external portal (used by agents that do not work for you or reside in your office), company policy is for password to be changed every qtr.
  If the users are creating as LDAP users how to force them to change their password when required?
  Is this a custom application that needs to be written so when they log into the portal if the qtr has expired the portal ask them to enter a new password that becomes valid for the next qtr.
  Versus internally deleting and emailing all the users a new password?

  Hi Glenn,
  We are getting one problem when we are creating user in LDAP and login with that user in  Portal that time we are getting Password change screen , but when we create a user in LDAP and change the password of that user in LDAP then when the user tries to  Login to portal that time we are not able to see the password change screen.
  But again if we change the password of that user through Portal we are able to see change password screen.
  can you help on this how we can force the user to change password when we are changing password in LDAP or in SAP System.
  Regards
  Trilochan

• LDAP users Faicng Error While Accessing the ESS Iviews in Portal

  Hi,
  My Portal is SAP EP 7.0 SP20 And ECC 6.0 SP16.
  UME users able to access the ESS MSS Iviews.But only one LDAP User only access ESS/MSS Iviews Other getting the Below error.
  Critical Error
  A critical error has occured. Processing of the service had to be terminated. Unsaved data has been lost.     
  Please contact your system administrator     
  Syntax error in program CL_XSS_CAT_BUFFER=============CP        ., error key: RFC_ERROR_SYSTEM_FAILURE     
  Syntax error in program CL_XSS_CAT_BUFFER=============CP        ., error key: RFC_ERROR_SYSTEM_FAILURE:
  com.sap.tc.webdynpro.modelimpl.dynamicrfc.WDDynamicRFCExecuteException: Syntax error in program CL_XSS_CAT_BUFFER=============CP        ., error key: RFC_ERROR_SYSTEM_FAILURE
                  at com.sap.tc.webdynpro.modelimpl.dynamicrfc.DynamicRFCModelClassExecutable.execute(DynamicRFCModelClassExecutable.java:101)
                  at com.sap.xss.ser.xssmenu.fc.ModelHandler.onInit(ModelHandler.java:205)
                  at com.sap.xss.ser.xssmenu.fc.wdp.InternalModelHandler.onInit(InternalModelHandler.java:428)
                  at com.sap.xss.ser.xssmenu.fc.FcXssMenu.setPersonnelNumber(FcXssMenu.java:570)
                  at com.sap.xss.ser.xssmenu.fc.FcXssMenu.onInit(FcXssMenu.java:292)
                  at com.sap.xss.ser.xssmenu.fc.wdp.InternalFcXssMenu.onInit(InternalFcXssMenu.java:455)
                  at com.sap.xss.ser.xssmenu.fc.FcXssMenuInterface.onInit(FcXssMenuInterface.java:165)
                  at com.sap.xss.ser.xssmenu.fc.wdp.InternalFcXssMenuInterface.onInit(InternalFcXssMenuInterface.java:389)
                  at com.sap.xss.ser.xssmenu.fc.wdp.InternalFcXssMenuInterface$External.onInit(InternalFcXssMenuInterface.java:546)
                  at com.sap.pcuigp.xssfpm.wd.FPMComponent$FPM.attachComponentToUsage(FPMComponent.java:922)
                  at com.sap.pcuigp.xssfpm.wd.FPMComponent$FPM.attachComponentToUsage(FPMComponent.java:891)
                  at com.sap.pcuigp.xssfpm.wd.FPMComponent$FPMProxy.attachComponentToUsage(FPMComponent.java:1084)
                  at com.sap.pcuigp.xssutils.navi.FcNavigation.onInit(FcNavigation.java:314)
                  at com.sap.pcuigp.xssutils.navi.wdp.InternalFcNavigation.onInit(InternalFcNavigation.java:358)
                  at com.sap.pcuigp.xssutils.navi.FcNavigationInterface.onInit(FcNavigationInterface.java:145)
                  at com.sap.pcuigp.xssutils.navi.wdp.InternalFcNavigationInterface.onInit(InternalFcNavigationInterface.java:142)
                  at com.sap.pcuigp.xssutils.navi.wdp.InternalFcNavigationInterface$External.onInit(InternalFcNavigationInterface.java:278)
                  at com.sap.pcuigp.xssfpm.wd.FPMComponent$FPM.attachComponentToUsage(FPMComponent.java:922)
                  at com.sap.pcuigp.xssfpm.wd.FPMComponent$FPM.attachComponentToUsage(FPMComponent.java:891)
                  at com.sap.pcuigp.xssfpm.wd.FPMComponent$FPMProxy.attachComponentToUsage(FPMComponent.java:1084)
                  at com.sap.pcuigp.xssutils.roadmap.VcRoadmap.onInit(VcRoadmap.java:188)
                  at com.sap.pcuigp.xssutils.roadmap.wdp.InternalVcRoadmap.onInit(InternalVcRoadmap.java:162)
                  at com.sap.pcuigp.xssutils.roadmap.VcRoadmapInterface.onInit(VcRoadmapInterface.java:153)
                  at com.sap.pcuigp.xssutils.roadmap.wdp.InternalVcRoadmapInterface.onInit(InternalVcRoadmapInterface.java:144)
                  at com.sap.pcuigp.xssutils.roadmap.wdp.InternalVcRoadmapInterface$External.onInit(InternalVcRoadmapInterface.java:220)
                  at com.sap.pcuigp.xssfpm.wd.FPMComponent.doProcessEvent(FPMComponent.java:564)
                  at com.sap.pcuigp.xssfpm.wd.FPMComponent.doEventLoop(FPMComponent.java:438)
                  at com.sap.pcuigp.xssfpm.wd.FPMComponent.wdDoInit(FPMComponent.java:196)
                  at com.sap.pcuigp.xssfpm.wd.wdp.InternalFPMComponent.wdDoInit(InternalFPMComponent.java:110)
                  at com.sap.tc.webdynpro.progmodel.generation.DelegatingComponent.doInit(DelegatingComponent.java:108)
                  at com.sap.tc.webdynpro.progmodel.controller.Controller.initController(Controller.java:215)
                  at com.sap.tc.webdynpro.progmodel.controller.Controller.init(Controller.java:200)
                  at com.sap.tc.webdynpro.clientserver.cal.ClientComponent.init(ClientComponent.java:430)
                  at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.init(ClientApplication.java:362)
                  at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.initApplication(ApplicationSession.java:782)
                  at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:302)
                  at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingPortal(ClientSession.java:761)
                  at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:696)
                  at com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:253)
                  at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:149)
                  at com.sap.tc.webdynpro.clientserver.session.core.ApplicationHandle.doProcessing(ApplicationHandle.java:73)
                  at com.sap.tc.webdynpro.portal.pb.impl.AbstractApplicationProxy.sendDataAndProcessActionInternal(AbstractApplicationProxy.java:869)
                  at com.sap.tc.webdynpro.portal.pb.impl.AbstractApplicationProxy.create(AbstractApplicationProxy.java:229)
                  at com.sap.portal.pb.PageBuilder.updateApplications(PageBuilder.java:1344)
                  at com.sap.portal.pb.PageBuilder.createPage(PageBuilder.java:356)
                  at com.sap.portal.pb.PageBuilder.init(PageBuilder.java:549)
                  at com.sap.portal.pb.PageBuilder.wdDoInit(PageBuilder.java:193)
                  at com.sap.portal.pb.wdp.InternalPageBuilder.wdDoInit(InternalPageBuilder.java:150)
                  at com.sap.tc.webdynpro.progmodel.generation.DelegatingComponent.doInit(DelegatingComponent.java:108)
                  at com.sap.tc.webdynpro.progmodel.controller.Controller.initController(Controller.java:215)
                  at com.sap.tc.webdynpro.progmodel.controller.Controller.init(Controller.java:200)
                  at com.sap.tc.webdynpro.clientserver.cal.ClientComponent.init(ClientComponent.java:430)
                  at com.sap.tc.webdynpro.clientserver.cal.ClientApplication.init(ClientApplication.java:362)
                  at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.initApplication(ApplicationSession.java:782)
                  at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:302)
                  at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingStandalone(ClientSession.java:741)
                  at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:694)
                  at com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:253)
                  at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:149)
                  at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doContent(DispatcherServlet.java:62)
                  at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doPost(DispatcherServlet.java:53)
                  at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
                  at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
                  at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
                  at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
                  at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
                  at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
                  at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
                  at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
                  at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
                  at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
                  at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
                  at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
                  at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
                  at java.security.AccessController.doPrivileged(Native Method)
                  at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
                  at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
  Caused by: com.sap.aii.proxy.framework.core.BaseProxyException: Syntax error in program CL_XSS_CAT_BUFFER=============CP        ., error key: RFC_ERROR_SYSTEM_FAILURE
                  at com.sap.aii.proxy.framework.core.AbstractProxy.send$(AbstractProxy.java:150)
                  at com.sap.pcuigp.xssutils.xssmenu.model.MenuModel.hrxss_Ser_Getmenudata(MenuModel.java:171)
                  at com.sap.pcuigp.xssutils.xssmenu.model.Hrxss_Ser_Getmenudata_Input.doExecute(Hrxss_Ser_Getmenudata_Input.java:137)
                  at com.sap.tc.webdynpro.modelimpl.dynamicrfc.DynamicRFCModelClassExecutable.execute(DynamicRFCModelClassExecutable.java:92)
                  ... 76 more
  Thanks & Regrads,
  Subba Rao

  Hi,
  Now every user facing the same error while accessing ESS Iviews from Portal.
  in ST22 Dump is created.
  What happened?                                                                                |
  Error in the ABAP Application Program
  The current ABAP program "CL_XSS_CAT_TIME_SHEET=========CP" had to be
  terminated because it has
  come across a statement that unfortunately cannot be executed.
  The following syntax error occurred in program
  "CL_XSS_CAT_BUFFER=============CP " in include
  "CL_XSS_CAT_BUFFER=============CM00C " in
  line 50:
  ""L_CATSDB" and "L_CATSDBCOMM" are not mutually convertible. In Unicode"
  " programs, "L_CATSDB" must have the same structure layout as "L_CATSDB"
  "COMM", independent of the length of a Unicode character."
  The include has been created and last changed by:
  Created by: "SAP "
  Last changed by: "SAP "
  Error in the ABAP Application Program
  The current ABAP program "CL_XSS_CAT_TIME_SHEET=========CP" had to be
  terminated because it has
  |    come across a statement that unfortunately cannot be executed.
  What we need to resolve the above issue.
  Thanks & Regards,
  Subba Rao

• Error while configuring external LDAP user store with weblogic

  Hi,
  I have weblogic 10.3 installed and I can access weblogic admin console using weblogic (admin) user. I want to use external ldap user store to access admin console with users present in external ldap.
  To do this, I have configured authentication provider and provided all the required details to connect to ldap.
  For example:
  Base DN: cn=admin,cn=Administrators,cn=dscc (user with which we will connect to LDAP)
  User DN: ou=People,dc=test,dc=com
  Group DN: ou=Groups,dc=test,dc=com
  This authentication provider is set to SUFFICIENT mode. I have deleted the default authentication provider.
  In the boot.properties file I have given the user name and password of the user with which LDAP instance was created something like below.
  password=xxxxxxx
  username=admin
  Now while starting the admin weblogic server, I am getting the below error:
  <Jul 25, 2012 2:22:28 PM IOT> <Critical> <Security> <BEA-090402> <Authentication denied: Boot identity not valid; The user name and/or password from the boot identity file (boot.properties) is not valid. The boot identity may have been changed since the boot identity file was created. Please edit and update the boot identity file with the proper values of username and password. The first time the updated boot identity file is used to start the server, these new values are encrypted.>
  <Jul 25, 2012 2:22:28 PM IOT> <Critical> <WebLogicServer> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: Authentication denied: Boot identity not valid; The user name and/or password from the boot identity file (boot.properties) is not valid. The boot identity may have been changed since the boot identity file was created. Please edit and update the boot identity file with the proper values of username and password. The first time the updated boot identity file is used to start the server, these new values are encrypted.
  weblogic.security.SecurityInitializationException: Authentication denied: Boot identity not valid; The user name and/or password from the boot identity file (boot.properties) is not valid. The boot identity may have been changed since the boot identity file was created. Please edit and update the boot identity file with the proper values of username and password. The first time the updated boot identity file is used to start the server, these new values are encrypted.
  at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:960)
  at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1054)
  at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
  at weblogic.security.SecurityService.start(SecurityService.java:141)
  at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
  Truncated. see log file for complete stacktrace
  Caused By: javax.security.auth.login.FailedLoginException: [Security:090304]Authentication Failed: User admin javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User admin denied
  at weblogic.security.providers.authentication.LDAPAtnLoginModuleImpl.login(LDAPAtnLoginModuleImpl.java:261)
  at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
  at java.security.AccessController.doPrivileged(Native Method)
  at com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:106)
  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  Truncated. see log file for complete stacktrace
  >
  <Jul 25, 2012 2:22:28 PM IOT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED>
  <Jul 25, 2012 2:22:28 PM IOT> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down>
  <Jul 25, 2012 2:22:28 PM IOT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>
  Can anyone please suggest how to resolve this problem? If, anyone can suggest the exact steps to configure external ldap store to manage admin console via ldap users.
  Regards,
  Neeraj Tati.

  Hi,
  Please refer the below content that I found for Oracle 11g in the docs.
  "If an LDAP Authentication provider is the only configured Authentication provider for a security realm, you must have the Admin role to boot WebLogic Server and use a user or group in the LDAP directory. Do one of the following in the LDAP directory:
  By default in WebLogic Server, the Admin role includes the Administrators group. Create an Administrators group in the LDAP directory, if one does not already exist. Make sure the LDAP user who will boot WebLogic Server is included in the group.
  The Active Directory LDAP directory has a default group called Administrators. Add the user who will be booting WebLogic Server to the Administrators group and define Group Base Distinguished Name (DN) so that the Administrators group is found.
  If you do not want to create an Administrators group in the LDAP directory (for example, because the LDAP directory uses the Administrators group for a different purpose), create a new group (or use an existing group) in the LDAP directory and include the user from which you want to boot WebLogic Server in that group. In the WebLogic Administration Console, assign that group the Admin role."
  Now in my LDAP directory, setup is in such a way that Administrators is a group created under following heirarchy " cn=Administrators,ou=Groups,dc=test,dc=com" and there is one user added in this Administrators group.
  The problem that I am having is when I modify the Admin role in which Administrators group should be added what exaclty I should give in Admin role. Whether I should give only Administrators or full DN: cn=Administrators,ou=Groups,dc=test,dc=com ???
  When i give full DN, it takes every attribute as different, i mean cn=Administrators as different and ou=Groups as different and shows a message that cn=Administrators does not exist.
  Here not sure what to do.
  Also if external ldap authentication provider is the only provider then I need to give the user information in boot.properties file also for weblogic to boot properly. Now, what should I give there in user? still complete DN ??
  Regards,
  Neeraj Tati.

• Table name in which user information is stored in weblogic portal

  Hi Friends,
  Please specify the name of the table which stores user information(such as username,firstname,lastname,email,etc.)in weblogic portal.
  Thanx in advance.
  Chiku.

  Default table is PROPERTY_VALUE. You can write your own property manager to
  save is somewhere else
  Rajneesh
  <John Wayne> wrote in message news:[email protected]..
  Hi Friends,
  Please specify the name of the table which stores user information(such
  as username,firstname,lastname,email,etc.)in weblogic portal.
  Thanx in advance.
  Chiku.

• User creation in Portal Connected to LDAP

  Hi Gurus,
     i want to know if we have LDAP connected to a Portal and someone creates a user on Portal UME , will the user get created in LDAP or portal UME.
     The situation is where any registerd user  accessing the portal should be authenticated against LDAP and he can also do a self registration from portal.So if he self registers, does his user id/Password gets created in LDAP or it stays in Portal UME.If it gets stored all the way to LDAP then we are fine, if not , then is there a way to replicate this user id password to LDAP.
  Thanks in Advance!

  >
  Gaurav Garg wrote:
  > Hi Gurus,
  >    i want to know if we have LDAP connected to a Portal and someone creates a user on Portal UME , will the user get created in LDAP or portal UME.
  User will be created in UME only not in LDAP.
  >    The situation is where any registerd user  accessing the portal should be authenticated against LDAP and he can also do a self registration from portal.So if he self registers, does his user id/Password gets created in LDAP or it stays in Portal UME.
  No the user is created in UME database and not in LDAP. If you are setting up your user persistence in LDAP (authenticating users from LDAP) then you have to setup users in LDAP. UME has a read only access to things that it pulls from LDAP.
  Regards,
  Zaheer

• How to get logged-in user/group information in WebLogic Portal 10.3.2

  Hi bros.
  I have a codesnipet to get information about user who actually logged in weblogic portal:
  import javax.security.auth.Subject;
  import javax.security.auth.login.LoginException;
  import com.bea.p13n.security.Authentication;
  import com.bea.portal.tools.security.user.*;
  public class UGMSummary {
       private static final String username = "weblogic";
       private static final String password = "webl0gic";
       public UGMSummary(){
       public void test(){
            try {
                 Subject tmp = Authentication.authenticate(username, password);
                 //PolicyItem pi = new PolicyItem();
                 //System.out.println("######## " + Authentication.getCurrentSubject().toString());
                 UserIDBuilder builder = new UserIDBuilder();
                 UserID uid = builder.createResourceID();
                 System.out.println("######## Admin ? " + Authentication.isAdministrator(tmp));
                 System.out.println("######## Anonymous ? " + Authentication.isAnonymous(tmp));
                 System.out.println(" ######## " + uid.getUserName());
            } catch (LoginException e) {
                 System.out.println(e.getMessage());
                 //e.printStackTrace();
  }Some println commands above are used to mark in console. I can ensure that there is an user (admin) logged in weblogic system by executing command: Authentication.isAdministrator(tmp);
  Output of codesnipet above is:
  ######## Admin ? true
  ######## Anonymous ? false
  ######## nullMy problem is impossible to use UserID object to get username of weblogic user. Output of command: uid.getUsername() is: null
  Somebody tell me why my code doesn't work though it can authenticate an user.
  Thank in advance.
  ps:
  Some Javadoc for UserID can be found here:
  http://download.oracle.com/docs/cd/E15919_01/wlp.1032/e14255/index.html
  http://download.oracle.com/docs/cd/E15919_01/wlp.1032/e14255/index.html

  Hi, Kevin.
  I'm glad to see your response again. I found some interesting information from your recommendation link. At this time, I know that impossible to get users/groups information by using DelegatedAtnProxyManagerControlFacade (ref: http://download.oracle.com/docs/cd/E15919_01/wlp.1032/e14255/com/bea/portal/tools/ugm/controls/DelegatedAtnProxyManagerControlFacade.html) interface.
  But, I dont know how to get an instance of an object that implemented this interface. My friend give me a codesnipet that shown the way to get a DelegatedAtnProxyManagerControlFacade by using this codesnipet in a GlobalController:
        try
          DelegatedAtnProxyManagerControlFacade delegatedAtnProxyManager = (DelegatedAtnProxyManagerControlFacade)getControl(DelegatedAtnProxyManagerControlFacade.class);
        catch (PolicyRefException e)
          reportPolicyRefException(e);
        catch (OperationNotSupportedException e)
          reportOperationNotSupportedException(e);
        }But I dont know what global.GlobalController actually is ?
  I've asked Google for information but I got nothing. Do you know any documentation that describes about this controller ?
  Thanks, regards !
  Doubt_Man.

• How to use Domino LDAP in WebLogic Portal 8.1?

  Hi, all
  I'm trying to solve the problem of how to use Domino LDAP in WebLogic Portal 8.1. Anybody who have this experience please help me.
  Best Regards,
  Sean

  Hi,
  I just spoke to BEA and domino LDAP not supported although they gave me these
  LDAP filters that might help -
  http://support.bea.com/application?namespace=askbea&origin=ask_bea_answer.jsp&event=link.view_answer_page_solution&answerpage=solution&page=wls/S-09460.htm
  Sean Lin <[email protected]> wrote:
  Hi, all
  I'm trying to solve the problem of how to use Domino LDAP in WebLogic
  Portal 8.1. Anybody who have this experience please help me.
  Best Regards,
  Sean

• Filter very long user list in Weblogic console

  Hi,
  we have configured Weblogic to use Active Directory for authentication, which works fine. However now the user list in the weblogic console is very very long (some 100.000 entries) making it very unconvenient to edit the local users which we also need.
  Is there a way to not display the users from AD here? Or to filter the list by provider? (Directly at the list I can only filter by name).
  Thanks and best regards
  Daniel
  P.S.: It's WLS 10.3.3.0

  Hi Faisal,
  thanks for your reply. Number of rows displayed per page is a good hint, but the list will have multiple 10.000 entries anyway, so this is not really good. When I apply a filter within the Provider configuration can the other users (that got filtered out) still log in? As far as I understood, users who are filtered away here, are not present for weblogic in any way, i.e. also cannot login.
  Cheers
  Daniel

• Is there way send notifications  to portal users within weblogic portal

  Is there way send notifications to portal users within weblogic portal or we need
  to use Message broker channel or JMS for this purpose

  venks wrote:
  Is there way send notifications to portal users within weblogic portal or we need
  to use Message broker channel or JMS for this purposeI think you could do it using the portal event framework....subscribe
  the user to a custom event on login and then just raise the
  event...should be examples in the samples app....check the javadocs for
  com.bea.p13n.events.Event
  Martin