WLSE support of Novell LDAP server NDS

Hi all,
It seems that WLSE (tested with 2.12) generates LDAP search packets that are not compatible with Nortel LDAP server called NDS.
NDS is not designed to give the Userpassword in a reply of a ldap search as it is requested by the WLSE.
I did not found on CCO a document that describes the LDAP servers supported by WLSE.
Does anybody know what LDAP servers are supported by WLSE (2.12) and if NDS is supported?
I attach logs on WLSE + sniffer trace where we can see teh ldap search from teh WLSE and the reply from NDS (not contating the UserPassword value).
Many thanks for your help.
Regards/Ludovic.

I have the same problem with WLSE express 2.12 version, i have been trying to authenticate users against lotus LDAP server with not success, after make some test, i found that if y send the password in clear text the test passed but if i specify any other option that was not clear text or md5 the test was not success, so i think this device not support encryptation, I open a case and effectively they said that i was not supported but not give me the reason

Similar Messages

LDAP server support for NetWeaver

I would like to know what LDAP Directory servers are officially supported by Netweaver versions. I have been scouring the web and can not find any document where it is written which product is officially support. Some places I read about Novell, but nothing concrete on the offical support .
Does anyone know the answer and where I can find more info on this.
Thanks

Hi Frajib,
   I don't think I've seen a list for netweaver in general. I do know for the Portal application on Web AS 6.40 you have the following LDAP options.
   MS ADS
   SUN ONE
   NOVELL LDAP Server
   Siemens LDAP Server
Hope this helps.
John

Deleting a Entry in LDAP Server through JNDI

I have modified and created enteries in LDAP Server.But have no idea how to remove or delete a entry(a subcontext).
can anyone help ne out
thanks
murali

Thank you mike.its working.I just missed that method.
I have one more problem.
i am using the octetstring's jdbc-ldap bridge to connect to Eudora LDAP server, but when ever i try to connect to the server we are getting the following error...
javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object]; remaining name 'o=Siquell,c=IN'
even though we have the root dsn i.e "o=Siquell,c=IN". this we can say cause we were able to connect to the same server using JNDI.
Is this because octetstring's jdbc-ldap bridge is not supported by Eudora LDAP server.
Thanks
Murali

How to connect to Novell Ldap

Hi,
i tried to connect to our ldap server via novell's jdbc:ldap bridge. but this caused a classDefNotFoundError in the runtime version.
May you explain how i have to build an anonymous connection to a novell ldap server via JNDI?
there's no ssl available.
regards,
Patrick

thanks.
i'll first try to get the jdbc:ldap bridge running.
in the last two weeks i also tried to build the jndi connection on the basis of the jndi tutorial. unsuccessfully.
maybe i'll get the ldap bridge working.

Portal 7 and embedded LDAP server

I searched for this on support but nothing much came up on Portal 7, so here
goes:
We're thinking of moving to LDAP for user authentication. LDAP 2 is
supported by the current Portal. What LDAP version is supported by the
embedded LDAP server that comes with WLS? Can I convert sooner or later?
Do I have to wait on something?
Should I put off putting my users into LDAP 2 (OpenLDAP) or wait and use the
embedded LDAP?
Thanks,
Steve

Ture,
Can use LDAP for UUP without using it for authentication/authorization? If so,
how, or at least can you kindly point to a document that descrips how?
Thanks
Ture Hoefner <[email protected]> wrote:
Hello Steve,
I think you may be confusing the LDAP v2 specification with the WLS
6.x, 7.x
V2 LdapRealm. The "V2" in "V2 LdapRealm" does not have anything to do
with the
LDAP v2 spec. It is just version 2 of the LdapRealm (
http://e-docs.bea.com/wls/docs70/secmanage/security6.html#1071872 )
Portal
doesn't really care which LDAP server you are using (and it works with
both the
original LdapRealm and the V2 LdapRealm).
When using Portal with LDAP, there are three things you can use it
for:
1) authentication/authorization, using WLS security framework, and/or
2) read-only Unified User Profile (UUP) via LdapPropertyManager in
ldapprofile.jar to get user properties from LDAP, and/or
3) read/write UUP via your own custom EntityPropertyManager to get/set
user
properties from LDAP.
If you are using LDAP for authentication/authorization, then just follow
instructions from WLS for configuring it. Your Portal app is a J2EE
app that
will use this service from your WLS app server.
If you are using LDAP for a UUP then it doesn't really matter which LDAP
server
you use, as long as it really follows the LDAP spec. Portal just uses
JNDI to
search for attributes in the LDAP server and provides them to you as
user
properties.
Steve Lewis wrote:
I searched for this on support but nothing much came up on Portal 7,so here
goes:
We're thinking of moving to LDAP for user authentication. LDAP 2 is
supported by the current Portal. What LDAP version is supported bythe
embedded LDAP server that comes with WLS? Can I convert sooner orlater?
Do I have to wait on something?
Should I put off putting my users into LDAP 2 (OpenLDAP) or wait anduse the
embedded LDAP?
Thanks,
Steve--
Ture Hoefner
BEA Systems, Inc.
4001 Discovery Drive
Suite 340
Boulder, CO 80303
www.bea.com

Novell LDAP Group - Role

Hi,
I have created a Novell LDAP Group. In my realm I have now two authentication
providers: default and novell, both optional. If I authenticate my user which
is stored in the novell ldap the user is correctly authenticated (request.getRemoteUser()
!= null), although the log says user denied (no matter if the user is in the embedded
ldap or the novell, but maybe the other one always complains). (novell user gets
rejected if password is wrong)
For a novell group i create a role with the condition: caller is a member of the
group"novell group" this seems not to work. with request.isUserInRole("novell
group") i get "false" !!
any ideas??
regards
tobias

found my mistake. i created a role in the weblogic console which i also have defined
in the web.xml. then i also need to assign this role to the principal (my group)
in the weblogic.xml.
if i have a role not defined in the web.xml the request.isUserInRole(<RoleName>)
works fine, but not in the above described case without assignment in the weblogic.xml.
"Tobias Voigt" <[email protected]> wrote:
>
Actually groups are also configured correctly as it seems for me. On
the group
page, the ldap group is also listed (in the provider column it says NovellAuthenticator).
Also if i look at the output of weblogic.security.Security.getCurrentSubject()
the LDAP group is also listed as a Principal.
weblogic.security.SubjectUtils.isUserInGroup(<Subject>,<LDAPGroup>) says
true.
but request.isUserInRole(<Role for Members in LDAPGroup>) says false.
(Btw: Weblogic 8.1 sp1)
"tm" <no-reply> wrote:
Hi Tobias,
It sounds like you can successfully use users
in your Novell LDAP server but you cannot
successfully use groups from the LDAP server.
(ie. when you login, it's finding the user, but it
isn't finding the user's groups thus the role isn't working).
I'm assuming that you have configured a NovellAuthenticator.
You must configure the NovellAuthenticator to tell
how groups are stored in your Novell LDAP server
(ie. tell it about the group schema). If this is not
correctly configured, then groups won't work.
See http://e-docs.bea.com/wls/docs81/secmanage/providers.html#1172008
for more information on configuring group schemas for LDAP authentication
providers.
-tm
"Tobias Voigt" <[email protected]> wrote in message
news:[email protected]...
Hi,
I have created a Novell LDAP Group. In my realm I have now twoauthentication
providers: default and novell, both optional. If I authenticate myuser
which
is stored in the novell ldap the user is correctly authenticated(request.getRemoteUser()
!= null), although the log says user denied (no matter if the useris in
the embedded
ldap or the novell, but maybe the other one always complains). (novelluser gets
rejected if password is wrong)
For a novell group i create a role with the condition: caller is amember
of the
group"novell group" this seems not to work. withrequest.isUserInRole("novell
group") i get "false" !!
any ideas??
regards
tobias

What should be done in certmap.conf for 2-way SSL support from a standalone Java application to an SSL enabled LDAP Server

To support certficate based client authentication using 2-way SSL from a standalone java application which uses JNDI and JSSE1.0.2 to connect to an SSL enabled LDAP Server how do we configure the certmap.conf?Is there any additional setup required at the LDAP Server side apart from enablinf SSL with the option"Required Client Authentication" enabled.The 2 way SSL handshake goes through but the access log file (After configuring the certmap.conf for the issuer DN of the client certficate etc..)shows SSL failed to LDAP DN?But inspite of this access log error the Java client does get an SSL Connection object with which it is able to connect to the LDAP.IS the certmap.conf file being looked up by the LDAP Server at all?

have you out.flush() and out.close() before you call connection.getInputStream()?

How to validate users with Novell Directory Server

Hi all, with iAS 6.0 SP3, how i can validate users stored in Novell
Directory Sever?
Thanks

Hi
I believe iAS is designed to work with iDS which is bundled along
with the SP3 download. Also the directory server which is working with
iAS must be Nortel LDAP Schema compatible and I'm not sure if NDS(Novell
Directory Server) is compatible. What I'm trying to understand is if you
have already registered iAS with NDS and you are having trouble in
accessing the users or if you are having trouble in the installation.
Raj
Josep Maria Camps Riba wrote:
Hi all, with iAS 6.0 SP3, how i can validate users stored in Novell
Directory Sever?
Thanks

How to determine LDAP server type

Hello,
Please post some hints how to determine LDAP server type(MS AD, OpenLDAP, Novell, Sun...) from rootDSE or somehow else?
Thank you,
Vladislav

Hello Vladislav,
the root DSE should be the best place to look for such
things, I'd say. This is where an LDAP server advertises
its capabilities. However, I'm not aware of an easy, fail-
safe way of doing the distinguishing. One way, which would
need some good logic, though, would be to go by supported
OIDs, e.g. a SunONE DS 5.x will have attribute values like
this in the rootDSE:
supportedExtension=2.16.840.1.113730.3.5.3
supportedExtension=2.16.840.1.113730.3.5.5
(basically saying the DS supports it's own replication
protocol). But it is quite feasible for other servers
to support this protocol and thus advertise those OIDs
in the rootDSE. Therefore you'd probably need to check your
logic again and again for every new release of every known
directory server.
My 2 cents,
Karl.

How can I get properties from my ldap server?

urgent,I don't know
how to use the getproperties to get the properties
from ldap server,anyone help?

Hi Kevin,
You could write a portlet that uses the <um:getProfile> and
<um:getProperty> tag (
http://edocs.bea.com/wlp/docs40/p13ndev/jsptags.htm#1058056 )
Or you can do an easier test that requires no coding: If you use the EBCC
to create metadata about your ldap property set, then you can use the JSP
portal admin tool to see your LDAP properties for a user. I think if you go
through the UUP example on dev2dev.bea.com it has instructions for doing
this with a UUP. Basically, create a property set (a.k.a. "user profile")
named "ldap" in the EBCC and create properties that match the ones you want
to retrieve ("telephoneNumber", etc...CASE SENSITIVE). Then access the JSP
portal admin tool. If you are not using the LDAPRealm as your alternate
security realm then create a user that you know exists in LDAP and then hit
the link for the user and search the "ldap" property set and you will see
their property values. If you are using the LDAPRealm for authentication,
then this is not a ManageableRealm so you cannot create users (they are
managed in your LDAP server). So, if you are using the LDAP realm, just
create the "ldap" property set in the EBCC and go to the user mgmt tools in
the JSP admin tools and you will see your user. Then search the "ldap"
property set for your user and you will see the property values.
Ture Hoefner
BEA Systems, Inc.
www.bea.com
"Kevin" <[email protected]> wrote in message
news:[email protected]...
>
Hello,
We're trying to retrieve an arbitrary profile and it's attributes from
a Novell NDS ldap server. I've configured the ldapprofile.jar as
described in the portal doc:
http://edocs.bea.com/wlp/docs40/p13ndev/users.htm#1131824
but the article doesn't go on to describe how to use the configuration
to actually access the properties.
I'm unsure as to how to use the com.bea.p13n.usermgmt.profile.ldap
package to retrieve the information I need.
Is there some step by step instructions to achieve this as well as
some sample code to run in a jsp to test this functionality?
Thanks for any help.
Kevin
Ture Hoefner <[email protected]> wrote:
Hi Eric,
The LdapPropertyManager handles that for you. All you have to do is
deploy it. (I'm talking about Portal 4.0). See the docs at "Accessing
Properties from an LDAP Server" (
http://edocs.bea.com/wlp/docs40/p13ndev/users.htm#1131824 )
You will need to deploy the LDAPPropertyManager EJB, located in
ldapprofile.jar. It is shipped with the product in
<wlportal4.0-install-dir>/lib/p13n/ejb/ldapprofile.jar.
Eric Nie wrote:
urgent,I don't know
how to use the getproperties to get the properties
from ldap server,anyone help?--
Ture Hoefner
BEA Systems, Inc.
2590 Pearl St.
Suite 110
Boulder, CO 80302
www.bea.com

ASA Remote Access Authentication with LDAP Server

Thank you in advance for your help.
I am configuring an ASA to authenticate with a ldap server for ipsec vpn access. My customer has 3 networks that are to be accessed by remote users. However they want to be able to say that one user can get to 2 of the networks and not the 3rd. So basically they want control over what network behind the firewall each user can access. This seems doable from my reading and I had planned to creating a group for each network that needs accessible and either do attribute maps to each group with a separate group created on the ldap server for authentication. Basically a ldap group on the ldap server that will have the users name in the group in order for access. I can restrict access via acl's or filtering to force my group to only be allowed access to a specific network. Here is the problem I am having now.
The ldap server has been created and seems to be working fine. I have created my AAA groups and servers and I have done the ldap test with a test user vpntest and a password on the ldap server. When I run the authentication test from the ADSM or command line I get a good authentication successful message. So I configured a vpn client remotely and attempted to authenticate to this group and it says there is no user by that name. Below is a paste of the debug. The second part is when I did a successful test from the ASDM or CLI and it worked great. The first part is when I attempted from the vpn client. It all looks the same from the search criteria. What am I missing here or does anyone more knowledgeable see anything that I am doing wrong. Can this be done this way or should I try radius. The customer was just adament about using ldap.
extvpnasa5510#
[243] Session Start
[243] New request Session, context 0xd5713fe0, reqType = 1
[243] Fiber started
[243] Creating LDAP context with uri=ldaps://130.18.22.44:636
[243] Connect to LDAP server: ldaps://130.18.22.44:636, status = Successful
[243] supportedLDAPVersion: value = 2
[243] supportedLDAPVersion: value = 3
[243] No Login DN configured for server 130.18.22.44
[243] Binding as administrator
[243] Performing Simple authentication for to 130.18.22.44
[243] LDAP Search:
        Base DN = [ou=employees,o=msues]
        Filter = [uid=vpntest]
        Scope   = [SUBTREE]
[243] User DN = [uid=vpntest,ou=employees,o=msues]
[243] Talking to iPlanet server 130.18.22.44
[243] No results returned for iPlanet global password policy
[243] Fiber exit Tx=386 bytes Rx=414 bytes, status=-1
[243] Session End
extvpnasa5510#
[244] Session Start
[244] New request Session, context 0xd5713fe0, reqType = 1
[244] Fiber started
[244] Creating LDAP context with uri=ldaps://130.18.22.44:636
[244] Connect to LDAP server: ldaps://130.18.22.44:636, status = Successful
[244] supportedLDAPVersion: value = 2
[244] supportedLDAPVersion: value = 3
[244] No Login DN configured for server 130.18.22.44
[244] Binding as administrator
[244] Performing Simple authentication for to 130.18.22.44
[244] LDAP Search:
        Base DN = [ou=employees,o=msues]
        Filter = [uid=vpntest]
        Scope   = [SUBTREE]
[244] User DN = [uid=vpntest,ou=employees,o=msues]
[244] Talking to iPlanet server 130.18.22.44
[244] Binding as user
[244] Performing Simple authentication for vpntest to 130.18.22.44
[244] Processing LDAP response for user vpntest
[244] Authentication successful for vpntest to 130.18.22.44
[244] Retrieved User Attributes:
[244]   sn: value = test user
[244]   givenName: value = vpn
[244]   uid: value = vpntest
[244]   cn: value = vpn test user
[244]   objectClass: value = top
[244]   objectClass: value = person
[244]   objectClass: value = organizationalPerson
[244]   objectClass: value = inetOrgPerson
[244] Fiber exit Tx=284 bytes Rx=414 bytes, status=1
[244] Session End

Hi Larry,
You can map AD group memberships to specific group policies on the ASA, you can find that configuration here:
- http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/91831-mappingsvctovpn.html
Let me know if further assistance is required!
Please proceed to rate and mark as correct the helpful Post!
David Castro,
Regards,

Can an LDAP server be it's own client?

In short yes, why would you want to do this? Many reasons, but mine is to be able to use ldap on laptops running Solaris and have them log into the machine with ldap credentials off the network. When we plug them back onto the network, I have a master server send any new data via one-way replication. I will give 2 separate ways to accomplish this. One is, to put it bluntly, a dirty hack to get it working. The second is much more elegant and it's the one I have stressed tested to verify that it works.
Disclaimer: I have only used these methods on Solaris10 update 3 with Trusted Extensions using directory server 5.2 as well as the administration server. I have used a few different kinds of machines (all x86) and have not had a problem with it. I do not know if it will work on any other version or hardware. I haven't even looked at the source code, all assumptions made here are from observing the systems behavior while making minor changes.
Now, the reasons why normally you can't be your own client (at least as far as I can tell) is because of the way the system boots and the dependencies that the ldap/client service needs to start up. If you boot a machine that is it's own client and ldap/client runs before the directory server starts, of course it will fail. The system boots the services first, then legacy init scripts. Directory Server 5.2 uses init scripts. Correct me if I am wrong, but that is the only real hurdle in your way.
So the first way to get it 'working' (dirty hack) is to delay the ldap/client smf service from starting until the directory server is started. After you become a client of yourself (in this case the global zone) disable the ldap/client serrvice.
svcadm disable ldap/clientThen enable it temporarily with the -t option
svcadm enable -t ldap/clientWell if you were to reboot now it would not work because the service would not start at boot because it is set to be administratively down. Edit the S72directory script in /etc/rc2.d and after the start commands just add the svcadm enable -t ldap/client command and it will load right after directory server starts. Will this work? Yes, is it a clean way to do it? NO. I used this method just for testing the theory that the only reason I could not be my own client was because of the booting issue.
Now the best way that I can see to accomplish this is to create your own smf services for the directory server and admin server. That way all you have to do is add a dependency to the ldap/client xml file to wait until the new directory server service is started before it starts. So in /var/svc/manifest/site create a folder called ldap (I put this in site because I didn't want to run into any issues of patching). In /var/svc/manifest/site/ldap/ create two xml files named:
quick note: These are the first services I have created. There may be a much better way to make them. If you can re-code it better, please let me know so I can look at them. Also there is no restart command in here (actually I just noticed that) so adding one of those would be wise.
ds_admin.xml and directory_server.xml.
ds_admin.xml contains<?xml version="1.0"?>
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">

<service_bundle type='manifest' name='SUNWdsadmin:dsadmin'>
<service
     name='site/ldap/ds_admin'
     type='service'
     version='1'>
     <create_default_instance enabled='false' />
     <single_instance />
     <dependency
         name='fs'
         grouping='require_all'
         restart_on='none'
         type='service'>
          <service_fmri value='svc:/system/filesystem/minimal' />
     </dependency>
     <dependency
         name='net'
         grouping='require_all'
         restart_on='none'
         type='service'>
          <service_fmri value='svc:/network/initial' />
     </dependency>
     <exec_method
         type='method'
         name='start'
         exec='/lib/svc/method/ds_admin start'
         timeout_seconds='120' >
          <method_context>
               <method_credential user='root' group='sys' />
          </method_context>
     </exec_method>
     <exec_method
         type='method'
         name='stop'
         exec='/lib/svc/method/ds_admin stop'
         timeout_seconds='60' >
          <method_context>
               <method_credential user='root' group='sys' />
          </method_context>
     </exec_method>
     <stability value='Unstable' />
     <template>
          <common_name>
               <loctext xml:lang='C'>
               LDAP Admin server
               </loctext>
          </common_name>
          <description>
               <loctext xml:lang='C'>
LDAP admin server
Information Service lookups
               </loctext>
          </description>
     </template>
</service>
</service_bundle>and directory_server.xml contains:
<?xml version="1.0"?>
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">

<service_bundle type='manifest' name='SUNWds:ds'>
<service
     name='site/ldap/directory_server'
     type='service'
     version='1'>
     <create_default_instance enabled='false' />
     <single_instance />
     <dependency
         name='usr'
         grouping='require_all'
         restart_on='none'
         type='service'>
          <service_fmri value='svc:/system/filesystem/minimal' />
     </dependency>
     <dependency
         name='net'
         grouping='require_all'
         restart_on='none'
         type='service'>
          <service_fmri value='svc:/network/initial' />
     </dependency>
<dependency
            name='ds_admin'
            grouping='require_all'
            restart_on='none'
            type='service'>
                <service_fmri
                    value='svc:/site/ldap/ds_admin' />
     </dependency>
     <exec_method
         type='method'
         name='start'
         exec='/lib/svc/method/directory_server start'
         timeout_seconds='120' >
          <method_context>
               <method_credential user='root' group='sys' />
          </method_context>
     </exec_method>
     <exec_method
         type='method'
         name='stop'
         exec='/lib/svc/method/directory_server stop'
         timeout_seconds='60' >
          <method_context>
               <method_credential user='root' group='sys' />
          </method_context>
     </exec_method>
     <stability value='Unstable' />
     <template>
          <common_name>
               <loctext xml:lang='C'>
               LDAP directory server
               </loctext>
          </common_name>
          <description>
               <loctext xml:lang='C'>
LDAP directory server
Information Service lookups
               </loctext>
          </description>
     </template>
</service>
</service_bundle>Now the start/stop scripts will be located in /lib/svc/method and are as followed:
ds_admin
#!/sbin/sh
case "$1" in
     start)
          /usr/sbin/directoryserver start-admin
     stop)
          /usr/sbin/directoryserver stop-admin
          echo "Usage: $0 { start | stop }"
          exit 1
esac
exit 0simple yes.
directory_server
#!/sbin/sh
HOST_NAME=`hostname`
SERVER_ROOT=/var/opt/mps/serverroot
DIRECTORY_SERVER_INSTANCE=slapd-${HOST_NAME}
case "$1" in
     start)
          ${SERVER_ROOT}/${DIRECTORY_SERVER_INSTANCE}/start-slapd
     stop)
          ${SERVER_ROOT}/${DIRECTORY_SERVER_INSTANCE}/stop-slapd
          echo "Usage: $0 { start | stop }"
          exit 1
esac
exit 0The only thing left to do is modify the ldap/client smf file to wait until the directory server starts before it loads.
So edit /var/svc/manifest/network/ldap/client.xml and right before the dependency for for /var/ldap/ldap_client_file add this
<dependency
            name='directory_server'
            grouping='require_all'
            restart_on='none'
            type='service'>
                <service_fmri
                        value='svc:/site/ldap/directory_server' />
        </dependency>
Any changes made to the /ldap/client xml file must be made after ALL zones have been installed. If this file is copied to a zone it will never work as the directory_server service is not loaded in the zones.
Now what? You must remove the legacy init scripts in /etc/rc2.d. Those would be S72directory and S73mpsadm. No need to keep them around, alternatively, you can just change the capital 'S' to lower case and they want start.
You can now either use svccfg to validate and import the new services or you can reboot. Typically, I reboot and use the '-m verbose' option on boot to watch the services for any errors. I haven't had any lately but on different systems I always watch to see if it behaves different.
That's it. I have rebooted all the machines many, many times without error. This of course does not address loading the directory server or adding users, tnrhdb file, etc... We have scripted most of loading out and once we get some error correction coded in I will post them.
Also, if you find any errors or even a better way to accomplish this, please post it.

This restriction is only in terms of implementing the Solaris support for LDAP as a naming service. If the Solaris OS is configured to use LDAP as a naming service, it can't use a LDAP server running on the same host.
The reason is that the LDAP server makes naming service calls before it gets fully started up. If the OS wants to use the LDAP server for the naming service, then a deadlock happens, where the LDAP server's gethostbyname() call can't complete because the LDAP server isn't up.
It is possible to configure the Solaris naming resolution to avoid this problem. I've got a system set up this way myself. Regardless, the official support channels won't support a system set up this way, so if you do this you do it at your own risk.

"untrusted server cert chain" exception while connecting LDAP server

While connecting to LDAP server using JNDI over JSSE ..This is happening when trying to get the initial context
using
InitialDirContext initContext = new InitialDirContext(env);
where env is a hash table set with the default parametes.The certificate used for is a Novell CA certificate converted to X509 format and the key store is initialized with this

This got resolved when in the code the following
System.setProperty("javax.net.ssl.tmrustStore", CertFileName);
where cert file name is the filename with complete path.the file is a CA certificate of the LDAP server
in X509 format

Ldap server authentication for EAI domain

Hi everybody,
I have configured a new realm fot the security of the created EAI Domain and
made it default. In this realm, the authentication provider is the iPlanet LDAP
Server.
Now the booting is fine but then when I am starting the Weblogic Studio, it is
not getting authenticated and I keep getting the error :
<Nov 26, 2002 10:00:27 AM IST> <Error> <B2B> <000000> <<WLI-Security> ERROR: No
realm found.>
<Nov 26, 2002 10:00:27 AM IST> <Error> <B2B> <000000> <<WLI-Security> ERROR: Ini
tialization of WLI Authentication Service failed with exception java.lang.Runtim
eException: ERROR: No realm found..>
The error page obtained at studio is what is given as attachment.
Anybody having any info regarding the same - pl. do pass on.
Thanks and regards,
Ritwik
[wli-error.doc]

Hello Ritwik,
it should for sure, but with this release WLI depends on the
compatibility realm.
Christian Plenagl
Developer Relations Engineer
BEA Support
"Ritwik" <[email protected]> wrote:
>
Conceptually if I create respective groups (similar to the groups and
users of
the compatability realm) in the ldap server and do the authentication
from there
- it should work - shouldn't it???
Any pointer !!!
Regds,
Ritwik
"Christian Plenagl" <[email protected]> wrote:
Hi Ritwik,
you can read in the WLI documentation, that WLI7 currently supportsthe
compatibility
realm only.
Please have a look at:
http://e-docs.bea.com/wli/docs70/deploy/secure.htm#1365621
Christian Plenagl
Developer Relations Engineer
BEA Support
"Ritwik" <[email protected]> wrote:
Hi everybody,
I have configured a new realm fot the security of the created EAI
Domain
and
made it default. In this realm, the authentication provider is theiPlanet
LDAP
Server.
Now the booting is fine but then when I am starting the Weblogic Studio,
it is
not getting authenticated and I keep getting the error :
<Nov 26, 2002 10:00:27 AM IST> <Error> <B2B> <000000> <<WLI-Security>
ERROR: No
realm found.>
<Nov 26, 2002 10:00:27 AM IST> <Error> <B2B> <000000> <<WLI-Security>
ERROR: Ini
tialization of WLI Authentication Service failed with exception java.lang.Runtim
eException: ERROR: No realm found..>
The error page obtained at studio is what is given as attachment.
Anybody having any info regarding the same - pl. do pass on.
Thanks and regards,
Ritwik

SAP HR to LDAP Server Integration

Dear Experts,
We are trying to integrate HR data from SAP ECC to an LDAP server using the built in LDAP connector settings in ECC.
It is working well with the exception that the KEY field from HR is being populated into one of the spare fields on Activie Directory. Is there anyway to prevent this. It is required in the LDAP Mapping synchronization but is not required in LDAP server.
We have tried the various combinations of import and export parameters but nothing works.
Many thanks in advance.
Mark

Hello Mark,
Check this link
http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/06187a32-0a01-0010-709b-e664a61eab08?QuickLink=index&overridelayout=true
Also have a look at OSS notes
- 718383 - NetWeaver: Supported UME Data Sources and Change.
- 352295 - Microsoft Windows Single Sign-On options
regards,

WLSE support of Novell LDAP server NDS

Similar Messages

Maybe you are looking for