WLST IPlanet LDAP configuration
Is it possible to configure IPlanet LDAP Authenticator using WLST offline mode ? If so, can any one say how to configure it in offline mode.
Thanks,
Gopal
No this is not supoorted in Offline mode, you should use online WLST.
Thanks,
-satya
Similar Messages
-
IPlanet LDAP configuration in Weblogic 8.1 SP3
We use iPlanet LDAP provider for app authentication. We need only the authentication and no authorization. However when we do not specify information in Groups and Membership tabs, and provide only User information, authentication fails. Does iPlanet provider need Group and Membership information for simple authemtication?
We use iPlanet LDAP provider for app authentication. We need only the authentication and no authorization. However when we do not specify information in Groups and Membership tabs, and provide only User information, authentication fails. Does iPlanet provider need Group and Membership information for simple authemtication?
-
Iplanet LDAP Configuration in Portal
Hi All,
I was trying to configure my UME with LDAP - iplanet. (Sun one Directory Server) in SAP Netweaver CE. I downloaded the xml file using config tool.
1. dataSourceConfiguration_iplanet_readonly_db
2. dataSourceConfiguration_iplanet_not_readonly_db
3. dataSourceConfiguration_iplanet_deep_readonly_db
while one should i use? How do i know whether iplanet uses a deep or Flat Hierarchy? When i try to use the
dataSourceConfiguration_iplanet_not_readonly_db. on click of save changes, it gives me some "Technical error". But Validate connection in LDAP Server Properties is working fine.
"Test Connection successful".
But server not starting after restart. How else do i change the UME Configurationfrom Database to LDAP? What is the xml file to use? Is there some other configurations to be done?
Thanks,
Divya
Edited by: Divya V on Nov 19, 2010 10:23 AMHi Divya,
Try to contact the systems team who is responsible for maintaining the LDAP in your company. Then call tell you if you use deep or flat hierarchy.
The you need to decide if you want to connect to LDAP only for read only purposes or if you want to update any thing on the LDAP from the portal and have write access.
1. dataSourceConfiguration_iplanet_readonly_db - FOR READ ONLY ACCESS TO LDAP WITH FLAT HIERARCHY
2. dataSourceConfiguration_iplanet_not_readonly_db - FOR WRITEABLE ACCESS TO LDAP
3. dataSourceConfiguration_iplanet_deep_readonly_db - FOR READ ONLY ACCESS TO LDAP WITH DEEP HIERARCHY
You are getting the error when using dataSourceConfiguration_iplanet_not_readonly_db.xmL most likely because the system user that is used to connect to your LDAP might not have write access on the LDAP.
Also, please note that some LDAPs will require an SSL connection between portal and LDAP for writing any thing to the LDAP.
In that case, you will have to setup SSL between EP and LDAP.
Read the documentation for further help:
http://help.sap.com/saphelp_nw70ehp1/helpdata/en/48/d1d13f7fb44c21e10000000a1550b0/frameset.htm
Hope that helps !!
Thanks,
Shanti Mupkala -
Urgent: mapping between OID and iplanet ldap
I am trying to configure the mapping between my iplanet ldap server (source) and OID (destination) . My iplanet dn is uid=sharam,ou=People,dc=xsj,dc=xilinx,dc=com and my OID dn is cn=sharam,cn=users,dc=xsj,dc=xilinx,dc=com
My mapping file looks like this:
DomainRules
dc=xilinx,dc=com:cn=users,dc=xsj,dc=xilinx,dc=com:cn=%,cn=users,dc=xsj,dc=xilinx
AttributeRules
givenname
facsimiletelephonenumber
departmentnumber
mail
uid::::cn
telephonenumber
pager
employeenumber
l
sn
title
When I load this using ldapUploadAgentFile.sh, I am getting the following error in ldap/odi/log/IPlanet.trc file. Any ideas what I am doing wrong??
Trace Log Started at Mon Jul 08 11:28:47 PDT 2002
IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
ODIException: DIP_GEN_UNKNOWN_FAILURE
at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
Updated Attributes
orclodipLastExecutionTime: 20020708112903
orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
orclOdipSynchronizationErrors: Unknown Error Encountered
IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
ODIException: DIP_GEN_UNKNOWN_FAILURE
at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
Updated Attributes
orclodipLastExecutionTime: 20020708112917
orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
orclOdipSynchronizationErrors: Unknown Error Encountered
IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
ODIException: DIP_GEN_UNKNOWN_FAILURE
at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
Updated Attributes
orclodipLastExecutionTime: 20020708112933
orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
orclOdipSynchronizationErrors: Unknown Error Encountered
IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
ODIException: DIP_GEN_UNKNOWN_FAILURE
at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
Updated Attributes
orclodipLastExecutionTime: 20020708112948
orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
orclOdipSynchronizationErrors: Unknown Error Encountered
IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
ODIException: DIP_GEN_UNKNOWN_FAILURE
at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
Updated Attributes
orclodipLastExecutionTime: 20020708113003
orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
orclOdipSynchronizationErrors: Unknown Error Encountered
IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
ODIException: DIP_GEN_UNKNOWN_FAILURE
at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
Updated Attributes
orclodipLastExecutionTime: 20020708113018
orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
orclOdipSynchronizationErrors: Unknown Error Encountered
IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
ODIException: DIP_GEN_UNKNOWN_FAILURE
at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
Updated Attributes
orclodipLastExecutionTime: 20020708113033
orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
orclOdipSynchronizationErrors: Unknown Error Encountered
IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
ODIException: DIP_GEN_UNKNOWN_FAILURE
at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
Updated Attributes
orclodipLastExecutionTime: 20020708113048
orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
orclOdipSynchronizationErrors: Unknown Error Encountered
IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
ODIException: DIP_GEN_UNKNOWN_FAILURE
at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
Updated Attributes
orclodipLastExecutionTime: 20020708113103
orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
orclOdipSynchronizationErrors: Unknown Error Encountered
IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
ODIException: DIP_GEN_UNKNOWN_FAILURE
at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
Updated Attributes
orclodipLastExecutionTime: 20020708113118
orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
orclOdipSynchronizationErrors: Unknown Error Encountered
IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
ODIException: DIP_GEN_UNKNOWN_FAILURE
at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
Updated Attributes
orclodipLastExecutionTime: 20020708113133
orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
orclOdipSynchronizationErrors: Unknown Error Encountered
IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
ODIException: DIP_GEN_UNKNOWN_FAILURE
at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
Updated Attributes
orclodipLastExecutionTime: 20020708113148
orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
orclOdipSynchronizationErrors: Unknown Error Encountered
IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
ODIException: DIP_GEN_UNKNOWN_FAILURE
at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
Updated Attributes
orclodipLastExecutionTime: 20020708113203
orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
orclOdipSynchronizationErrors: Unknown Error Encountered
IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
ODIException: DIP_GEN_UNKNOWN_FAILURE
at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
Updated Attributes
orclodipLastExecutionTime: 20020708113217
orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
orclOdipSynchronizationErrors: Unknown Error Encountered
IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
ODIException: DIP_GEN_UNKNOWN_FAILURE
at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
Updated Attributes
orclodipLastExecutionTime: 20020708113233
orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
orclOdipSynchronizationErrors: Unknown Error Encountered
IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
ODIException: DIP_GEN_UNKNOWN_FAILURE
at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
Updated Attributes
orclodipLastExecutionTime: 20020708113248
orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
orclOdipSynchronizationErrors: Unknown Error Encountered
IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
ODIException: DIP_GEN_UNKNOWN_FAILURE
at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
Updated Attributes
orclodipLastExecutionTime: 20020708113303
orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
orclOdipSynchronizationErrors: Unknown Error Encountered
IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
ODIException: DIP_GEN_UNKNOWN_FAILURE
at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
Updated Attributes
orclodipLastExecutionTime: 20020708113317
orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
orclOdipSynchronizationErrors: Unknown Error Encountered
IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
ODIException: DIP_GEN_UNKNOWN_FAILURE
at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
Updated Attributes
orclodipLastExecutionTime: 20020708113333
orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
orclOdipSynchronizationErrors: Unknown Error Encountered
IPlanetImport:Error in Mapping EngineODIException: DIP_GEN_UNKNOWN_FAILURE
ODIException: DIP_GEN_UNKNOWN_FAILURE
at oracle.ldap.odip.map.MapEngine.constructDN(MapEngine.java:258)
at oracle.ldap.odip.map.MapEngine.mapDomains(MapEngine.java:196)
at oracle.ldap.odip.map.MapEngine.map(MapEngine.java:172)
at oracle.ldap.odip.engine.AgentThread.mapExecute(AgentThread.java:323)
at oracle.ldap.odip.engine.AgentThread.execMapping(AgentThread.java:214)
at oracle.ldap.odip.engine.AgentThread.run(AgentThread.java:124)
Updated Attributes
orclodipLastExecutionTime: 20020708113348
orclOdipSynchronizationStatus: Mapping Failure;Agent Execution Not Attempted
orclOdipSynchronizationErrors: Unknown Error EncounteredStart the odisrv with the debug flag set to 16. This should give you a more detailed trace which might help you sort this.
Hope this helps
Vinodh R. -
Hi, i'm using IPlanet LDAP Server 5.0 and Weblogic 6.0 SP1.
After succeeding in connecting the LDAP server, i want to list all the users
and groups, then the following exception came up. Does anyone know the
reason?
I don't know why we should define the "Users" & "Groups" information when we
try to connect to a LDAP server. Please help me. Thanks!
Exception
weblogic.management.configuration.RealmException: RealmManager.listUsers -
with nested exception:
[weblogic.security.ldaprealm.LDAPException: could not get user list - with
nested exception:
[javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object];
remaining name 'dc=crcc,ou=People,cn=eric lu']]
at
weblogic.management.configuration.RealmManager.listUsers(RealmManager.java:1
63)
at
weblogic.management.console.pages._domain._usertable._jspService(_usertable.
java:346)
at weblogic.servlet.jsp.JspBase.service(JspBase.java:27)
at
weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
:213)
at
weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletCo
ntext.java:1265)
at
weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java
:1622)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:137)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
* Name: Gary Wang
* Tele: 010-65546668-8119
* Mail: [email protected]When you use the LDAP v1 realms you have to supply four primary sets of information
1) The URL of the LDAP server
2) The principal and credentials you use to bind with ... this will usually be
the distinguished name and user password for a user that is set with administrative
rights
3) The User information that indicates (a) what node to look for users ... for
example ou=People,dc=crcc and (b) the attribute that maps to the login ID (typically,
uid)
4) The Group information that indicates (a) what node to look for groups ... for
exampel ou=Groups,dc=crcc and the attribute in each group that represents the
member dn typically either uniquemember or uniquename
Hope this helps.
"Gary" <[email protected]> wrote:
Hi, i'm using IPlanet LDAP Server 5.0 and Weblogic 6.0 SP1.
After succeeding in connecting the LDAP server, i want to list all the
users
and groups, then the following exception came up. Does anyone know the
reason?
I don't know why we should define the "Users" & "Groups" information
when we
try to connect to a LDAP server. Please help me. Thanks!
Exception
weblogic.management.configuration.RealmException: RealmManager.listUsers
with nested exception:
[weblogic.security.ldaprealm.LDAPException: could not get user list -
with
nested exception:
[javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object];
remaining name 'dc=crcc,ou=People,cn=eric lu']]
at
weblogic.management.configuration.RealmManager.listUsers(RealmManager.java:1
63)
at
weblogic.management.console.pages._domain._usertable._jspService(_usertable.
java:346)
at weblogic.servlet.jsp.JspBase.service(JspBase.java:27)
at
weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java
:213)
at
weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletCo
ntext.java:1265)
at
weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java
:1622)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:137)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
* Name: Gary Wang
* Tele: 010-65546668-8119
* Mail: [email protected] -
How can i config WLS7 and iPlanet LDAP
How can i config WLS7 and iPlanet LDAP?
failed during initialization. Exception:java.lang.SecurityException: Authenticat
ion for user weblogic denied
java.lang.SecurityException: Authentication for user weblogic denied
at weblogic.security.service.SecurityServiceManager.doBootAuthorization(
SecurityServiceManager.java:978)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
erviceManager.java:1116)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:703)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:588)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:276)
at weblogic.Server.main(Server.java:31)
>Yos:
Series of steps to get WLS working with some external LDAP server follows:
I. create a new domain /mydomain
II. start server
III. open WebLogic console in a browser
IV. in left frame, go to
security->realms->myrealm->providers->AuthenticationProviders and click
V. in right frame, click on “Configure a new iPlanet Authenticator”
VI. In the new screen, under General, make sure the Control Flag is set to Required,
select a name for this authenticator, and click Create.
VII. Select iPlanet LDAP tab and fill in values for Host, Port, Principal where
these values reflect the settings for your LDAP server. (Note: the default
principal for an iPlanet LDAP server is uid=admin, ou=Administrators,
ou=TopologyManagement, o=NetscapeRoot). Click Apply.
VIII. Click on Credential: Change. At the new screen, enter the credential
associated with the Principal that you entered in step VII in both boxes. This will
be the password that is used to do a bind to your LDAP server with the principal.
Click Apply.
IX. Select Users tab and make sure these properties accurately reflect the structure
of your LDAP server. Most of the time the only property that needs to be changed is
the User Base DN property, from ou=people,o=example.com to
ou=people,o=myCompany.com. Click Apply.
X. Select Groups tab and make sure these properties accurately reflect the structure
of your LDAP server. Most of the time the only property that needs to be changed is
the Groups Base DN property, from ou=people,o=example.com to
ou=groups,o=myCompany.com. Click Apply.
XI. Now, the boot identity of your server absolutely must be a user that exists on
your LDAP server. You must also have an “Administrators” group on your LDAP server,
and the boot identity must be a user that exists in this “Administrators” group, or
the server will not start. So open your LDAP console (this will be a console that
is specific to the LDAP server you are using) and use the management tools to create
the “Administrators” group and a user that you place in the “Administrators” group
that is the boot identity that you use to start WebLogic.
XII. Make these changes and restart the server.
XIII. You can verify that the LDAP setup is correct by doing a thread dump. You
should see a thread like:
“LDAPConnThread localhost:389" daemon prio=5 tid=0x8d9b308 nid=0x8f8 runnable
[0x9e2f000..0x9e2fdbc]
at java.net.SocketInputStream.socketRead(Native Method)
at java.net.SocketInputStream.read(SocketInputStream.java:86)
at java.io.BufferedInputStream.fill(BufferedInputStream.java:186)
at java.io.BufferedInputStream.read(BufferedInputStream.java:204)
- locked <3281d98> (a java.io.BufferedInputStream)
at netscape.ldap.ber.stream.BERElement.getElement(BERElement.java:101)
at netscape.ldap.LDAPConnThread.run(LDAPConnThread.java:420)
where “localhost:389” is the server name and port of your LDAP
server. This means that your Authenticator has been set up correctly.
XIV. Now you can delete your default authenticator. Open the WebLogic console and
go to security->realms->myrealm->providers->AuthenticationProviders in the left
frame, and click
XV. In the right frame, look for DefaultAuthenticator and click on the trash can to
the far right. Say “Yes” when it asks if you are sure, then click Continue.
XVI. Restart the WebLogic server. If the server boots correctly, you’re done.
Everything is working correctly.
Please note that the "default authenticator" refers to the embedded LDAP server that
ships with WebLogic.
Hope this helps.
Joe Jerry
Yos wrote:
How can i config WLS7 and iPlanet LDAP?
failed during initialization. Exception:java.lang.SecurityException: Authenticat
ion for user weblogic denied
java.lang.SecurityException: Authentication for user weblogic denied
at weblogic.security.service.SecurityServiceManager.doBootAuthorization(
SecurityServiceManager.java:978)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityS
erviceManager.java:1116)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:703)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:588)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:276)
at weblogic.Server.main(Server.java:31)
> -
LDAP configuration - An internal error has occurred in the secLdap plug-in
Hi,
I am trying to configure my BOE to a LDAP (Microsoft Active Directory Application).
After completing all the configuration steps, I get the following error:
"An internal error has occurred in the secLdap plug-in"
I chose "No SSL" and "No SSO" and used all the default values in the "Please configure how new LDAP users and aliases are created by BusinessObjects Enterprise" screen.
Can someone assist?
-DoronHi,
I'm having the same type of problem as Doran authenticating against LDAP.
The LDAP configuration is syntactically clean, not sure whether it is correct though.
Adding LDAP groups failed miserably for all listed entries, see below in Config Parms:
Configuring without LDAP groups fails with the Login Error,
Login Error Message: Account Information Not Recognized: LDAP Authentication could not log you on.
Please make sure your logon information is correct.
If your account is under any root other than dc=lgc,dc=com you must enter your dn.
(FWM 00007)
The DN for my local account,
uid=hb37406,ou=people,o=hou,dc=lgc,dc=com
Crystal Report Server 2008 authenticated against an Sun iPlanet LDAP Server.
Build Date: 2008/09/13:08:31:32
Build Number: 882
Product Version: 12.1.0.882
Config Parms:
LDAP Host:hourdldap01.lgc.com:389,ldap.corp.halliburton.com:389
LDAP Server Type: Sun Directory Server
Base LDAP Distinguished Name: dc=lgc,dc=com
ou=people,o=hou,dc=lgc,dc=com
LDAP Referral Credentials:cn=cmldap,dc=lgc,dc=com;
Password:xxxxxxxx
Number of Hops: 1
SSL authentication:Basic
LDAP single sign-on authentication:Basic
Configure new LDAP users:
Assign each added LDAP alias to an account
Creae new aliases only when user logs on
New users are created as concurrent users
Mapped LDAP Member Groups
Add LDAP group (by cn or dn)
LDAP search on local account **
uid=hb37406,ou=people,o=hou,dc=lgc,dc=com
cn=dev
cn=dev,ou=group,o=hou,dc=lgc,dc=com
ou=people,o=hou,dc=lgc,dc=com
ou=people,dc=lgc,dc=com
o=hou,dc=lgc,dc=com
dc=lgc,dc=com
dc=lgc.com
lgc.com
ou=HalUsers,dc=corp,dc=halliburton,dc=com
ou=people,dc=corp,dc=halliburton,dc=com
dc=halliburton,dc=com
LDAP configuration Error: The secLdap plugin failed to get the dn for the group xxx. -
I'm having iPlanet LDAP problems too! Can someone give this admin a hand?
I've created the iPlanet Authenticator in my existing "myrealm" and have configured
everything. Now when I startup my Weblogic 7, I don't see anything related to
the initialization of the external iplanet LDAP directory server. Can someone
help? I just see one thing,
####<Oct 16, 2003 5:39:05 PM PDT> <Info> <Security> <serverr> <myadmin_svr> <Execut
eThread: '1' for queue: '__weblogic_admin_html_queue'> <kernel identity> <> <0905
16> <The Authenticator provider has preexisting LDAP data.>
What are my next steps to make WLS 7.0 to iplanet directory a reality?"VetteMan" <[email protected]> wrote:
>
"Kai" <[email protected]> wrote:
Hi,
Check if you can see users and groups from the directory server in the
console.
Kai
"VetteMan" <[email protected]> wrote:
I've created the iPlanet Authenticator in my existing "myrealm" andhave
configured
everything. Now when I startup my Weblogic 7, I don't see anything
related
to
the initialization of the external iplanet LDAP directory server. Can
someone
help? I just see one thing,
####<Oct 16, 2003 5:39:05 PM PDT> <Info> <Security> <serverr> <myadmin_svr>
<Execut
eThread: '1' for queue: '__weblogic_admin_html_queue'> <kernel identity>
<> <0905
16> <The Authenticator provider has preexisting LDAP data.>
What are my next steps to make WLS 7.0 to iplanet directory a reality?Kai, should I be able to go to the "Users" for that realm and seach the
LDAP server?
Didn't think that was possible. If I had multiple authentication providers,
how
would WL know which provider to use?
Also, I looked at my config.xml and it doesn't seem to have the changes....should
it be in there?
thanks,
mr. C5
Hi,
The users page lists all users and provides in an additional column the source
(auth.prov.) from where the user has been sourced. If you don't see the users
from the LDAP directory it's not working properly. There is also a bug where the
users page is not loading if the number of users is too big. I'm working with
8 at the moment, but it should be the same with 7. The authentication provider
configuration of the default provider by BEA are stored in the internal LDAP.
Kai -
WebLogic 6.1 and iPlanet LDAP v5
Per a proof of concept, I am having trouble getting WL6.1 to see
group members as defined in iPlanet LDAP. I can see the groups,
but modifies to create groups only create them in the local DB.
Created users also only get placed in the local DB. I can bind
for searches as Directory Manager via ldapsearch and run queries,
and the DS gateway works fine. I can dump the LDIF file and the
entries look fine.
I copied and modified the template for the Netscape server and
have the realm setup per the GUI.
For sanity, everything is very generic as:
the Root DN is "o=test.org"
and my "Configuration" part from the config.xml looks like:
server.authprotocol=simple;
server.host=localhost;
membership.filter=(&(uniquemember=%M)(objectclass=groupofuniquenames));
server.port=390;
group.dn=o=test.org;
group.filter=(&(cn=%g)(objectclass=groupofuniquenames));
server.principal=cn=Directory Manager;
user.dn=o=test.org;
server.groupiscontext=false;
user.filter=(&(uid=%u))
I added the "authprotocol" as a guess. Note that the server is
running on port 390, this is not a typo.
Any ideas what is going wrong?hi,
there are two versions of ldap supported in wls6.1 , ldapv1 and ldavp2
ldap v1 only has the functionality of listing groups.
but where ldapv2 doesn't have that functionality,
by looking at your config , it seems you are using ldap v2..
if u need that functionality u can use ldapv1.
thanks
kiran
"Bert Cliche" <[email protected]> wrote in message
news:[email protected]..
Per a proof of concept, I am having trouble getting WL6.1 to see
group members as defined in iPlanet LDAP. I can see the groups,
but modifies to create groups only create them in the local DB.
Created users also only get placed in the local DB. I can bind
for searches as Directory Manager via ldapsearch and run queries,
and the DS gateway works fine. I can dump the LDIF file and the
entries look fine.
I copied and modified the template for the Netscape server and
have the realm setup per the GUI.
For sanity, everything is very generic as:
the Root DN is "o=test.org"
and my "Configuration" part from the config.xml looks like:
server.authprotocol=simple;
server.host=localhost;
membership.filter=(&(uniquemember=%M)(objectclass=groupofuniquenames));
server.port=390;
group.dn=o=test.org;
group.filter=(&(cn=%g)(objectclass=groupofuniquenames));
server.principal=cn=Directory Manager;
user.dn=o=test.org;
server.groupiscontext=false;
user.filter=(&(uid=%u))
I added the "authprotocol" as a guess. Note that the server is
running on port 390, this is not a typo.
Any ideas what is going wrong? -
Hi,
Could I configure iPLanet LDAP as a security
provider? or I have only to use OID?
thanks
Ahmedi don't know about iPlanet but you could try:
Configuring External LDAP Providers:http://matrix.csustan.edu/docs/oracle/oas/web.1012/b14013/ldap3rdparty.htm -
I'm trying to connect to an Iplanet 4.1 from wls7, i configured it everything, but
I couldn't see groups or users...I read in older posts here that talk about the config.xml,
but there´s nothing in there, where wls save the info about ldap config?
besides..is necesary to setup below Providers all the items..or just the Authentication
providers?
I'm using Directory manager by principal.
people -> base dn=o=sunat.gob.pe, ou=People
groups -> base dn=o=sunat.gob.pe, ou=Groups
thanks by any help...Hi Amitabha,
I have faced the same problem some time back. Weblogic keeps it security information
under
"%BEA_HOME%\user_projects\zionsbank\userConfig\Security" directory. You must must
have known the time you created the new realm, remove all the folders under security/
created at that time. You configuration will be restored back to the one you had
before creating the new realm.
Hope it will work.
Amir
"Amitabha Mitra" <[email protected]> wrote:
>
Hi,
We have created a new realm with the provider as the iplanet LDAP. There
was no
problem creating the realm. We have set this realm as the default realm
for the
domain. But when we start up the server(with userid and password as weblogic
the default administrator uid/pwd with which it was working fine before
changing
the default realm) is now giving the following error :
java.lang.SecurityException: Authentication for user weblogic denied
at weblogic.security.service.SecurityServiceManager.doBootAuthorization(SecurityServiceManager.java:978)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:1116)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:703)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:588)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:276)
at weblogic.Server.main(Server.java:31)
The server is thus not starting up.
We tried with creating a user called 'weblogic' under a group called
'Administrators'
in the iPlanet LDAP but it is giving the same error.
Is there any other configuration that needs to be done ?
Is the Administrator,developer and application level security controlled
from
the same place.
Rgds,
Amitabha -
Problem with LDAP configuration in Enterprise Manager
Hi all,
I'm new at Java CAPS. After install some pieces of Java CAPS now I'm trying to install and configure a Sun Java System Directory Server 5.2 in our environment.
I've already configured the Repository and the Logical Host to work with the ldap, but I have some troubles to do it with the Enterprise Manager.
I followed the instructions of the Administrator guide about the changes to do in web.xml and ldap.properties of the sentinel app but when I do login the Enterprise Manager I can't see the options of the tree to manage servers or users.
It seems that the app don't recover the user roles. I think so becouse I tried to create one user without roles (in normal authentication, without ldap configured) and when I did login in the result was the same.
At the beginning of the process I created the roles 'all', 'administration' and 'management'. However I tried to copy de roles of the Tomcat authentication from 'tomcat-users.xml' to ldap roles, but it doesn't work.
Anyone could help me?
Thanks in advance, and sorry for my rudimentary EnglishCheck that you have the correct Preferred Credentials with Logon as batch job if this is windows. Also check the correct configuration with regards LDAP integration for you platform.
-
LDAP configuration using AD in EP complete details steps
Hi gurus,
Can anybody provide me complete details
step to configur UME and LDAP configuration
THanks
HappyHi,
Below is the configuration for UME-LDAP. In configtool you have to do this configuration.
ume.ldap.access.server_name : <servername>
ume.ldap.access.server_port : <enter the port>
ume.ldap.access.user : <user>
ume.ldap.access.password : <password>
ume.ldap.access.base_path.user :
Ume.ldap.access.base_path.grup :
Refer the link for more info on LDAP configuration.
http://help.sap.com/saphelp_nw70/helpdata/en/63/14f5b51a6eff429f2d8b2063400e82/frameset.htm
Thanks
R.Murali -
Embedded LDAP configuration in Portal
Hi,
I am currently working on WL10.1MP1, and need to know the probable files involved in Embedded LDAP Configuration in the domain.
Can anyone let me know.
Regards
LakshmiHi Lakshmi,
Default configurations are part of config.xml, security.xml and ldif files in security folder and files in data/LDAP folder in Admin Server.
Vishnu -
OBIEE Start/Stop Services failed(After LDAP Configuration)
Hi ,
We made some changes(that is we have added new OID
and configured the new OID based upon the Oracle BI security guide which is in Oracle Site
) to the LDAP configuration in OBIEE web console and it prompted for a restart of the OBIEE services . when we tried restarting the services we are not able to stop all the services . Please find the attached log files .
Note:
1.unable to kill the process ID
which is releated to OBIEE 11.1.1.6.0 services..
2.We have follwed the section 3 in the below link to configure the LDAP : http://docs.oracle.com/cd/E23943_01/bi.1111/e10543/toc.htm.
Please find the below error details in short form and kindly find the attahced file(file name) for more details
Error:
Caused By: oracle.security.jps.service.igf.IGFException: JPS-02597: You configured a custom Authentication Provider or WLS generic LDAPAuthenticator, which the libOvd can not recognize. Supply the idstore.type property in jps-config.xml file, or use a specific WLS LDAP Authentication provider that matches your LDAP server instead of a generic one.
at oracle.security.jps.internal.api.identitystore.IdentityStoreConfigurationUtil.checkIdStoreTypeLater(IdentityStoreConfigurationUtil.java:819)
at oracle.security.jps.internal.api.identitystore.IdentityStoreConfigurationUtil.getLibOvdLdapPushData(IdentityStoreConfigurationUtil.java:524)
at oracle.security.jps.internal.igf.ovd.OvdIGFServiceProvider$1.run(OvdIGFServiceProvider.java:232)
at oracle.security.jps.internal.igf.ovd.OvdIGFServiceProvider$1.run(OvdIGFServiceProvider.java:229)
at java.security.AccessController.doPrivileged(Native Method)
Truncated. see log file for complete stacktrace
>
<Jan 29, 2013 6:39:05 AM CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED>
<Jan 29, 2013 6:39:05 AM CST> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down>
<Jan 29, 2013 6:39:05 AM CST> <Notice> <WebLogicServer> <BEA-000365> <Server state cha
Error Codes
Problem Category/Subcategory
BI EE Platform Administration/Administration Tool
Uploaded Files
File: nohup.zip:134848
Template Question Responses
1) ### Admin Tool version ###
2) Are you running Oracle Business Intelligence Enterprise Edition using virtualization or partitioning technologies (for example, VMWare) ?
No
3) If yes, please provide the product used and its version.
4) ### Documentation Used ###
5) ### Impact on Business ###
Edited by: 919942 on Jan 31, 2013 5:10 AM"JPS-02597: You configured a custom Authentication Provider or WLS generic LDAPAuthenticator, which the libOvd can not recognize. Supply the idstore.type property in jps-config.xml file, or use a specific WLS LDAP Authentication provider that matches your LDAP server instead of a generic one."
Looks like the config you entered was a tad off. Any chance you can roll back by restoring the original files from before the change?
$FMWH/user_projects/domains/yourdomain/config/config.xml
$FMWH/user_projects/domains/yourdomain/config/fmwconfig/jps-config.xml
In the config.xml, inside the <realm> tag yo ushould find your authenticaiton providers and there's two important things for your new one to check:
1.) xsi-type="wls:..." <-- This should be your OID type rather than a generic (or wrong) one
2.) If you're not 100% sure about the config or don't want to immediately shut out native WLS users or want to retain them (both OID and WLS LDAP considered valid), then PLEASE make sure that you run your new authenticator with <sec:control-flag>SUFFICIENT</sec:control-flag> and don't make it REQUIRED since otherwise you won't be able to bring anything up anymore if a single parameter in the authenticator config is off...
Also, check out what Tony wrote together a while back: http://www.peakindicators.com/index.php/knowledge-base/115-oracle-bi-11g-security-troubleshooting
Update:
Should have read the error message more carefully...looks like you actually just slipped by one line in the authenticator config and chose "OracleVirtualDirectory" instead of "OracleInternetDirectory" since it tries to use the libOvd rather than the OID one.
Edited by: Christian Berg on Jan 31, 2013 2:58 PM
Maybe you are looking for
-
How to specify a policy file in a WS client (AXIS2)
I am trying to access a dot net web service and i want to make use of the policy file they gave me. i read that AXIS2 supports WS-Policy in the client side but i still can not figure out how to tell the client to use the file. I searched thouroghly f
-
Computer won't go into "Start-Up Manager" mode
This regards my iMac, 21" model 1.25gHz PPC G4, 2 GbRAM, 160GB HD. OSX 10.4.11 I have several Macs, and have been using CCC for years to make bootable clones on fire wire external hard drives. For some weird reason, now this machine will not go into
-
Double sided printing, back page is inverted
I am trying to print a PDF document on Adobe Reader 9 using my printer which defaults to 2-sided printing. Using landscape mode I cannot find any way of stopping the second page from being "upside-down". It is as if it expected me to flip the pages
-
Problem while using v$parameter in a package
Hi. I have to get some data from the v$parameter view inside a package but when I compile it, it throws me the error "PL/SQL: ORA-00942: table or view does not exist". However, the schema owner of the pacckage has privileges over that view because wh
-
How to create sales employee without HR module
Dear Experts IMGSDMASTER DATABUSINESS PARTNER-USE SALES EMPLOYEE WITHOUT HR 2. Define PErsonnel area (usually locations) 3. Define PErsonnel Subarea (bifurcations within loctions, may not exist but recommended to be maintained) 4. Define Employee Gro