[02/12/08 15:31:40:606 GMT] 00000027 Servlet E com.ibm.wps.engine.Servlet init EJPFD0016E: Initialization of service failed.
com.ibm.wps.ac.DomainAdministratorNotFoundException: EJPSB0107E: Exception occurred while retrieving the identity of the domain admin user/admingroup cn=wpsadmins.
at com.ibm.wps.ac.impl.AccessControlDataManagementServiceImpl.convertDNtoObjectID(AccessControlDataManagementServiceImpl.java:987)
at com.ibm.wps.ac.impl.AccessControlDataManagementServiceImpl.access$000(AccessControlDataManagementServiceImpl.java:74)
at com.ibm.wps.ac.impl.AccessControlDataManagementServiceImpl$1.run(AccessControlDataManagementServiceImpl.java:890)
at com.ibm.wps.um.PumaEngineHelper.runUnrestricted(PumaEngineHelper.java:1185)
at com.ibm.wps.um.PumaEnvironmentImpl.runUnrestricted(PumaEnvironmentImpl.java:141)
at com.ibm.wps.services.puma.PumaServiceImpl.executeWithoutACChecks(PumaServiceImpl.java:2495)
at com.ibm.wps.services.puma.Puma.executeWithoutACChecks(Puma.java:989)
at com.ibm.wps.ac.impl.AccessControlDataManagementServiceImpl.initializeDomainConfig(AccessControlDataManagementServiceImpl.java:897)
at com.ibm.wps.ac.impl.AccessControlDataManagementServiceImpl.reinit(AccessControlDataManagementServiceImpl.java:804)
at com.ibm.wps.ac.impl.AccessControlDataManagementServiceImpl.init(AccessControlDataManagementServiceImpl.java:449)
at com.ibm.wps.services.ServiceManager.createService(ServiceManager.java:391)
at com.ibm.wps.services.ServiceManager.initInternal(ServiceManager.java:285)
at com.ibm.wps.services.ServiceManager.init(ServiceManager.java:179)
at com.ibm.wps.services.ServiceManager.init(ServiceManager.java:114)
at com.ibm.wps.engine.Servlet.init(Servlet.java:239)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.init(ServletWrapper.java:192)
at com.ibm.ws.wswebcontainer.servlet.ServletWrapper.init(ServletWrapper.java:319)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.initialize(ServletWrapper.java:1221)
at com.ibm.ws.wswebcontainer.servlet.ServletWrapper.initialize(ServletWrapper.java:152)
at com.ibm.wsspi.webcontainer.extension.WebExtensionProcessor.createServletWrapper(WebExtensionProcessor.java:99)
at com.ibm.ws.webcontainer.webapp.WebApp.getServletWrapper(WebApp.java:831)
at com.ibm.ws.webcontainer.webapp.WebApp.initializeTargetMappings(WebApp.java:486)
at com.ibm.ws.webcontainer.webapp.WebApp.commonInitializationFinish(WebApp.java:323)
at com.ibm.ws.wswebcontainer.webapp.WebApp.initialize(WebApp.java:290)
at com.ibm.ws.wswebcontainer.webapp.WebGroup.addWebApplication(WebGroup.java:92)
at com.ibm.ws.wswebcontainer.VirtualHost.addWebApplication(VirtualHost.java:157)
at com.ibm.ws.wswebcontainer.WebContainer.addWebApp(WebContainer.java:665)
at com.ibm.ws.wswebcontainer.WebContainer.addWebApplication(WebContainer.java:618)
at com.ibm.ws.webcontainer.component.WebContainerImpl.install(WebContainerImpl.java:335)
at com.ibm.ws.webcontainer.component.WebContainerImpl.start(WebContainerImpl.java:551)
at com.ibm.ws.runtime.component.ApplicationMgrImpl.start(ApplicationMgrImpl.java:1303)
at com.ibm.ws.runtime.component.DeployedApplicationImpl.fireDeployedObjectStart(DeployedApplicationImpl.java:1138)
at com.ibm.ws.runtime.component.DeployedModuleImpl.start(DeployedModuleImpl.java:569)
at com.ibm.ws.runtime.component.DeployedApplicationImpl.start(DeployedApplicationImpl.java:817)
at com.ibm.ws.runtime.component.ApplicationMgrImpl.startApplication(ApplicationMgrImpl.java:949)
at com.ibm.ws.runtime.component.ApplicationMgrImpl$AppInitializer.run(ApplicationMgrImpl.java:2122)
at com.ibm.wsspi.runtime.component.WsComponentImpl$_AsynchInitializer.run(WsComponentImpl.java:342)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1473)
Caused by: com.ibm.portal.puma.MemberNotFoundException: EJPSG0002E: Requested Member does not exist.cn=wpsadmins
at com.ibm.wps.services.puma.PumaServiceImpl.findGroupById(PumaServiceImpl.java:404)
at com.ibm.wps.services.puma.Puma.findGroupById(Puma.java:404)
at com.ibm.wps.ac.impl.AccessControlDataManagementServiceImpl.convertDNtoObjectID(AccessControlDataManagementServiceImpl.java:967)
... 37 more
Caused by: com.ibm.wps.um.exceptions.impl.MemberNotFoundExceptionImpl: com.ibm.portal.puma.MemberNotFoundException: EJPSG0002E: Requested Member does not exist.cn=wpsadmins/null
at com.ibm.wps.um.PumaEngineHelper.reload(PumaEngineHelper.java:798)
at com.ibm.wps.um.PumaEngineHelper.loadWithBaseAttributes(PumaEngineHelper.java:684)
at com.ibm.wps.um.PumaLocatorImpl.findGroupByIdentifier(PumaLocatorImpl.java:368)
at com.ibm.wps.services.puma.PumaServiceImpl$3.run(PumaServiceImpl.java:394)
at com.ibm.wps.services.puma.PumaServiceImpl$3.run(PumaServiceImpl.java:392)
at com.ibm.wps.um.PumaEngineHelper.runWithoutPAC(PumaEngineHelper.java:1222)
at com.ibm.wps.services.puma.PumaServiceImpl.executeWithoutPAC(PumaServiceImpl.java:2508)
at com.ibm.wps.services.puma.PumaServiceImpl.findGroupById(PumaServiceImpl.java:390)
... 39 more
Caused by: com.ibm.portal.puma.MemberNotFoundException: EJPSG0002E: Requested Member does not exist.cn=wpsadmins/null
... 47 more
and...
02/12/08 15:32:23:823 GMT] 00000046 LdapRegistryI E SECJ0361E: Authentication failed for portaladmin because user is not found in the registry.
[02/12/08 15:32:23:843 GMT] 00000046 ServiceLogger I com.ibm.ws.ffdc.IncidentStreamImpl initialize FFDC0009I: FFDC opened incident stream file F:\IBM\WebSphere\wp_profile\logs\ffdc\WebSphere_Portal_00000046_08.12.02_15.32.23_0.txt
[02/12/08 15:32:23:963 GMT] 00000046 ServiceLogger I com.ibm.ws.ffdc.IncidentStreamImpl resetIncidentStream FFDC0010I: FFDC closed incident stream file F:\IBM\WebSphere\wp_profile\logs\ffdc\WebSphere_Portal_00000046_08.12.02_15.32.23_0.txt
[02/12/08 15:32:23:963 GMT] 00000046 LdapRegistryI E SECJ0336E: Authentication failed for user portaladmin because of the following exception com.ibm.websphere.security.PasswordCheckFailedException: No user portaladmin found
[02/12/08 15:32:24:113 GMT] 00000027 ApplicationMg A WSVR0221I: Application started: Live_Object_Framework
[02/12/08 15:32:24:143 GMT] 00000046 ServiceLogger I com.ibm.ws.ffdc.IncidentStreamImpl open FFDC0009I: FFDC opened incident stream file F:\IBM\WebSphere\wp_profile\logs\ffdc\WebSphere_Portal_00000046_08.12.02_15.32.24_0.txt
[02/12/08 15:32:24:183 GMT] 00000046 ServiceLogger I com.ibm.ws.ffdc.IncidentStreamImpl resetIncidentStream FFDC0010I: FFDC closed incident stream file F:\IBM\WebSphere\wp_profile\logs\ffdc\WebSphere_Portal_00000046_08.12.02_15.32.24_0.txt
[02/12/08 15:32:24:193 GMT] 00000046 LTPAServerObj E SECJ0369E: Authentication failed when using LTPA. The exception is No user portaladmin found.
portaladmin is not configured anywhere as the admin user (its the local windows admin account used to install the software). The admin user is the default "wpsadmin" that has been created in the LDAP directory (member of wpsadmins group)
I have also seen some errors related to LDAP attribute configuration in configtrace:
[wplc-validate-ldap-attribute-config] found repository 1
[wplc-validate-ldap-attribute-config] Possible problems for PersonAccount:
[wplc-validate-ldap-attribute-config]
[wplc-validate-ldap-attribute-config] The following attribues are defined in Portal but not in LDAP - You should either flag them as unsupported or define an attribute mapping:
[wplc-validate-ldap-attribute-config] []
[wplc-validate-ldap-attribute-config]
[wplc-validate-ldap-attribute-config] The following attributes are flagged as required in LDAP but not in Portal - You should flag them as required in Portal, too:
[wplc-validate-ldap-attribute-config] [sn]
[wplc-validate-ldap-attribute-config]
[wplc-validate-ldap-attribute-config] FYI: The following attributes have a diffenrent type in Portal and in LDAP - No action is required:
[wplc-validate-ldap-attribute-config] jpegPhoto: Base64Binary 1.3.6.1.4.1.1466.115.121.1.28
[wplc-validate-ldap-attribute-config] homePostalAddress: String 1.3.6.1.4.1.1466.115.121.1.41
[wplc-validate-ldap-attribute-config] facsimileTelephoneNumber: String 1.3.6.1.4.1.1466.115.121.1.22
[wplc-validate-ldap-attribute-config] postalAddress: String 1.3.6.1.4.1.1466.115.121.1.41
[wplc-validate-ldap-attribute-config] Possible problems for Group:
[wplc-validate-ldap-attribute-config]
[wplc-validate-ldap-attribute-config] The following attribues are defined in Portal but not in LDAP - You should either flag them as unsupported or define an attribute mapping:
[wplc-validate-ldap-attribute-config] [displayName, cn]
[wplc-validate-ldap-attribute-config]
[wplc-validate-ldap-attribute-config] The following attributes are flagged as required in LDAP but not in Portal - You should flag them as required in Portal, too:
[wplc-validate-ldap-attribute-config] []
[wplc-validate-ldap-attribute-config]
[wplc-validate-ldap-attribute-config] FYI: The following attributes have a diffenrent type in Portal and in LDAP - No action is required:
[wplc-validate-ldap-attribute-config] Status = Complete
Target finished: wp-validate-standalone-ldap-attribute-config
I have set
user.attributes.required=sn
in wkplc.properties
and wp-validate-standalone-ldap-attribute-config returns
user.attributes.required=sn
and I already created mappings for displayName and cn:
[wplc-modify-ldap-attribute-config] UpdateAttMapping ibm-primaryEmail to mail in 1.
[wplc-modify-ldap-attribute-config] UpdateAttMapping ibm-jobTitle to title in 1.
[wplc-modify-ldap-attribute-config] UpdateAttMapping stateOrProvinceName to st in 1.
[wplc-modify-ldap-attribute-config] UpdateAttMapping countryName to c in 1.
[wplc-modify-ldap-attribute-config] UpdateAttMapping localityName to l in 1.
[wplc-modify-ldap-attribute-config] UpdateAttMapping street to OfficeStreetAddress in 1.
[wplc-modify-ldap-attribute-config] UpdateAttMapping employeeNumber to EmployeeID in 1.
[wplc-modify-ldap-attribute-config] UpdateAttMapping roomNumber to physicalDeliveryOfficeName in 1.
[wplc-modify-ldap-attribute-config] UpdateAttMapping departmentNumber to Department in 1.
[wplc-modify-ldap-attribute-config] UpdateAttMapping o to o in 1.
[wplc-modify-ldap-attribute-config] UpdateAttMapping preferredLanguage to preferredLanguage in 1.
[wplc-modify-ldap-attribute-config] UpdateAttMapping labeledURI to url in 1.
[wplc-modify-ldap-attribute-config] UpdateAttMapping ibm-personalTitle to personalTitle in 1.
[wplc-modify-ldap-attribute-config] UpdateAttMapping sn to sn in 1.
[wplc-modify-ldap-attribute-config] UpdateAttMapping displayName to displayName in 1.
[wplc-modify-ldap-attribute-config] UpdateAttMapping cn to cn in 1.
so the configtrace messages don't make much sense. As I have already configured all the things this script is telling me to do, some of which have taken effect, I don't know what to try next. Has anyone seen this issue(s) before and know how to resolve?
Is the bind user in ACL as Editor or above? Did you enter the bind user as full DN when configuring security? Did you give a baseDN in wkplc.properties?
-FF
The postings on this site are my own and do not necessarily represent the positions, strategies or opinions of IBM.
The bind user was entered into wkplc.properties as:
standalone.ldap.bindDN=cn=wpsbind,o=
BaseDN is null as specified in the documentation for Domino LDAP.
Thanks for your help
[04/12/08 14:23:08:291 GMT] 00000025 exception E com.ibm.websphere.wim.security.authz.AccessException CWWIM2008E The principal 'AnonymousUser' is not authorized to perform the operation
'GET PersonAccount' on 'CN=wpsadmin,O=btshowcase'
[04/12/08 14:23:08:461 GMT] 00000025 exception E com.ibm.websphere.wim.security.authz.AccessException
com.ibm.websphere.wim.security.authz.AccessException: CWWIM2008E The principal 'AnonymousUser' is not authorized to perform the operation
'GET PersonAccount' on 'CN=wpsadmin,O=btshowcase'
at com.ibm.ws.wim.security.authz.ProfileSecurityManager.checkAccessResult(ProfileSecurityManager.java:1161)
1. Re-install Windows 2003 Server standard SP1
2. Re-install WS Portal Express 6.1.0.0
3. Install Windows 2003 Server SP2
4. Install WAS FP19
5. Install WS Portal Express FP 6.1.0.1
6. Run the LDAP config wizard GUI
A long process but the Domino LDAP bug in 6.1.0.0 seems to have been fixed as per the release notes for 6.1.0.1.