Re: failed to enable ldap security in WebSphere portal6.0
karan...@in.ibm.com
WebSphere Portal version is 6.0.1.3
karan...@in.ibm.com
I am enabling LDAP Security in WebSphere Portal V6.1.0.3 ( installed as managed node on top of WAS 6.0.2.25 )
Error message I see in systemout.log file :
[5/13/09 2:05:33:142 EDT] 00000021 CacheServiceI I DYNA1001I: WebSphere Dynamic Cache instance named ws/com.ibm.wps.ac.ApplicationRoleOIDCache initialized successfully.
[5/13/09 2:05:33:169 EDT] 00000021 CacheServiceI I DYNA1001I: WebSphere Dynamic Cache instance named ws/com.ibm.wps.ac.ApplicationRoleDescriptorCache initialized successfully.
[5/13/09 2:05:33:189 EDT] 00000021 CacheServiceI I DYNA1001I: WebSphere Dynamic Cache instance named ws/com.ibm.wps.ac.ApplicationRolesForPrincipalCache initialized successfully.
[5/13/09 2:05:33:205 EDT] 00000021 CacheServiceI I DYNA1001I: WebSphere Dynamic Cache instance named ws/com.ibm.wps.ac.ApplicationRoleChildrenCache initialized successfully.
[5/13/09 2:05:33:229 EDT] 00000021 CacheServiceI I DYNA1001I: WebSphere Dynamic Cache instance named ws/com.ibm.wps.ac.ContainedRolesCache initialized successfully.
[5/13/09 2:05:33:800 EDT] 00000021 Servlet E com.ibm.wps.engine.Servlet init EJPFD0016E: Initialization of service failed.
com.ibm.wps.ac.DomainAdministratorNotFoundException: EJPSB0107E: Exception occurred while retrieving the identity of the domain adminuser/admingroup uid=wpsadmin,o=Default Organization.
at com.ibm.wps.ac.impl.AccessControlDataManagementServiceImpl.convertDNtoObjectID(AccessControlDataManagementServiceImpl.java:1035)
at com.ibm.wps.ac.impl.AccessControlDataManagementServiceImpl.access$000(AccessControlDataManagementServiceImpl.java:76)
at com.ibm.wps.ac.impl.AccessControlDataManagementServiceImpl$1.run(AccessControlDataManagementServiceImpl.java:876)
at com.ibm.wps.services.puma.PumaServiceImpl.executeWithoutACChecks(PumaServiceImpl.java:1951)
at com.ibm.wps.services.puma.Puma.executeWithoutACChecks(Puma.java:989)
at com.ibm.wps.ac.impl.AccessControlDataManagementServiceImpl.initializeDomainConfig(AccessControlDataManagementServiceImpl.java:885)
at com.ibm.wps.ac.impl.AccessControlDataManagementServiceImpl.reinit(AccessControlDataManagementServiceImpl.java:792)
at com.ibm.wps.ac.impl.AccessControlDataManagementServiceImpl.init(AccessControlDataManagementServiceImpl.java:439)
at com.ibm.wps.services.ServiceManager.createService(ServiceManager.java:400)
at com.ibm.wps.services.ServiceManager.initInternal(ServiceManager.java:307)
at com.ibm.wps.services.ServiceManager.init(ServiceManager.java:194)
at com.ibm.wps.services.ServiceManager.init(ServiceManager.java:123)
at com.ibm.wps.engine.Servlet.init(Servlet.java:231)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.init(ServletWrapper.java:311)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.initialize(ServletWrapper.java:1709)
at com.ibm.wsspi.webcontainer.extension.WebExtensionProcessor.createServletWrapper(WebExtensionProcessor.java:141)
at com.ibm.ws.webcontainer.webapp.WebApp.getServletWrapper(WebApp.java:852)
at com.ibm.ws.webcontainer.webapp.WebApp.initializeTargetMappings(WebApp.java:579)
at com.ibm.ws.webcontainer.webapp.WebApp.initialize(WebApp.java:451)
at com.ibm.ws.webcontainer.webapp.WebGroup.addWebApplication(WebGroup.java:123)
at com.ibm.ws.webcontainer.VirtualHost.addWebApplication(VirtualHost.java:146)
at com.ibm.ws.webcontainer.WebContainer.addWebApp(WebContainer.java:940)
at com.ibm.ws.webcontainer.WebContainer.addWebApplication(WebContainer.java:893)
at com.ibm.ws.runtime.component.WebContainerImpl.install(WebContainerImpl.java:167)
at com.ibm.ws.runtime.component.WebContainerImpl.start(WebContainerImpl.java:391)
at com.ibm.ws.runtime.component.ApplicationMgrImpl.start(ApplicationMgrImpl.java:1257)
at com.ibm.ws.runtime.component.DeployedApplicationImpl.fireDeployedObjectStart(DeployedApplicationImpl.java:1076)
at com.ibm.ws.runtime.component.DeployedModuleImpl.start(DeployedModuleImpl.java:547)
at com.ibm.ws.runtime.component.DeployedApplicationImpl.start(DeployedApplicationImpl.java:754)
at com.ibm.ws.runtime.component.ApplicationMgrImpl.startApplication(ApplicationMgrImpl.java:914)
at com.ibm.ws.runtime.component.ApplicationMgrImpl$AppInitializer.run(ApplicationMgrImpl.java:2066)
at com.ibm.ws.runtime.component.ComponentImpl$_AsynchInitializer.run(ComponentImpl.java:304)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java(Compiled Code))
Caused by: com.ibm.wps.util.DataBackendException: EJPSG0015E: Data Backend Problem com.ibm.websphere.wmm.exception.OperationNotSupportedException: Operation "READ" is not supported for member type "Unknown".
at com.ibm.wps.services.puma.DefaultURManager.findUserById(DefaultURManager.java:305)
at com.ibm.wps.services.puma.PumaServiceImpl.findUserById(PumaServiceImpl.java:466)
at com.ibm.wps.services.puma.Puma.findUserById(Puma.java:91)
at com.ibm.wps.ac.impl.AccessControlDataManagementServiceImpl.convertDNtoObjectID(AccessControlDataManagementServiceImpl.java:951)
... 32 more
Caused by: com.ibm.websphere.wmm.exception.OperationNotSupportedException: Operation "READ" is not supported for member type "Unknown".
at com.ibm.ws.wmm.MemberRepositoryManager.getMember(MemberRepositoryManager.java:3304)
at com.ibm.ws.wmm.MemberRepositoryManager.getMember(MemberRepositoryManager.java:3194)
at com.ibm.ws.wmm.objectimpl.MemberServiceBeanBase.getMember(MemberServiceBeanBase.java:583)
at com.ibm.websphere.wmm.objects.EJSRemoteStatelessMemberService_14d751a3.getMember(Unknown Source)
at com.ibm.websphere.wmm.objects._MemberService_Stub.getMember(_MemberService_Stub.java:855)
at com.ibm.wps.services.puma.SystemWMMAccessBean$31.run(SystemWMMAccessBean.java:730)
at com.ibm.ws.security.auth.distContextManagerImpl.runAs(distContextManagerImpl.java:2721)
at com.ibm.ws.security.auth.distContextManagerImpl.runAsSystem(distContextManagerImpl.java:2601)
at com.ibm.wps.services.puma.SystemWMMAccessBean.getMember(SystemWMMAccessBean.java:736)
at com.ibm.wps.services.puma.DefaultURManager.findUserById(DefaultURManager.java:246)
... 35 more
[5/13/09 2:05:33:930 EDT] 00000021 WebExtensionP W Servlet portal is currently unavailable: Initialization of one or more services failed.
[5/13/09 2:05:33:952 EDT] 00000021 WebExtensionP E SRVE0026E: [Servlet Error]-[javax.servlet.UnavailableException: Initialization of one or more services failed.
at com.ibm.wps.engine.Servlet.init(Servlet.java:237)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.init(ServletWrapper.java:311)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.initialize(ServletWrapper.java:1709)
at com.ibm.wsspi.webcontainer.extension.WebExtensionProcessor.createServletWrapper(WebExtensionProcessor.java:141)
at com.ibm.ws.webcontainer.webapp.WebApp.getServletWrapper(WebApp.java:852)
at com.ibm.ws.webcontainer.webapp.WebApp.initializeTargetMappings(WebApp.java:579)
at com.ibm.ws.webcontainer.webapp.WebApp.initialize(WebApp.java:451)
at com.ibm.ws.webcontainer.webapp.WebGroup.addWebApplication(WebGroup.java:123)
at com.ibm.ws.webcontainer.VirtualHost.addWebApplication(VirtualHost.java:146)
at com.ibm.ws.webcontainer.WebContainer.addWebApp(WebContainer.java:940)
at com.ibm.ws.webcontainer.WebContainer.addWebApplication(WebContainer.java:893)
at com.ibm.ws.runtime.component.WebContainerImpl.install(WebContainerImpl.java:167)
at com.ibm.ws.runtime.component.WebContainerImpl.start(WebContainerImpl.java:391)
at com.ibm.ws.runtime.component.ApplicationMgrImpl.start(ApplicationMgrImpl.java:1257)
at com.ibm.ws.runtime.component.DeployedApplicationImpl.fireDeployedObjectStart(DeployedApplicationImpl.java:1076)
at com.ibm.ws.runtime.component.DeployedModuleImpl.start(DeployedModuleImpl.java:547)
at com.ibm.ws.runtime.component.DeployedApplicationImpl.start(DeployedApplicationImpl.java:754)
at com.ibm.ws.runtime.component.ApplicationMgrImpl.startApplication(ApplicationMgrImpl.java:914)
at com.ibm.ws.runtime.component.ApplicationMgrImpl$AppInitializer.run(ApplicationMgrImpl.java:2066)
at com.ibm.ws.runtime.component.ComponentImpl$_AsynchInitializer.run(ComponentImpl.java:304)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java(Compiled Code))
Caused by: com.ibm.wps.ac.DomainAdministratorNotFoundException: EJPSB0107E: Exception occurred while retrieving the identity of the domain adminuser/admingroup uid=wpsadmin,o=Default Organization.
at com.ibm.wps.ac.impl.AccessControlDataManagementServiceImpl.convertDNtoObjectID(AccessControlDataManagementServiceImpl.java:1035)
at com.ibm.wps.ac.impl.AccessControlDataManagementServiceImpl.access$000(AccessControlDataManagementServiceImpl.java:76)
at com.ibm.wps.ac.impl.AccessControlDataManagementServiceImpl$1.run(AccessControlDataManagementServiceImpl.java:876)
at com.ibm.wps.services.puma.PumaServiceImpl.executeWithoutACChecks(PumaServiceImpl.java:1951)
at com.ibm.wps.services.puma.Puma.executeWithoutACChecks(Puma.java:989)
at com.ibm.wps.ac.impl.AccessControlDataManagementServiceImpl.initializeDomainConfig(AccessControlDataManagementServiceImpl.java:885)
at com.ibm.wps.ac.impl.AccessControlDataManagementServiceImpl.reinit(AccessControlDataManagementServiceImpl.java:792)
at com.ibm.wps.ac.impl.AccessControlDataManagementServiceImpl.init(AccessControlDataManagementServiceImpl.java:439)
at com.ibm.wps.services.ServiceManager.createService(ServiceManager.java:400)
at com.ibm.wps.services.ServiceManager.initInternal(ServiceManager.java:307)
at com.ibm.wps.services.ServiceManager.init(ServiceManager.java:194)
at com.ibm.wps.services.ServiceManager.init(ServiceManager.java:123)
at com.ibm.wps.engine.Servlet.init(Servlet.java:231)
... 20 more
jwi...@us.ibm.com
http://www.ibm.com/support/docview.wss?rs=688&ca=portall2&uid=swg21259044
In 6.0.1.3 the 'Operation "READ" is not supported ...' may actually mean the member was not found, per:
http://www.ibm.com/support/docview.wss?rs=688&ca=portall2&uid=swg1PK67064
This technote addresses another very specific instance of this problem:
http://www.ibm.com/support/docview.wss?rs=688&ca=portall2&uid=swg21299729
Do the errors appear in SystemOut.log when you run the task to enable security or at startup, after security is enabled? How is security currently configured? What type of security are you trying to configure? Does ConfigTrace.log give any other details?
ff...@us.ibm.com
-FF
The postings on this site are my own and do not necessarily represent the positions, strategies or opinions of IBM.
vivek.b...@in.ibm.com
vivek.b...@in.ibm.com
Pandiaraj
Create wpsadmins group and wpsadmin user id in the LDAP and try it
again.
ff...@us.ibm.com
(&(mail=%v)(objectclass=ePerson)) is fine, since WAS would directly authenticate users with the LDAP.
For that MemberNotFoundException, it's because somewhere you still have the user with "o=default organization" configured. Do a file system search for the entire "WebSphere" directory and let us know where you see "o=default organization" user IDs.
vivek.b...@in.ibm.com
huntman25
/AppServer/profiles/Dmgr01/config/cells/etcsby05Cell01/nodes/etcsby05Node01/resources.xml:
and so on.
These should have been updated by the enable-security-ldap script. Could you please upload the ConfigTrace.log?
PortalServer/log/ConfigTrace.log
~HT
The postings on this site are my own and do not necessarily represent the positions, strategies, or opinions of IBM
vivek.b...@in.ibm.com
vivek.b...@in.ibm.com
vivek.b...@in.ibm.com
vivek.b...@in.ibm.com
ConfigTrace.log file is in the following Zip file.
http://rapidshare.com/files/233285577/ConfigTrace.zip
huntman25
The root issue is that these values appear to be properly updated on the DMGR, but were never synchronized:
============================
action-full-sync-nodes:
[logmsg] 2009.05.15 09:15:02.965 action-full-sync-nodes
[logmsg] EJPCA3100I: Configuration task "Re-Synchronize nodes with deployment manager" in progress
[wsadmin] WASX7209I: Connected to process "dmgr" on node etcsby05CellManager01 using SOAP connector; The type of process is: DeploymentManager
[wsadmin] WASX7303I: The following options are passed to the scripting environment and are available as argument that is stored in the argv variable: "[/usr/WebSphere/PortalServer]"
[wsadmin] -------------------------------------------------
[wsadmin] SyncronizedNodeNameList
[wsadmin] -------------------------------------------------
[wsadmin]
[wsadmin] Check
[wsadmin]
[wsadmin] Node: etcsby05CellManager01; Server: dmgr
[wsadmin] Found DEPLOYMENT_MANAGER
[wsadmin]
[wsadmin] Node: etcsby05Node01; Server: WebSphere_Portal
[wsadmin] Node: etcsby05Node01; Server: nodeagent
[wsadmin] Node: etcsby05Node01; Server: server1
[wsadmin] WARNING: Node etcsby05Node01 not synchronized
============================
Normally this means the nodeagent is down for the node. However we try to start the nodeagent shortly after this and see this:
============================
action-start-node-manager:
[logmsg] 2009.05.15 09:19:57.394 action-start-node-manager
[logmsg] EJPCA3100I: Configuration task "Start nodeagent on node etcsby05Node01" in progress
[exec] ADMU0116I: Tool information is being logged in file
[exec] /usr/WebSphere/AppServer/profiles/AppSrv01/logs/nodeagent/startServer.log
[exec] ADMU0128I: Starting tool with the AppSrv01 profile
[exec] ADMU3100I: Reading configuration for server: nodeagent
[exec] ADMU3028I: Conflict detected on port 8878. Likely causes: a) An instance of
[exec] the server nodeagent is already running b) some other process is
[exec] using port 8878
[exec] ADMU3027E: An instance of the server may already be running: nodeagent
[exec] ADMU0111E: Program exiting with error:
[exec] com.ibm.websphere.management.exception.AdminException: ADMU3027E: An
[exec] instance of the server may already be running: nodeagent
[exec] ADMU1211I: To obtain a full trace of the failure, use the -trace option.
[exec] ADMU0211I: Error details may be seen in the file:
[exec] /usr/WebSphere/AppServer/profiles/AppSrv01/logs/nodeagent/startServer.log
[exec] Result: 255
Target finished: action-start-node-manager
============================
This means that the nodeagent was already started. So, the logical conclusion here is that there is an issue with the nodeagent.
This is what I would recommend:
1. Try to synchronize the node manually. I am assuming this will fail due to an authorization problem. If it does, then manually copy the security.xml from your DMGR profile to your node profile. Restart the nodeagent and try to synchronize one more time.
2. Once synchronization is successful, restart the WebSphere_Portal server and see if you're able to login. Login SHOULD work now with your bluepages ID. If you are, then go to step 3.
3. Run the following WPSconfig script to finish the security task:
./WPSconfig.sh action-configure-content-security
4. once that is successful, restart the dmgr, nodeagents and portal servers.
5. Synchronize.
That should be it. Now there may be some underlying issue with the nodeagent but not sure yet. Let me know how those steps work out. If anything fails, let us know.
karan...@in.ibm.com
I tried all steps as you updated but when failed:
EJPXB0006I: Connecting to URL http://localhost:9081/wps/config/
EJPXB0002I: Reading input file /usr/WebSphere/PortalServer/config/work/ContentAdminGroupsPAC.xml
Error 404: Initialization of one or more services failed.
EJPXB0015E: Server response indicates an error.
EJPXB0015E: Server response indicates an error.
EJPXB0006I: Connecting to URL http://localhost:9081/wps/config/
EJPXB0002I: Reading input file /usr/WebSphere/PortalServer/config/work/ContentUserGroupsPAC.xml
Error 404: Initialization of one or more services failed.
EJPXB0015E: Server response indicates an error.
EJPXB0015E: Server response indicates an error.
karan...@in.ibm.com
[5/21/09 10:13:15:483 EDT] 00000023 CacheServiceI I DYNA1001I: WebSphere Dynamic Cache instance named ws/com.ibm.wps.ac.ApplicationRolesForP
rincipalCache initialized successfully.
[5/21/09 10:13:15:500 EDT] 00000023 CacheServiceI I DYNA1001I: WebSphere Dynamic Cache instance named ws/com.ibm.wps.ac.ApplicationRoleChild
renCache initialized successfully.
[5/21/09 10:13:15:518 EDT] 00000023 CacheServiceI I DYNA1001I: WebSphere Dynamic Cache instance named ws/com.ibm.wps.ac.ContainedRolesCache
initialized successfully.
[5/21/09 10:13:16:230 EDT] 00000023 Servlet E com.ibm.wps.engine.Servlet init EJPFD0016E: Initialization of service failed.
com.ibm.wps.ac.DomainAdministratorNotFoundException: EJPSB0107E: Exception occurred while retrieving the iden
tity of the domain adminuser/admingroup cn=DalianEOD,ou=metadata,ou=ibmgroups,o=ibm.com.
at com.ibm.wps.ac.impl.AccessControlDataManagementServiceImpl.convertDNtoObjectID(AccessControlDataManagementServiceImpl.java:975)
at com.ibm.wps.ac.impl.AccessControlDataManagementServiceImpl.access$000(AccessControlDataManagementServiceImpl.java:76)
at com.ibm.wps.ac.impl.AccessControlDataManagementServiceImpl$1.run(AccessControlDataManagementServiceImpl.java:878)
Caused by: com.ibm.portal.puma.MemberNotFoundException: EJPSG0002E: Requested Member does not exist.cn=dalianeod,ou=metadata,ou=ibmgroups,o=ib
m.com
at com.ibm.wps.services.puma.DefaultURManager.findGroupById(DefaultURManager.java:120)
at com.ibm.wps.services.puma.PumaServiceImpl.findGroupById(PumaServiceImpl.java:444)
at com.ibm.wps.services.puma.Puma.findGroupById(Puma.java:425)
at com.ibm.wps.ac.impl.AccessControlDataManagementServiceImpl.convertDNtoObjectID(AccessControlDataManagementServiceImpl.java:955)
... 32 more
[5/21/09 10:13:16:375 EDT] 00000023 WebExtensionP W Servlet portal is currently unavailable: Initialization of one or more services failed.
[5/21/09 10:13:16:389 EDT] 00000023 WebExtensionP E SRVE0026E: [Servlet Error]-[javax.servlet.UnavailableException: Initialization of one or