I'm trying to configure my Portal 6.1 with two different Ldap, one Tivoli directory and one Active Directory LDAP. If I configure only the Tivoli LDAP, it works fine but If I add the AD directory, the users can't login into the portal and the folowing exception is written in the log.
I attach my wimconfig.xml
I'm desesperate.
[25/10/08 20:58:00:531 CEST] 00000027 UserRegistryI E SECJ0363E: No se puede crear el credencial del usuario uid=wpsadmin,cn=users,dc=eic,dc=cat debido a la siguiente excepción com.ibm.websphere.wim.exception.WIMSystemException: CWWIM4520E Se ha producido la excepción de denominación 'javax.naming.PartialResultException: [LDAP: error code 10 - 0000202B: RefErr: DSID-031006E0, data 0, 1 access points
ref 1: 'eic.cat'
]; remaining name 'uid=wpsadmin,cn=users,dc=eic,dc=cat'; resolved object com.sun.jndi.ldap.LdapCtx@26a026a' durante el proceso.
at com.ibm.ws.wim.adapter.ldap.LdapConnection.getRangeAttributes(LdapConnection.java:1034)
at com.ibm.ws.wim.adapter.ldap.LdapConnection.getAttributes(LdapConnection.java:869)
at com.ibm.ws.wim.adapter.ldap.LdapConnection.checkAttributesCache(LdapConnection.java:1239)
at com.ibm.ws.wim.adapter.ldap.LdapConnection.getEntityByIdentifier(LdapConnection.java:2359)
at com.ibm.ws.wim.adapter.ldap.LdapConnection.getEntityByIdentifier(LdapConnection.java:2276)
at com.ibm.ws.wim.adapter.ldap.LdapAdapter.get(LdapAdapter.java:1348)
at com.ibm.ws.wim.ProfileManager.getImpl(ProfileManager.java:1404)
at com.ibm.ws.wim.ProfileManager.genericProfileManagerMethod(ProfileManager.java:284)
at com.ibm.ws.wim.ProfileManager.get(ProfileManager.java:333)
at com.ibm.websphere.wim.ServiceProvider.get(ServiceProvider.java:345)
at com.ibm.ws.wim.registry.util.MembershipBridge.getUniqueGroupIds(MembershipBridge.java:561)
at com.ibm.ws.wim.registry.WIMUserRegistry$12.run(WIMUserRegistry.java:565)
at com.ibm.ws.security.auth.ContextManagerImpl.runAs(ContextManagerImpl.java:4076)
at com.ibm.ws.security.auth.ContextManagerImpl.runAsSystem(ContextManagerImpl.java:4173)
at com.ibm.ws.wim.security.authz.jacc.JACCSecurityManager.runAsSuperUser(JACCSecurityManager.java:484)
at com.ibm.ws.wim.security.authz.ProfileSecurityManager.runAsSuperUser(ProfileSecurityManager.java:961)
at com.ibm.ws.wim.registry.WIMUserRegistry.getUniqueGroupIds(WIMUserRegistry.java:551)
at com.ibm.ws.security.registry.UserRegistryImpl.createCredential(UserRegistryImpl.java:754)
at com.ibm.ws.security.ltpa.LTPAServerObject.authenticate(LTPAServerObject.java:776)
at com.ibm.ws.security.server.lm.ltpaLoginModule.login(ltpaLoginModule.java:453)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:79)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:618)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:795)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:209)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:709)
at java.security.AccessController.doPrivileged(AccessController.java:246)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:706)
at javax.security.auth.login.LoginContext.login(LoginContext.java:603)
at com.ibm.ws.security.auth.JaasLoginHelper.jaas_login(JaasLoginHelper.java:475)
at com.ibm.ws.security.auth.ContextManagerImpl.login(ContextManagerImpl.java:3444)
at com.ibm.ws.security.auth.ContextManagerImpl.login(ContextManagerImpl.java:3237)
at com.ibm.ws.security.web.FormLoginExtensionProcessor$1.run(FormLoginExtensionProcessor.java:293)
at com.ibm.ws.security.util.AccessController.doPrivileged(AccessController.java:118)
at com.ibm.ws.security.web.FormLoginExtensionProcessor.formLogin(FormLoginExtensionProcessor.java:301)
at com.ibm.ws.security.web.FormLoginExtensionProcessor.handleRequest(FormLoginExtensionProcessor.java:177)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:114)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain._doFilter(WebAppFilterChain.java:87)
at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:832)
at com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilterManager.java:742)
at com.ibm.ws.webcontainer.webapp.WebApp.invokeFilters(WebApp.java:3498)
at com.ibm.ws.wswebcontainer.webapp.WebApp.invokeFilters(WebApp.java:360)
at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:3406)
at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:267)
at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:815)
at com.ibm.ws.wswebcontainer.WebContainer.handleRequest(WebContainer.java:1461)
at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:118)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:458)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformation(HttpInboundLink.java:387)
at com.ibm.ws.http.channel.inbound.impl.HttpICLReadCallback.complete(HttpICLReadCallback.java:102)
at com.ibm.ws.ssl.channel.impl.SSLReadServiceContext$SSLReadCompletedCallback.complete(SSLReadServiceContext.java:1818)
at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:165)
at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217)
at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161)
at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:136)
at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:195)
at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:743)
at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:873)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1473)
-FF
The postings on this site are my own and do not necessarily represent the positions, strategies or opinions of IBM.
I have search any wpsadmin in the AD LDAP but I cann't find it. I've tried to login with other users of the Tivoli LDAP that I'm sure aren't registered in the AD LDAP and the result is the same :
[26/10/08 10:56:27:234 CET] 00000023 UserRegistryI E SECJ0363E: No se puede crear el credencial del usuario uid=msegura,cn=users,dc=eic,dc=cat debido a la siguiente excepción com.ibm.websphere.wim.exception.WIMSystemException: CWWIM4520E Se ha producido la excepción de denominación 'javax.naming.PartialResultException: [LDAP: error code 10 - 0000202B: RefErr: DSID-031006E0, data 0, 1 access points
ref 1: 'eic.cat'
]; remaining name 'uid=msegura,cn=users,dc=eic,dc=cat'; resolved object com.sun.jndi.ldap.LdapCtx@4f564f56' durante el proceso.
So I don't think it is an user issue.
Any other idea ??
Thank you
As for WP, you can edit the wimconfig.xml and look for the referal="ignore" for the AD entry and change it to referal="follow". Then restart WP and see if the error changes at all.
If you open a PMR with support, we won't be able to do much unless you can confirm the query works against AD when issued via a simple LDAP client.
-Brett Gordon (WebSphere Portal L2 Support)
IBM Certified System Administrator -- WebSphere Portal V6.0, V5.1, V5.0
IBM Certified Solution Developer -- WebSphere Portal V5.1, v6.0
The postings on this site are my own and do not necessarily represent the positions, strategies, or opinions of IBM.