Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

LDAPRealm; Insufficient permission

0 views
Skip to first unread message

Ghazenfer Mansoor

unread,
Jun 24, 2002, 9:54:08 AM6/24/02
to

I am trying to use LDAPRealm in weblogic6.1 and WLPI 2.1 , but having some problems.
Can anyone help?

Here are entries I used.

--------config.xml-------------------- <LDAPRealm AuthProtocol="simple" Credential="password"
GroupDN="o=company.com, ou=weblogic, ou=wlsgroups" GroupUsernameAttribute="uniquemember"
LDAPURL="ldap://ldapserver:389" Name="MyLDAPRealmV1" Principal="cn=Directory Manager"
UserDN="o=company.com, ou=weblogic, ou=users" UserNameAttribute="uid"/>

<PasswordPolicy Name="wl_default_password_policy"/> <Security Name="mydomain" PasswordPolicy="wl_default_password_policy"
Realm="wl_default_realm"/>

<CachingRealm BasicRealm="MyLDAPRealmV1" CacheCaseSensitive="false" Name="wlpiCachingRealm"/>


<FileRealm Name="wl_default_file_realm"/> <Realm CachingRealm="wlpiCachingRealm"
FileRealm="wl_default_file_realm" Name="wl_default_realm"/> -------------------------------------------------------------


On the LDAP side. I created ou=weblogic under that, I created, ou=wlsgroups and ou=users


Now, I created 4 users in users group (guest, system, admin, wlpisystem)

I created the following groups in the wlsgroups group (cn=AdministerUser, cn=ConfigureComponents,
cn=ConfigureSystem, cn=CreateTemplate, cn=DeleteTemplate, cn=ExecuteTemplate, cn=MonitorInstance,
cn=wlpiAdministrators, cn=wlpiUsers, cn=everyone)

everyone group has attribute uniquemember, which has entries uid=wlpisystem,ou=users,ou=weblogic,o=company.com
uid=admin,ou=users,ou=weblogic,o=company.com uid=guest,ou=users,ou=weblogic,o=company.com


all other groups have attribute uniquemember, with entries uid=wlpisystem,ou=users,ou=weblogic,o=company.com
uid=admin,ou=users,ou=weblogic,o=company.com

Now, when I add start the server, it authenticates with the LDAP server (accepts
the password). On the console, I can see the groups and users I created in the ldap.
Now the problem is, I am getting following errors.

- On the users page, I see at the top. Failed to add Users {1} Existing users r listed
anyway.

- When I create a new user, it creates but not in ldap (seems its still using eith
FileRealm or RDBMS somewhere)

-At startup time, I get the following error java.lang.SecurityException: Security
violation: insufficient permission to access method


-When I try to add a user in the group I get this error. java.lang.UnsupportedOperationException:
group modification not supported at weblogic.security.acl.DefaultGroupImpl.addMember(DefaultGroupImpl.java:39)
at weblogic.management.internal.RemoteRealmManagerImpl.addMember(RemoteRealmManagerImpl.java:201)
at weblogic.management.configuration.Group.addMember(Group.java:58) at weblogic.management.console.actions.realm.DoGroupFormAction.perform(DoGroupFormAction.java:132)
at weblogic.management.console.actions.internal.ActionServlet.doAction(ActionServlet.java:171)
at weblogic.management.console.actions.internal.ActionServlet.doPost(ActionServlet.java:85)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:265)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:200)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:2495)
at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2204)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:139) at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
--------------- nested within: ------------------ weblogic.management.configuration.RealmException:
Group.addMember - with nested exception: [java.lang.UnsupportedOperationException:
group modification not supported] at weblogic.management.configuration.Group.addMember(Group.java:60)
at weblogic.management.console.actions.realm.DoGroupFormAction.perform(DoGroupFormAction.java:132)
at weblogic.management.console.actions.internal.ActionServlet.doAction(ActionServlet.java:171)
at weblogic.management.console.actions.internal.ActionServlet.doPost(ActionServlet.java:85)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:265)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:200)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:2495)
at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2204)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:139) at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
--------------- nested within: ------------------ weblogic.management.console.actions.ActionException:
Group.addMember - with nested exception: [weblogic.management.configuration.RealmException:
Group.addMember - with nested exception: [java.lang.UnsupportedOperationException:
group modification not supported]] at weblogic.management.console.actions.ErrorAction.(ErrorAction.java:38)
at weblogic.management.console.actions.realm.DoGroupFormAction.perform(DoGroupFormAction.java:154)
at weblogic.management.console.actions.internal.ActionServlet.doAction(ActionServlet.java:171)
at weblogic.management.console.actions.internal.ActionServlet.doPost(ActionServlet.java:85)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:265)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:200)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:2495)
at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2204)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:139) at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)


Ghazenfer Mansoor

unread,
Jun 25, 2002, 9:31:05 AM6/25/02
to

I tried LDAPRealmV2 but got same errors.
-Insufficient permission error
-On the users page, I see at the top. Failed to add Users {1}.
As expected, its not showing the users list and group members but thats how it should
be.

If LDAPRealms only have read access, then we will have to programatically add the
users and/or groups (through JNDI)?

ACL is still maintained in the FileRealm? How can I use LDAP for ACL also?

Jerry <nos...@youwish.com> wrote:
>Hi,
>
>Two things.
>
>First, it looks like you're using "LDAP V1" class.
>WebLogic has a newer version of LDAPRealm called LDAPV2
>I would strongly recommend that you use the LDAPV2 classes.
>
>You are seeing this error


>
>- On the users page, I see at the top. Failed to add Users {1} Existing
>users r listed
>anyway.
>

>because you are using LDAP V1. Switch to V2 and you will not see this any
>more.
>
>
>Sample config.xml configuration for LDAP V2 is
>
> <CustomRealm
> ConfigurationData="server.host=myHost:389;membership.filter=(&(uniquemember=%M)(objectclass=groupofuniquenames));group.dn=ou=groups,
>o=beasys.com;group.filter=(&(cn=%g)(objectclass=groupofuniquenames));server.principal=;user.dn=ou=people,
>o=beasys.com;anonBind=true;server.credential=;user.filter=(&(uid=%u)(objectclass=person))"
> Name="defaultLDAPRealmForNetscapeDirectoryServer" RealmClassName="weblogic.security.ldaprealmv2.LDAPRealm"/>
>
>
>Second, you cannot perform any write operations (add user, add group) to
>the LDAP realm, whether you are using WebLogic LDAP V1, or V2
>
>WebLogic's LDAP realms only have read access on the LDAP server.
>
>Cheers,
>Joe Jerry

0 new messages