When the admin console lists all of the users in the ActiveDirectory server
it lists then by their full name which is stored in the 'cn' attribute. It
does not allow users to log into the application with either their username
or their full name as contained in the 'cn' attribute. I have tried both
'local' and 'bind' UserAuthentication.
When I try to access their login name or email address, using
'sAMAccountName' or 'userPrincipalName' in the UserNameAttribute field, I
get a RuntimeOperationsException when accessing either my application or the
admin console. Abbreviated exception folloed by LDAPRealm config...
javax.management.RuntimeOperationsException: RuntimeException thrown by the
getAttribute method of t
he DynamicMBean for the attribute FileTimeSpan
at
com.sun.management.jmx.MBeanServerImpl.getAttribute(MBeanServerImpl.java:118
3)
at
com.sun.management.jmx.MBeanServerImpl.getAttribute(MBeanServerImpl.java:115
1)
at
weblogic.management.internal.MBeanProxy.getAttribute(MBeanProxy.java:223)
at
weblogic.management.internal.MBeanProxy.invoke(MBeanProxy.java:156)
at $Proxy3.getFileTimeSpan(Unknown Source)
at weblogic.logging.FileStreamLogger.log(FileStreamLogger.java:169)
....
My LDAPRealm looks like this
<LDAPRealm
Name="ActiveDirectoryRealm"
LDAPURL="ldap://server:389"
AuthProtocol="simple"
Principal="admini...@server.xxx.com"
Credential="credential"
GroupDN="DC=com,DC=xxx,DC=server,CN=Users"
GroupIsContext="false"
GroupNameAttribute="cn"
GroupUsernameAttribute="member"
UserAuthentication="local"
UserDN="DC=com,DC=xxx,DC=server,CN=Users"
UserNameAttribute="cn"
UserPasswordAttribute="userPassword"/>