Resetting security realm

Makoto Suzuki

unread,

Sep 5, 2003, 6:07:40 PM9/5/03

to

Hello,

I was trying to configure WLS 7.0 SP2 so that it uses the default realm
myrealm (the one set up out-of-box) instead of the compatibility realm. I
added an iPlanet authentication provider so that the server will
authenticate users against our LDAP server. However once I made that change,
I cannot start up the server at all with the following error:

This error is returned regardless of what user name I enter, 'system'
doesn't work. Even the ones that exist in the LDAP server doesn't work.

I tried the option -Dweblogic.safeCommoBoot=true, but no avail. My question
is, how can I re-configure the server without using the console (which
cannot be accessed since the server doesn't startup)?

I appreciate any insight on this...thank you!

Makoto

Peter

unread,

Sep 7, 2003, 8:16:02 PM9/7/03

to

"Makoto Suzuki" <msu...@hoike.net> wrote in message
news:3f590937$1...@newsgroups.bea.com...

> Hello,
>
> I was trying to configure WLS 7.0 SP2 so that it uses the default realm
> myrealm (the one set up out-of-box) instead of the compatibility realm. I
> added an iPlanet authentication provider so that the server will
> authenticate users against our LDAP server. However once I made that
change,
> I cannot start up the server at all with the following error:
>
> <Sep 5, 2003 12:01:44 PM HST> <Critical> <WebLogicServer> <000364> <Server
> failed during initializat
> ion. Exception:java.lang.SecurityException: Authentication for user
denied
> java.lang.SecurityException: Authentication for user denied
>

What are the control flags for the different providers. If both requisite or
required, then the
user must exist in both the embedded ldap and the external ldap servers.

> This error is returned regardless of what user name I enter, 'system'
> doesn't work. Even the ones that exist in the LDAP server doesn't work.
>

The username and password may have to exist in both depending upon control
flags.

> I tried the option -Dweblogic.safeCommoBoot=true, but no avail. My
question
> is, how can I re-configure the server without using the console (which
> cannot be accessed since the server doesn't startup)?
>

That should have reverted the configuration to the last boot.
You can dump the mbeans, change the control flag of the embedded ldap to
optional, and
then reboot and then use the console.

Makoto Suzuki

unread,

Sep 8, 2003, 3:42:14 PM9/8/03

to

> What are the control flags for the different providers. If both requisite
or
> required, then the
> user must exist in both the embedded ldap and the external ldap servers.

You're right. It is set to Required.

> The username and password may have to exist in both depending upon control
> flags.

I know the user system exists on the external ldap server.

>
> > I tried the option -Dweblogic.safeCommoBoot=true, but no avail. My
> question
> > is, how can I re-configure the server without using the console (which
> > cannot be accessed since the server doesn't startup)?
> >
>
> That should have reverted the configuration to the last boot.
> You can dump the mbeans, change the control flag of the embedded ldap to
> optional, and
> then reboot and then use the console.

Now how would i do that without firing up the console? Could you give us
pointer to which file, tool, etc. to use?

Thank you,
Makoto

Satya Ghattu

unread,

Sep 8, 2003, 4:48:19 PM9/8/03

to Makoto Suzuki

Please refer to the documentation at,

http://e-docs.bea.com/wls/docs70/admin_domain/failures.html

Thanks,
-satya

>
> Thank you,
> Makoto
>
>

Makoto Suzuki

unread,

Sep 8, 2003, 8:37:41 PM9/8/03

to

Thanks Satya.

"Satya Ghattu" <sa...@replyToNewsGroups.com> wrote in message
news:3F5CEB1...@replyToNewsGroups.com...

Resetting security realm - HELP!!!!!

Makoto Suzuki

Peter

Makoto Suzuki

Satya Ghattu

Makoto Suzuki