1. The is the output from the startWeblogic.sh command.
[root@linux-orac jandomain]# ./startWebLogic.sh
LD_LIBRARY_PATH=/usr/local/bea/weblogic700/server/lib/linux/i686:/usr/local/bea/weblogic700/server/lib/linux/i686/oci817_8:/usr/local/bea71/weblogic700/server/lib/linux/i686:/usr/local/bea71/weblogic700/server/lib/linux/i686/oci817_8:/usr/local/bea71/weblogic700/server/lib/linux/i686:/usr/local/bea71/weblogic700/server/lib/linux/i686/oci817_8
CLASSPATH=/usr/local/bea71/jdk131_03/lib/tools.jar:/usr/local/bea71/weblogic700/server:/usr/local/bea71/weblogic700/server/lib/weblogic_sp.jar:/usr/local/bea71/weblogic700/server/lib/weblogic.jar:/usr/local/bea71/jdk131_03/lib/tools.jar:/usr/local/bea71/weblogic700/server:/usr/local/bea71/weblogic700/server/lib/weblogic_sp.jar:/usr/local/bea71/weblogic700/server/lib/weblogic.jar:/usr/local/bea/jdk
31_03/lib/tools.jar:/usr/local/bea/weblogic700/server:/usr/local/bea/weblogic700/server/lib/weblogic_sp.jar:/usr/local/bea/weblogic700/server/lib/weblogic.jar:
PATH=.:/usr/local/bea71/weblogic700/server/bin:/usr/local/bea71/jdk131_03/jre/bin:/usr/local/bea71/jdk131_03/bin:/usr/local/bea71/weblogic700/server/lib/linux:/usr/local/bea71/weblogic700/server/bin:/usr/local/bea71/jdk131_03/jre/bin:/usr/local/bea71/jdk131_03/bin:/usr/local/bea71/weblogic700/server/lib/linux:/usr/local/bea/weblogic700/server/bin:/usr/local/bea/jdk131_03/jre/bin:/usr/local/bea/jdk
31_03/bin:/usr/local/bea/weblogic700/server/lib/linux:/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin:/home/soojink/bin
***************************************************
* To start WebLogic Server, use a username and *
* password assigned to an admin-level user. For *
* server administration, use the WebLogic Server *
* console at http://<hostname>:<port>/console *
***************************************************
++ /usr/local/bea71/jdk131_03/bin/java -Xms32m -Xmx200m
-Dweblogic.security.SSL.trustedCAKeyStore=/usr/local/bea71/weblogic700/server/lib/cacerts
-classpath /usr/local/bea71/jdk131_03/lib/tools.jar:/usr/local/bea71/weblogic700/server:/usr/local/bea71/weblogic700/server/lib/weblogic_sp.jar:/usr/local/bea71/weblogic700/server/lib/weblogic.jar:/usr/local/bea71/jdk131_03/lib/tools.jar:/usr/local/bea71/weblogic700/server:/usr/local/bea71/weblogic700/server/lib/weblogic_sp.jar:/usr/local/bea71/weblogic700/server/lib/weblogic.jar:/usr/local/bea/jd
131_03/lib/tools.jar:/usr/local/bea/weblogic700/server:/usr/local/bea/weblogic700/server/lib/weblogic_sp.jar:/usr/local/bea/weblogic700/server/lib/weblogic.jar:
-Dweblogic.Name=adminserver -Dbea.home=/usr/local/bea71
-Dweblogic.management.username= -Dweblogic.management.password=
-Dweblogic.ProductionModeEnabled=
-Djava.security.policy=/usr/local/bea71/weblogic700/server/lib/weblogic.policy
weblogic.Server
<2/01/2003 15:50:20> <Info> <Security> <090065> <Getting boot identity
from user.>
Enter username to boot WebLogic server:admin
Enter password to boot WebLogic server:testabc
Starting WebLogic Server...
<2/01/2003 15:50:36> <Notice> <Management> <140005> <Loading
configuration /usr/local/bea71/user_projects/jandomain/./config.xml>
<2/01/2003 15:50:58> <Notice> <Security> <090082> <Security
initializing using realm myrealm.>
<2/01/2003 15:50:59> <Critical> <WebLogicServer> <000364> <Server
failed during initialization. Exception:java.lang.SecurityException:
Authentication for user admin denied
java.lang.SecurityException: Authentication for user admin denied
at weblogic.security.service.SecurityServiceManager.doBootAuthorization(SecurityServiceManager.java:1028)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:1166)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:697)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:589)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:277)
at weblogic.Server.main(Server.java:32)
>
<2/01/2003 15:50:59> <Emergency> <WebLogicServer> <000342> <Unable to
initialize the server: Fatal initialization exception
Throwable: java.lang.SecurityException: Authentication for user admin
denied
java.lang.SecurityException: Authentication for user admin denied
at weblogic.security.service.SecurityServiceManager.doBootAuthorization(SecurityServiceManager.java:1028)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:1166)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:697)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:589)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:277)
at weblogic.Server.main(Server.java:32)
>
***************************************************************************
The WebLogic Server did not start up properly.
Exception raised:
java.lang.SecurityException: Authentication for user admin denied
at weblogic.security.service.SecurityServiceManager.doBootAuthorization(SecurityServiceManager.java:1028)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:1166)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:697)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:589)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:277)
at weblogic.Server.main(Server.java:32)
Reason: Fatal initialization exception
Throwable: java.lang.SecurityException: Authentication for user admin
denied
java.lang.SecurityException: Authentication for user admin denied
at weblogic.security.service.SecurityServiceManager.doBootAuthorization(SecurityServiceManager.java:1028)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:1166)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:697)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:589)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:277)
at weblogic.Server.main(Server.java:32)
***************************************************************************
++ set +x
2. This the output-xml file.
<?xml version="1.0" encoding="UTF-8"?>
<MBeans>
<SetMBean DisplayName="DefaultRoleMapper"
ObjectName="Security:Name=myrealmDefaultRoleMapper"
Type="weblogic.security.providers.authorization.DefaultRoleMapper">
<Attributes Realm="Security:Name=myrealm">
<Defaulted AttributeNames="RoleDeploymentEnabled"/>
</Attributes>
</SetMBean>
<SetMBean DisplayName="DefaultCredentialMapper"
ObjectName="Security:Name=myrealmDefaultCredentialMapper"
Type="weblogic.security.providers.credentials.DefaultCredentialMapper">
<Attributes Realm="Security:Name=myrealm">
<Defaulted
AttributeNames="CredentialMappingDeploymentEnabled"/>
</Attributes>
</SetMBean>
<SetMBean DisplayName="weblogic.management.commo.CommoModelMBean"
ObjectName="Security:Name=myrealmUserLockoutManager"
Type="weblogic.management.security.authentication.UserLockoutManager">
<Attributes Realm="Security:Name=myrealm">
<Defaulted
AttributeNames="LockoutEnabled,LockoutThreshold,LockoutDuration,LockoutResetDuration,LockoutCacheSize,LockoutGCThreshold"/>
</Attributes>
</SetMBean>
<SetMBean DisplayName="DefaultAuthenticator"
ObjectName="Security:Name=myrealmDefaultAuthenticator"
Type="weblogic.security.providers.authentication.IPlanetAuthenticator">
<Attributes Credential="testabc" GroupBaseDN="o=internet"
GroupFromNameFilter="" Host="heritage"
Principal="uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot"
Realm="Security:Name=myrealm" UserBaseDN="o=internet"
UserFromNameFilter="">
<Defaulted
AttributeNames="StaticMemberDNAttribute,DynamicGroupObjectClass,DynamicGroupNameAttribute,DynamicMemberURLAttribute,UserObjectClass,UserNameAttribute,UserDynamicGroupDNAttribute,UserSearchScope,AllUsersFilter,GroupSearchScope,AllGroupsFilter,StaticGroupObjectClass,StaticGroupNameAttribute,StaticGroupDNsfromMemberDNFilter,ControlFlag,Port,SSLEnabled,CacheEnabled,CacheSize,CacheTTL,FollowReferrals,B
ndAnonymouslyOnReferrals"/>
</Attributes>
</SetMBean>
<SetMBean DisplayName="DefaultAuthorizer"
ObjectName="Security:Name=myrealmDefaultAuthorizer"
Type="weblogic.security.providers.authorization.DefaultAuthorizer">
<Attributes Realm="Security:Name=myrealm">
<Defaulted AttributeNames="PolicyDeploymentEnabled"/>
</Attributes>
</SetMBean>
<SetMBean DisplayName="myrealm" ObjectName="Security:Name=myrealm"
Type="weblogic.management.security.Realm">
<Attributes
Adjudicator="Security:Name=myrealmDefaultAdjudicator"
AuthenticationProviders="Security:Name=myrealmDefaultAuthenticator|Security:Name=myrealmDefaultIdentityAsserter"
Authorizers="Security:Name=myrealmDefaultAuthorizer"
ObjectName="Security:Name=myrealmDefaultAuthorizer"
Type="weblogic.security.providers.authorization.DefaultAuthorizer">
<Attributes Realm="Security:Name=myrealm">
<Defaulted AttributeNames="PolicyDeploymentEnabled"/>
</Attributes>
</SetMBean>
<SetMBean DisplayName="myrealm" ObjectName="Security:Name=myrealm"
Type="weblogic.management.security.Realm">
<Attributes
Adjudicator="Security:Name=myrealmDefaultAdjudicator"
AuthenticationProviders="Security:Name=myrealmDefaultAuthenticator|Security:Name=myrealmDefaultIdentityAsserter"
Authorizers="Security:Name=myrealmDefaultAuthorizer"
CredentialMappers="Security:Name=myrealmDefaultCredentialMapper"
DefaultRealm="true"
KeyStores="Security:Name=myrealmDefaultKeyStore"
RoleMappers="Security:Name=myrealmDefaultRoleMapper"
UserLockoutManager="Security:Name=myrealmUserLockoutManager">
<Defaulted
AttributeNames="Auditors,DeployRoleIgnored,UseDeprecatedWebResource,DeployPolicyIgnored,DeployCredentialMappingIgnored"/>
</Attributes>
</SetMBean>
<SetMBean DisplayName="DefaultIdentityAsserter"
ObjectName="Security:Name=myrealmDefaultIdentityAsserter"
Type="weblogic.security.providers.authentication.DefaultIdentityAsserter">
<Attributes ActiveTypes="AuthenticatedUser"
Realm="Security:Name=myrealm">
<Defaulted
AttributeNames="UserNameMapperClassName,TrustedClientPrincipals"/>
</Attributes>
</SetMBean>
<SetMBean DisplayName="DefaultKeyStore"
ObjectName="Security:Name=myrealmDefaultKeyStore"
Type="weblogic.security.providers.pk.DefaultKeyStore">
<Attributes Realm="Security:Name=myrealm">
<Defaulted
AttributeNames="PrivateKeyStoreLocation,RootCAKeyStoreLocation,PrivateKeyStorePassPhrase,RootCAKeyStorePassPhrase"/>
</Attributes>
</SetMBean>
<SetMBean DisplayName="DefaultAdjudicator"
ObjectName="Security:Name=myrealmDefaultAdjudicator"
Type="weblogic.security.providers.authorization.DefaultAdjudicator">
<Attributes Realm="Security:Name=myrealm">
<Defaulted AttributeNames="RequireUnanimousPermit"/>
</Attributes>
</SetMBean>
</MBeans>
3. This is the output of the LDAP server log file.
[02/Jan/2003:15:38:41 +0800] conn=1933 fd=63 slot=63 connection from
192.168.5.68 to 192.168.1.95
[02/Jan/2003:15:38:41 +0800] conn=1933 op=0 BIND
dn="uid=admin,ou=Administrators,ou=TopologyManagement,o=NetscapeRoot"
method=128 version=2
[02/Jan/2003:15:38:41 +0800] conn=1933 op=0 RESULT err=0 tag=97
nentries=0 etime=0
[02/Jan/2003:15:38:41 +0800] conn=1933 op=-1 fd=63 closed - B1
Thank you very much.
thanks
kiran
"Soojin Kim" <soojin...@hotmail.com> wrote in message
news:988022a0.03010...@posting.google.com...
"kirann" <kir...@bea.com> wrote in message news:<3e14...@newsgroups.bea.com>...
1.) If you want to delete the default Authentication Proider (embeded LDAP) you
need to define your WLS Administrator in the groups "People" and "Administrators"
within the IPlanet Directory. But i think option 2 is better.
2.) You just keep the default authentication provider (embedded LDAP) to hold
the WLS administrator and use the external IPlant to hold the normal users. Set
the control flag on both authentication providers to sufficient. This separates
the secirity critical WLS administrator from the "normal" users.
Thanks.
Frank