Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Problems configuration ldapRealm

5 views
Skip to first unread message

Dominic Nagar

unread,
May 2, 2003, 2:50:56 PM5/2/03
to
Reply-To: "Dominic Nagar" <dna...@semaphorepartners.com>
From: "Dominic Nagar" <dna...@semaphorepartners.com>
Newsgroups: weblogic.developer.interest.security,weblogic.support.install,weblogic.developer.interest.general
Subject: Problems configuration ldapRealm
Date: Fri, 2 May 2003 11:50:56 -0700
Lines: 112
Organization: Semaphore Partners
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
NNTP-Posting-Host: 65.172.208.8
X-Original-NNTP-Posting-Host: 65.172.208.8
Message-ID: <3eb2...@newsgroups.bea.com>
X-Trace: newsgroups.bea.com 1051901458 65.172.208.8 (2 May 2003 11:50:58 -0800)
X-Original-Trace: 2 May 2003 11:50:58 -0800, 65.172.208.8
XPident: Unknown
Path: newsgroups.bea.com!not-for-mail
Xref: newsgroups.bea.com weblogic.developer.interest.security:10015 weblogic.support.install:12254 weblogic.developer.interest.general:12656

Hello,
I am trying to configure BEA Portal with our LDAP server which is Windows
Active Directory.

Here is the info on my environment:
BEA Portal 7.0, sp2
OS for LDAP server is Windows 2000

Here is the entry in my config.xml file for the ldap configuration:
<CustomRealm
ConfigurationData="user.filter=(&amp;(cn=%u)(objectclass=Users));user.dn=ou=
Users,dc=weblogic,dc=local;server.port=389;server.principal=cn=weblogic,dc=w
eblogic,dc=local;group.filter==(&amp;(cn=%g)(objectclass=Groups));server.hos
t=server1.weblogic.local;group.dn=ou=Groups,dc=weblogic,dc=local;membership.
scope.depth=1;microsoft.membership.scope=sub;membership.filter=(|(&amp;(memb
erobject=%M)(objectclass=memberof))(&amp;(groupobject=%M)(objectclass=groupm
emberof)));"
Name="ldapRealm" Password="<some encrypted password>"
RealmClassName="weblogic.security.ldaprealmv2.LDAPRealm"/>

I am using ldap v2 so I had to create a Custom Realm. When I switch my
caching realm to my ldapRealm and restart the server, I get the following
error:

####<May 2, 2003 11:30:11 AM PDT> <Info> <Logging> <WINKI> <portalServer>
<main> <kernel identity> <> <000000> <FileLogger Opened at
C:\workarea\portalDomain\.\logs\weblogic.log>
####<May 2, 2003 11:30:14 AM PDT> <Info> <Security> <WINKI> <portalServer>
<main> <kernel identity> <> <090516> <The RoleMapper provider has
preexisting LDAP data.>
####<May 2, 2003 11:30:14 AM PDT> <Critical> <WebLogicServer> <WINKI>
<portalServer> <main> <kernel identity> <> <000364> <Server failed during
initialization. Exception:weblogic.security.ldaprealmv2.LDAPRealmException:
could not get connection - with nested exception:
[java.lang.reflect.InvocationTargetException - with target exception:
[netscape.ldap.LDAPException: error result (49); 80090308: LdapErr:
DSID-0C09030B, comment: AcceptSecurityContext error, data 525, v893 ;
Invalid credentials]]>
java.lang.reflect.InvocationTargetException: netscape.ldap.LDAPException:
error result (49); 80090308: LdapErr: DSID-0C09030B, comment:
AcceptSecurityContext error, data 525, v893 ; Invalid credentials
at netscape.ldap.LDAPConnection.checkMsg(LDAPConnection.java:4852)
at netscape.ldap.LDAPConnection.internalBind(LDAPConnection.java:1757)
at netscape.ldap.LDAPConnection.authenticate(LDAPConnection.java:1294)
at netscape.ldap.LDAPConnection.authenticate(LDAPConnection.java:1303)
at netscape.ldap.LDAPConnection.bind(LDAPConnection.java:1613)
at
weblogic.security.ldaprealmv2.LDAPDelegate$LDAPFactory.newInstance(LDAPDeleg
ate.java:1885)
at weblogic.security.utils.Pool.getInstance(Pool.java:57)
at
weblogic.security.ldaprealmv2.LDAPDelegate.getConnection(LDAPDelegate.java:7
89)
at
weblogic.security.ldaprealmv2.LDAPDelegate.getUser(LDAPDelegate.java:871)
at weblogic.security.ldaprealmv2.LDAPRealm.getUser(LDAPRealm.java:57)
at weblogic.security.acl.CachingRealm.getUserEntry(CachingRealm.java:812)
at weblogic.security.acl.CachingRealm.getUser(CachingRealm.java:668)
at
weblogic.security.acl.internal.FileRealm.getPrincipalFromAnyRealm(FileRealm.
java:1009)
at
weblogic.security.acl.internal.FileRealm.ensureRequiredObjectsExist(FileReal
m.java:958)
at
weblogic.security.acl.internal.FileRealm.loadMembers(FileRealm.java:1209)
at
weblogic.security.SecurityService.initializeRealm(SecurityService.java:370)
at
weblogic.security.providers.realmadapter.AuthorizationProviderImpl.initializ
e(AuthorizationProviderImpl.java:72)
at
weblogic.security.service.SecurityServiceManager.createSecurityProvider(Secu
rityServiceManager.java:1875)
at
weblogic.security.service.AuthorizationManager.initialize(AuthorizationManag
er.java:206)
at
weblogic.security.service.AuthorizationManager.<init>(AuthorizationManager.j
ava:127)
at
weblogic.security.service.SecurityServiceManager.doATZ(SecurityServiceManage
r.java:1613)
at
weblogic.security.service.SecurityServiceManager.initializeRealm(SecuritySer
viceManager.java:1426)
at
weblogic.security.service.SecurityServiceManager.loadRealm(SecurityServiceMa
nager.java:1365)
at
weblogic.security.service.SecurityServiceManager.initializeRealms(SecuritySe
rviceManager.java:1487)
at
weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceM
anager.java:1207)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:723)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:594)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:282)
at weblogic.Server.main(Server.java:32)

Any information is greatly appreciated.

thanks,
Dominic

Dominic Nagar Release Engineer
p 415.875.7123 f 415.875.7001 dna...@semaphorepartners.com
............................................................................
..........
Semaphore Partners www.semaphorepartners.com


Peter

unread,
Aug 3, 2003, 5:58:34 PM8/3/03
to

"Dominic Nagar" <dna...@semaphorepartners.com> wrote in message
news:3eb2...@newsgroups.bea.com...

> Hello,
> I am trying to configure BEA Portal with our LDAP server which is Windows
> Active Directory.
>

The key part of the error message is:

[java.lang.reflect.InvocationTargetException - with target exception:
[netscape.ldap.LDAPException: error result (49); 80090308: LdapErr:
DSID-0C09030B, comment: AcceptSecurityContext error, data 525, v893 ;
Invalid credentials]]>

Double check the principal and credentials configured for the realm.

Brian Mitchell

unread,
Aug 4, 2003, 12:29:45 PM8/4/03
to
Dominic Nagar <dna...@semaphorepartners.com> wrote:
>> I am trying to configure BEA Portal with our LDAP server which is
>> Windows Active Directory.

Dominic and others:

Here's what I've found concerning BEA Portal 7 and Active Directory
2000. By the way, this is current as of BEA Platform 7.0.2.0. This
could change with version 8.1 and beyond.


- Active Directory *does not* currently work with Portal's
"compatibilityRealm"

- A future patch will be released by BEA (date unknown)


Instead, I would investigate and use either the Sun ONE Directory
Server (also known as, "iPlanet Directory"), Novell's eDirectory (also
known as, "NDS"), or OpenLDAP.

Give me a call if you need specifics.


Brian J. Mitchell
Systems Administrator, MIS
TRX
6 West Druid Hills Drive
Atlanta, GA 30329 USA
http://www.trx.com

email: brian.m...@trx.com
office: +1 404 327 7238
mobile: +1 678 283 6530

0 new messages