LDAPRealm problem with wls6.1/wli2.1
Ghazenfer Mansoor
I am trying to implement LDAPRealm in weblogic6.1 and WLPI 2.1
, but having some problems.
Here are entries I used.
--------config.xml--------------------
<LDAPRealm AuthProtocol="simple"
Credential="password"
GroupDN="o=company.com, ou=weblogic, ou=wlsgroups"
GroupUsernameAttribute="uniquemember"
LDAPURL="ldap://ldapserver:389"
Name="MyLDAPRealmV1" Principal="cn=Directory Manager"
UserDN="o=company.com, ou=weblogic, ou=users" UserNameAttribute="uid"/>
<PasswordPolicy Name="wl_default_password_policy"/>
<Security Name="mydomain"
PasswordPolicy="wl_default_password_policy" Realm="wl_default_realm"/>
<CachingRealm BasicRealm="MyLDAPRealmV1" CacheCaseSensitive="false" Name="wlpiCachingRealm"/>
<FileRealm Name="wl_default_file_realm"/>
<Realm CachingRealm="wlpiCachingRealm"
FileRealm="wl_default_file_realm" Name="wl_default_realm"/>
-------------------------------------------------------------
On the LDAP side.
I created ou=weblogic
under that, I created,
ou=wlsgroups and ou=users
Now, I created 4 users in users group (guest, system, admin, wlpisystem)
I created the following groups in the wlsgroups group (cn=AdministerUser, cn=ConfigureComponents,
cn=ConfigureSystem, cn=CreateTemplate, cn=DeleteTemplate, cn=ExecuteTemplate, cn=MonitorInstance,
cn=wlpiAdministrators, cn=wlpiUsers, cn=everyone)
everyone group has attribute uniquemember, which has entries
uid=wlpisystem,ou=users,ou=weblogic,o=company.com
uid=admin,ou=users,ou=weblogic,o=company.com
uid=guest,ou=users,ou=weblogic,o=company.com
all other groups have attribute uniquemember, with entries
uid=wlpisystem,ou=users,ou=weblogic,o=company.com
uid=admin,ou=users,ou=weblogic,o=company.com
Now, when I add start the server, it authenticates with the LDAP server (accepts
the password).
On the console, I can see the groups and users I created in the ldap.
Now the problem is, I am getting following errors.
- On the users page, I see at the top.
Failed to add Users {1}
Existing users r listed anyway.
- When I create a new user, it creates but not in ldap (seems its still using eith
FileRealm or RDBMS somewhere)
-At startup time, I get the following error
java.lang.SecurityException: Security violation: insufficient permission to access
method
-When I try to add a user in the group I get this error.
java.lang.UnsupportedOperationException: group modification not supported
at weblogic.security.acl.DefaultGroupImpl.addMember(DefaultGroupImpl.java:39)
at weblogic.management.internal.RemoteRealmManagerImpl.addMember(RemoteRealmManagerImpl.java:201)
at weblogic.management.configuration.Group.addMember(Group.java:58)
at weblogic.management.console.actions.realm.DoGroupFormAction.perform(DoGroupFormAction.java:132)
at weblogic.management.console.actions.internal.ActionServlet.doAction(ActionServlet.java:171)
at weblogic.management.console.actions.internal.ActionServlet.doPost(ActionServlet.java:85)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:265)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:200)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:2495)
at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2204)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:139)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
--------------- nested within: ------------------
weblogic.management.configuration.RealmException: Group.addMember - with nested exception:
[java.lang.UnsupportedOperationException: group modification not supported]
at weblogic.management.configuration.Group.addMember(Group.java:60)
at weblogic.management.console.actions.realm.DoGroupFormAction.perform(DoGroupFormAction.java:132)
at weblogic.management.console.actions.internal.ActionServlet.doAction(ActionServlet.java:171)
at weblogic.management.console.actions.internal.ActionServlet.doPost(ActionServlet.java:85)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:265)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:200)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:2495)
at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2204)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:139)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
--------------- nested within: ------------------
weblogic.management.console.actions.ActionException: Group.addMember - with nested
exception:
[weblogic.management.configuration.RealmException: Group.addMember - with nested
exception:
[java.lang.UnsupportedOperationException: group modification not supported]]
at weblogic.management.console.actions.ErrorAction.(ErrorAction.java:38)
at weblogic.management.console.actions.realm.DoGroupFormAction.perform(DoGroupFormAction.java:154)
at weblogic.management.console.actions.internal.ActionServlet.doAction(ActionServlet.java:171)
at weblogic.management.console.actions.internal.ActionServlet.doPost(ActionServlet.java:85)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:265)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:200)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:2495)
at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2204)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:139)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)