"String OutofBounds" error when using LDAP Realm
Dominic Nagar
as the LDAP server. Here is my current configuration:
Weblogic Portal 7.0 sp2
Oracle 9.2
Oracle Internet Directory 9.2
I am using Compatibility Security so I have setup my Customer Realm (which I
have called oracle2) like this:
<CustomRealm
ConfigurationData="user.filter=(&(cn=%u)(objectclass=person));user.dn=cn
=Users,dc=winki,dc=com;membership.filter=(&(uniquemember=%G)(objectclass
=groupofuniquenames));server.principal=cn=orcladmin;group.filter=(&(cn=%
g)(objectclass=groupofuniquenames));group.dn=cn=Groups,cn=OracleContext,dc=w
inki,dc=com;server.host=winki"
Name="oracle2" Password="{3DES}PqydL1MEc2oCJI82x294Ig=="
RealmClassName="weblogic.security.ldaprealmv2.LDAPRealm"/>
On my LDAP server, I have created the following groups: Administrators,
SystemAdministrator, DelegatedAdministrator, AdminEligible, and everyone. I
have also created the following users and added them to the appropriate
groups: administrator, system, weblogic, guest.
It is my understanding that the membership.filter property can use either a
%M or %G as a setting for uniquemember. If I use the %G setting, I am able
to startup weblogic server. However when I look at the groups in the
Weblogic console, weblogic lists not only the groups I created in LDAP but
also the sample groups that the OID installation provided. However the
members column in the weblogic console is blank. It should have listed the
users that belonged to those groups. I made sure that my "system" user is
listed in the "uniquemember" property in LDAP.
If I use the %M setting, I am unable to startup weblogic and I get the
following error:
<May 25, 2003 11:03:12 AM PDT> <Error> <Security> <090060> <The
AccessDecision class
"weblogic.security.providers.realmadapter.AuthorizationProviderImpl"
returned an error: java.lang.StringIndexOutOfBoundsException: String index
out of range: -1. java.lang.StringIndexOutOfBoundsException: String index
out of range: -1
at java.lang.String.substring(String.java:1520)
at
weblogic.security.ldaprealmv2.LDAPDelegate.getAttributeValue(LDAPDelegate.ja
va:1513)
at
weblogic.security.ldaprealmv2.LDAPDelegate.searchDNForUser(LDAPDelegate.java
:1406)
at
weblogic.security.ldaprealmv2.LDAPDelegate.groupMembersInternal(LDAPDelegate
.java:1177)
at
weblogic.security.ldaprealmv2.LDAPDelegate.groupMembers(LDAPDelegate.java:10
86)
at
weblogic.security.ldaprealmv2.LDAPRealm.getGroupMembersInternal(LDAPRealm.ja
va:115)
at
weblogic.security.acl.AbstractListableRealm.getGroupMembers(AbstractListable
Realm.java:302)
at
weblogic.security.acl.FlatGroup.ensureFreshness(FlatGroup.java:175)
at weblogic.security.acl.FlatGroup.isMember(FlatGroup.java:228)
at weblogic.security.acl.AclGroup.getPermission(AclImpl.java:511)
at weblogic.security.acl.AclImpl.checkPermission(AclImpl.java:377)
at
weblogic.security.providers.realmadapter.AuthorizationProviderImpl.isAccessA
llowed(AuthorizationProviderImpl.java:359)
at
weblogic.security.service.AuthorizationManager.isAccessAllowed(Authorization
Manager.java:455)
at
weblogic.security.service.AuthorizationManager.isAccessAllowed(Authorization
Manager.java:592)
at
weblogic.security.service.SecurityServiceManager.doBootAuthorization(Securit
yServiceManager.java:1173)
at
weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceM
anager.java:1216)
at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:723)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:594)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:282)
at weblogic.Server.main(Server.java:32)
>
<May 25, 2003 11:03:12 AM PDT> <Critical> <WebLogicServer> <000364> <Server
failed during initialization. Exception:java.lang.SecurityException: User
system isnot permitted to boot the server java.lang.SecurityException: User
system is not permitted to boot the server
Has anyone seen this error before or has seen/resolved my issue with the
blank members listing?
Regards,
Dominic