WLS6.0 SP1 and LDAPRealm
Anton Pechinsky
I use Weblogic 6.0 with SP1 and Win2000 Active Directory.
I can't start server because some errors occured .
Untill now I used WLS 5.1 SP8 and Win2000 Active Directory. This scheme
works fine.
Here is a part of my weblogic.property file:
----------------------------------------------------------------------------
--------------------------
ldap://ldapserver:389
ad.server.host=srv-adc2
ad.server.principal=CN=LDAP Admin,OU=Test,DC=xxx,DC=yyy,DC=com
ad.server.credential=ldapadmin
ad.user.dn=OU=Test,DC=xxx,DC=yyy,DC=com
ad.user.filter=(&(cn=%u)(objectclass=user))
ad.group.dn=OU=Test,DC=xxx,DC=yyy,DC=com
ad.group.filter=(&(cn=%g)(objectclass=group))
ad.membership.filter=(&(member=%M)(objectclass=group))
----------------------------------------------------------------------------
------------
When I moved to WLS 6.0 SP1 I've got an error when I trying to start server:
----------------------------------------------------------------------------
-------------
<Apr 26, 2001 3:07:14 PM GMT+03:00> <Emergency> <Server> <Unable to
initialize the server: 'Fatal initialization exception
Throwable: weblogic.security.ldaprealm.LDAPException: search error: user
everyone - with nested exception:
[javax.naming.NamingException: [LDAP: error code 1 - 000020D6: SvcErr:
DSID-03100690, problem 5012 (DIR_ERROR), data 0 ]; remaining name
'DC=com,DC=yyy,DC=xxx,ou=Test']
weblogic.security.ldaprealm.LDAPException: search error: user everyone -
with nested exception:
[javax.naming.NamingException: [LDAP: error code 1 - 000020D6: SvcErr:
DSID-03100690, problem 5012 (DIR_ERROR), data 0 ]; remaining name
'DC=com,DC=yyy,DC=xxx,ou=Test']
at
weblogic.security.ldaprealm.LDAPDelegate.getUserAttrs(LDAPDelegate.java:377)
at
weblogic.security.ldaprealm.LDAPDelegate.userExists(LDAPDelegate.java:384)
at weblogic.security.ldaprealm.LDAPRealm.getUser(LDAPRealm.java:57)
at
weblogic.security.acl.CachingRealm.getUserEntry(CachingRealm.java:806)
at weblogic.security.acl.CachingRealm.getUser(CachingRealm.java:670)
at
weblogic.security.acl.internal.FileRealm.getPrincipalFromAnyRealm(FileRealm.
java:1003)
at
weblogic.security.acl.internal.FileRealm.ensureRequiredObjectsExist(FileReal
m.java:952)
at
weblogic.security.acl.internal.FileRealm.loadMembers(FileRealm.java:1202)
at
weblogic.security.SecurityService.initializeRealm(SecurityService.java:281)
at
weblogic.security.SecurityService.initialize(SecurityService.java:123)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:343)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
at weblogic.Server.main(Server.java:35)
----------------------------------------------------------------------------
---------------
Why weblogic searches for user everyone? Does anybody know solution for
this problem?
LDAPRealm configuration:
<LDAPRealm
AuthProtocol="simple"
Credential="ldapadmin"
GroupDN="ou=Test,DC=xxx,DC=yyy,DC=com"
GroupIsContext="true" GroupNameAttribute="cn"
GroupUsernameAttribute="member" LDAPURL="ldap://ldapserver:389"
Name="My LDAP realm"
Principal="CN=LDAP Admin,OU=Test,DC=xxx,DC=yyy,DC=com"
UserAuthentication="local"
UserDN="cn=Users,DC=xxx,DC=yyy,DC=com"
UserNameAttribute="cn" UserPasswordAttribute="userpassword