Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Enable LDAP Security: CWWIM2008E: 'AnonymousUser' not authorized

761 views
Skip to first unread message

gunther.ve...@emd.be

unread,
Nov 26, 2008, 6:12:32 AM11/26/08
to
Hi
I've successfully enabled LDAP (Domino 7.x) security on a brand new Portal 6.1 Express image.
When I boot the portal I get following error:
{code}
[26/11/08 12:00:54:306 CET] 00000026 RepositoryImp I com.ibm.icm.jcr.RepositoryImpl getRepository Repository Default wordt geladen.
[26/11/08 12:01:02:121 CET] 00000026 exception E com.ibm.websphere.wim.security.authz.AccessException CWWIM2008E The principal 'AnonymousUser' is not authorized to perform the operation
'GET PersonAccount' on 'CN=wpadmin,o=mycompany'
[26/11/08 12:01:02:184 CET] 00000026 exception E com.ibm.websphere.wim.security.authz.AccessException
com.ibm.websphere.wim.security.authz.AccessException: CWWIM2008E The principal 'AnonymousUser' is not authorized to perform the operation
'GET PersonAccount' on 'CN=wpadmin,o=mycompany'
at com.ibm.ws.wim.security.authz.ProfileSecurityManager.checkAccessResult(ProfileSecurityManager.java:1161)
at com.ibm.ws.wim.security.authz.ProfileSecurityManager.checkPermission_GET(ProfileSecurityManager.java:469)
at com.ibm.ws.wim.ProfileManager.getImpl(ProfileManager.java:1561)
at com.ibm.ws.wim.ProfileManager.genericProfileManagerMethod(ProfileManager.java:283)
at com.ibm.ws.wim.ProfileManager.get(ProfileManager.java:332)
at com.ibm.websphere.wim.ServiceProvider.get(ServiceProvider.java:345)
at com.ibm.websphere.wim.client.LocalServiceProvider.get(LocalServiceProvider.java:364)
at com.ibm.wps.um.VMMFilter$3.run(VMMFilter.java:172)
at com.ibm.ws.security.auth.ContextManagerImpl.runAs(ContextManagerImpl.java:4040)
at com.ibm.ws.security.auth.ContextManagerImpl.runAsSystem(ContextManagerImpl.java:4137)
at com.ibm.wps.um.VMMFilter.get(VMMFilter.java:183)
at com.ibm.wps.um.VMMFilter.filter(VMMFilter.java:386)
at com.ibm.wps.um.PrincipalFilter.filter(PrincipalFilter.java:59)
at com.ibm.wps.um.RealmFilter.filter(RealmFilter.java:152)
at com.ibm.wps.um.PrincipalFilterChain.invokeFiltering(PrincipalFilterChain.java:109)
at com.ibm.wps.um.FilterAdapter.get(FilterAdapter.java:165)
at com.ibm.wps.um.PumaEngineHelper.reload(PumaEngineHelper.java:782)
at com.ibm.wps.um.PumaEngineHelper.loadWithBaseAttributes(PumaEngineHelper.java:684)
at com.ibm.wps.um.PumaLocatorImpl.findUserByIdentifier(PumaLocatorImpl.java:129)
at com.ibm.icm.jcr.service.member.WPSMemberManagerServiceImpl$1.run(WPSMemberManagerServiceImpl.java:155)
at com.ibm.wps.um.PumaEngineHelper.runUnrestricted(PumaEngineHelper.java:1185)
at com.ibm.wps.um.PumaEnvironmentImpl.runUnrestricted(PumaEnvironmentImpl.java:141)
at com.ibm.icm.jcr.service.member.WPSMemberManagerServiceImpl.init(WPSMemberManagerServiceImpl.java:149)
at com.ibm.icm.jcr.service.ServiceManagerImpl.init(ServiceManagerImpl.java:83)
at com.ibm.icm.jcr.RepositoryImpl.getRepository(RepositoryImpl.java:314)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:79)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:618)
at com.ibm.icm.jcr.RepositoryFactory.init(RepositoryFactory.java:178)
at com.ibm.icm.jcr.RepositoryFactory.getRepository(RepositoryFactory.java:660)
at com.ibm.workplace.wcm.services.repository.RepositoryServiceUtils.getJCRRepository(RepositoryServiceUtils.java:391)
at com.ibm.workplace.wcm.services.repository.WorkspaceManager.getSystemCredentials(WorkspaceManager.java:124)
at com.ibm.workplace.wcm.services.repository.WorkspaceManager.getDefaultSystemWorkspaceContainerInformation(WorkspaceManager.java:103)
at com.ibm.workplace.wcm.services.repository.WorkspaceManager.systemLogin(WorkspaceManager.java:698)
at com.presence.connect.Connect.init(Connect.java:449)

{code}

I have no clue where to look for a solution.

gunther.ve...@emd.be

unread,
Nov 26, 2008, 7:49:09 AM11/26/08
to
Extra info:

{code}[26/11/08 11:58:49:489 CET] 00000015 ServiceLogger I com.ibm.ws.ffdc.IncidentStreamImpl open FFDC0009I: FFDC opened incident stream file C:\IBM\WebSphere\wp_profile\logs\ffdc\WebSphere_Portal_00000015_08.11.26_11.58.49_0.txt
[26/11/08 11:58:49:536 CET] 00000015 ServiceLogger I com.ibm.ws.ffdc.IncidentStreamImpl resetIncidentStream FFDC0010I: FFDC closed incident stream file C:\IBM\WebSphere\wp_profile\logs\ffdc\WebSphere_Portal_00000015_08.11.26_11.58.49_0.txt
[26/11/08 11:58:49:988 CET] 00000015 VaultServiceI E com.ibm.wps.services.credentialvault.VaultServiceImpl checkSystemDNInitialized EJPSK0028E: De eigenschapswaarde voor de unieke naam (DN) 'systemcred.dn' van de systeemgebruiker is ongeldig. Zorg dat de DN-waarde in het kluisservice-eigenschappenbestand geldig is.
com.ibm.wps.util.DataBackendException: EJPSG0015E: Gegevensbackend-probleem java.security.PrivilegedActionException: com.ibm.wps.um.exceptions.impl.PumaSystemExceptionImpl: com.ibm.wps.util.DataBackendException: EJPSG0015E: Gegevensbackend-probleem com.ibm.websphere.wim.security.authz.AccessException: CWWIM2008E The principal 'AnonymousUser' is not authorized to perform the operation
'GET PersonAccount' on 'CN=wpadmin,o=mycompany'
at com.ibm.wps.services.puma.PumaServiceImpl.findUserById(PumaServiceImpl.java:457)
at com.ibm.wps.services.puma.Puma.findUserById(Puma.java:70)
at com.ibm.wps.services.credentialvault.VaultServiceImpl.checkSystemDNInitialized(VaultServiceImpl.java:353)
at com.ibm.wps.services.credentialvault.VaultServiceImpl.initProperties(VaultServiceImpl.java:314)
at com.ibm.wps.services.credentialvault.VaultServiceImpl.init(VaultServiceImpl.java:214)
at com.ibm.wps.services.Service.init(Service.java:107)
at com.ibm.wps.services.Service.init(Service.java:83)
at com.ibm.wps.services.ServiceManager.createService(ServiceManager.java:391)
at com.ibm.wps.services.ServiceManager.initInternal(ServiceManager.java:285)
at com.ibm.wps.services.ServiceManager.init(ServiceManager.java:179)
at com.ibm.wps.services.ServiceManager.init(ServiceManager.java:114)
at com.ibm.wps.engine.Servlet.init(Servlet.java:239)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.init(ServletWrapper.java:192)

{code}

brett_...@us.ibm.com

unread,
Nov 26, 2008, 2:04:58 PM11/26/08
to
How specifically did you enable security? That error indicates that security wasn't completely configured. I assume the error persists even after a restart of the system, correct?

Does the ConfigTrace.log show a BUILD SUCCESSFUL for the configuration task used to enable the security? Was the config wizard used in this case or the command line?

-Brett Gordon (WebSphere Portal L2 Support)

IBM Certified System Administrator -- WebSphere Portal V6.0, V5.1, V5.0
IBM Certified Solution Developer -- WebSphere Portal V5.1, v6.0

The postings on this site are my own and do not necessarily represent the positions, strategies, or opinions of IBM.

gunther.ve...@emd.be

unread,
Nov 27, 2008, 2:43:34 AM11/27/08
to
I used the helper template and used the command-line interface following the InfoCenter (http://publib.boulder.ibm.com/infocenter/wpdoc/v6r1m0/index.jsp?topic=/com.ibm.wp.ent.doc/install/stdaln_win_cfg_stndalone_ldap.html).

# ConfigEngine.bat validate-standalone-ldap (Operation Successful)
and
# ConfigEngine.bat wp-modify-ldap-security (Operation Successful)

I must say the following: a junior admin had enabled security using the WAS Admin Console. I disabled security and used the portal tools for enabling security.

ff...@us.ibm.com

unread,
Nov 30, 2008, 8:25:00 AM11/30/08
to
Package the following files and attach them here:
security.xml, wimconfig.xml, wkplc.properties, ConfigTrace.log, and SystemOut.log.

Thanks

-FF

The postings on this site are my own and do not necessarily represent the positions, strategies or opinions of IBM.

0 new messages