This discussion is archived
1 Reply Latest reply: Jan 31, 2013 6:01 AM by Christian Berg RSS

OBIEE Start/Stop Services failed(After LDAP Configuration)

user402869 Newbie
Currently Being Moderated
Hi ,

We made some changes(that is we have added new OID
and configured the new OID based upon the Oracle BI security guide which is in Oracle Site
) to the LDAP configuration in OBIEE web console and it prompted for a restart of the OBIEE services . when we tried restarting the services we are not able to stop all the services . Please find the attached log files .


Note:
1.unable to kill the process ID
which is releated to OBIEE 11.1.1.6.0 services..
2.We have follwed the section 3 in the below link to configure the LDAP : http://docs.oracle.com/cd/E23943_01/bi.1111/e10543/toc.htm.

Please find the below error details in short form and kindly find the attahced file(file name) for more details

Error:
Caused By: oracle.security.jps.service.igf.IGFException: JPS-02597: You configured a custom Authentication Provider or WLS generic LDAPAuthenticator, which the libOvd can not recognize. Supply the idstore.type property in jps-config.xml file, or use a specific WLS LDAP Authentication provider that matches your LDAP server instead of a generic one.
at oracle.security.jps.internal.api.identitystore.IdentityStoreConfigurationUtil.checkIdStoreTypeLater(IdentityStoreConfigurationUtil.java:819)
at oracle.security.jps.internal.api.identitystore.IdentityStoreConfigurationUtil.getLibOvdLdapPushData(IdentityStoreConfigurationUtil.java:524)
at oracle.security.jps.internal.igf.ovd.OvdIGFServiceProvider$1.run(OvdIGFServiceProvider.java:232)
at oracle.security.jps.internal.igf.ovd.OvdIGFServiceProvider$1.run(OvdIGFServiceProvider.java:229)
at java.security.AccessController.doPrivileged(Native Method)
Truncated. see log file for complete stacktrace
>
<Jan 29, 2013 6:39:05 AM CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED>
<Jan 29, 2013 6:39:05 AM CST> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down>
<Jan 29, 2013 6:39:05 AM CST> <Notice> <WebLogicServer> <BEA-000365> <Server state cha

Error Codes
---------------------------------------------------


Problem Category/Subcategory
---------------------------------------------------
BI EE Platform Administration/Administration Tool

Uploaded Files
---------------------------------------------------
File: nohup.zip:134848


Template Question Responses
---------------------------------------------------
1) ### Admin Tool version ###


2) Are you running Oracle Business Intelligence Enterprise Edition using virtualization or partitioning technologies (for example, VMWare) ?
No

3) If yes, please provide the product used and its version.


4) ### Documentation Used ###


5) ### Impact on Business ###

Edited by: 919942 on Jan 31, 2013 5:10 AM
  • 1. Re: OBIEE Start/Stop Services failed(After LDAP Configuration)
    Christian Berg Guru
    Currently Being Moderated
    "JPS-02597: You configured a custom Authentication Provider or WLS generic LDAPAuthenticator, which the libOvd can not recognize. Supply the idstore.type property in jps-config.xml file, or use a specific WLS LDAP Authentication provider that matches your LDAP server instead of a generic one."

    Looks like the config you entered was a tad off. Any chance you can roll back by restoring the original files from before the change?

    $FMWH/user_projects/domains/yourdomain/config/config.xml
    $FMWH/user_projects/domains/yourdomain/config/fmwconfig/jps-config.xml

    In the config.xml, inside the <realm> tag yo ushould find your authenticaiton providers and there's two important things for your new one to check:

    1.) xsi-type="wls:..." <-- This should be your OID type rather than a generic (or wrong) one
    2.) If you're not 100% sure about the config or don't want to immediately shut out native WLS users or want to retain them (both OID and WLS LDAP considered valid), then PLEASE make sure that you run your new authenticator with <sec:control-flag>SUFFICIENT</sec:control-flag> and don't make it REQUIRED since otherwise you won't be able to bring anything up anymore if a single parameter in the authenticator config is off...

    Also, check out what Tony wrote together a while back: http://www.peakindicators.com/index.php/knowledge-base/115-oracle-bi-11g-security-troubleshooting


    Update:
    Should have read the error message more carefully...looks like you actually just slipped by one line in the authenticator config and chose "OracleVirtualDirectory" instead of "OracleInternetDirectory" since it tries to use the libOvd rather than the OID one.

    Edited by: Christian Berg on Jan 31, 2013 2:58 PM

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points