We made some changes(that is we have added new OID
and configured the new OID based upon the Oracle BI security guide which is in Oracle Site
) to the LDAP configuration in OBIEE web console and it prompted for a restart of the OBIEE services . when we tried restarting the services we are not able to stop all the services . Please find the attached log files .
1.unable to kill the process ID
which is releated to OBIEE 22.214.171.124.0 services..
2.We have follwed the section 3 in the below link to configure the LDAP : http://docs.oracle.com/cd/E23943_01/bi.1111/e10543/toc.htm.
Please find the below error details in short form and kindly find the attahced file(file name) for more details
Caused By: oracle.security.jps.service.igf.IGFException: JPS-02597: You configured a custom Authentication Provider or WLS generic LDAPAuthenticator, which the libOvd can not recognize. Supply the idstore.type property in jps-config.xml file, or use a specific WLS LDAP Authentication provider that matches your LDAP server instead of a generic one.
at java.security.AccessController.doPrivileged(Native Method)
Truncated. see log file for complete stacktrace
<Jan 29, 2013 6:39:05 AM CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED>
<Jan 29, 2013 6:39:05 AM CST> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down>
<Jan 29, 2013 6:39:05 AM CST> <Notice> <WebLogicServer> <BEA-000365> <Server state cha
"JPS-02597: You configured a custom Authentication Provider or WLS generic LDAPAuthenticator, which the libOvd can not recognize. Supply the idstore.type property in jps-config.xml file, or use a specific WLS LDAP Authentication provider that matches your LDAP server instead of a generic one."
Looks like the config you entered was a tad off. Any chance you can roll back by restoring the original files from before the change?
In the config.xml, inside the <realm> tag yo ushould find your authenticaiton providers and there's two important things for your new one to check:
1.) xsi-type="wls:..." <-- This should be your OID type rather than a generic (or wrong) one
2.) If you're not 100% sure about the config or don't want to immediately shut out native WLS users or want to retain them (both OID and WLS LDAP considered valid), then PLEASE make sure that you run your new authenticator with <sec:control-flag>SUFFICIENT</sec:control-flag> and don't make it REQUIRED since otherwise you won't be able to bring anything up anymore if a single parameter in the authenticator config is off...
Also, check out what Tony wrote together a while back: http://www.peakindicators.com/index.php/knowledge-base/115-oracle-bi-11g-security-troubleshooting
Should have read the error message more carefully...looks like you actually just slipped by one line in the authenticator config and chose "OracleVirtualDirectory" instead of "OracleInternetDirectory" since it tries to use the libOvd rather than the OID one.