2 Replies Latest reply on Aug 4, 2003 4:29 PM by 3004

    Problems configuration ldapRealm

    3004
      Hello,
      I am trying to configure BEA Portal with our LDAP server which is Windows
      Active Directory.

      Here is the info on my environment:
      BEA Portal 7.0, sp2
      OS for LDAP server is Windows 2000

      Here is the entry in my config.xml file for the ldap configuration:
      <CustomRealm
      ConfigurationData="user.filter=(&(cn=%u)(objectclass=Users));user.dn=ou=
      Users,dc=weblogic,dc=local;server.port=389;server.principal=cn=weblogic,dc=w
      eblogic,dc=local;group.filter==(&(cn=%g)(objectclass=Groups));server.hos
      t=server1.weblogic.local;group.dn=ou=Groups,dc=weblogic,dc=local;membership.
      scope.depth=1;microsoft.membership.scope=sub;membership.filter=(|(&(memb
      erobject=%M)(objectclass=memberof))(&(groupobject=%M)(objectclass=groupm
      emberof)));"
      Name="ldapRealm" Password="<some encrypted password>"
      RealmClassName="weblogic.security.ldaprealmv2.LDAPRealm"/>

      I am using ldap v2 so I had to create a Custom Realm. When I switch my
      caching realm to my ldapRealm and restart the server, I get the following
      error:

      ####<May 2, 2003 11:30:11 AM PDT> <Info> <Logging> <WINKI> <portalServer>
      <main> <kernel identity> <> <000000> <FileLogger Opened at
      C:\workarea\portalDomain\.\logs\weblogic.log>
      ####<May 2, 2003 11:30:14 AM PDT> <Info> <Security> <WINKI> <portalServer>
      <main> <kernel identity> <> <090516> <The RoleMapper provider has
      preexisting LDAP data.>
      ####<May 2, 2003 11:30:14 AM PDT> <Critical> <WebLogicServer> <WINKI>
      <portalServer> <main> <kernel identity> <> <000364> <Server failed during
      initialization. Exception:weblogic.security.ldaprealmv2.LDAPRealmException:
      could not get connection - with nested exception:
      [java.lang.reflect.InvocationTargetException - with target exception:
      [netscape.ldap.LDAPException: error result (49); 80090308: LdapErr:
      DSID-0C09030B, comment: AcceptSecurityContext error, data 525, v893 ;
      Invalid credentials]]>
      java.lang.reflect.InvocationTargetException: netscape.ldap.LDAPException:
      error result (49); 80090308: LdapErr: DSID-0C09030B, comment:
      AcceptSecurityContext error, data 525, v893 ; Invalid credentials
      at netscape.ldap.LDAPConnection.checkMsg(LDAPConnection.java:4852)
      at netscape.ldap.LDAPConnection.internalBind(LDAPConnection.java:1757)
      at netscape.ldap.LDAPConnection.authenticate(LDAPConnection.java:1294)
      at netscape.ldap.LDAPConnection.authenticate(LDAPConnection.java:1303)
      at netscape.ldap.LDAPConnection.bind(LDAPConnection.java:1613)
      at
      weblogic.security.ldaprealmv2.LDAPDelegate$LDAPFactory.newInstance(LDAPDeleg
      ate.java:1885)
      at weblogic.security.utils.Pool.getInstance(Pool.java:57)
      at
      weblogic.security.ldaprealmv2.LDAPDelegate.getConnection(LDAPDelegate.java:7
      89)
      at
      weblogic.security.ldaprealmv2.LDAPDelegate.getUser(LDAPDelegate.java:871)
      at weblogic.security.ldaprealmv2.LDAPRealm.getUser(LDAPRealm.java:57)
      at weblogic.security.acl.CachingRealm.getUserEntry(CachingRealm.java:812)
      at weblogic.security.acl.CachingRealm.getUser(CachingRealm.java:668)
      at
      weblogic.security.acl.internal.FileRealm.getPrincipalFromAnyRealm(FileRealm.
      java:1009)
      at
      weblogic.security.acl.internal.FileRealm.ensureRequiredObjectsExist(FileReal
      m.java:958)
      at
      weblogic.security.acl.internal.FileRealm.loadMembers(FileRealm.java:1209)
      at
      weblogic.security.SecurityService.initializeRealm(SecurityService.java:370)
      at
      weblogic.security.providers.realmadapter.AuthorizationProviderImpl.initializ
      e(AuthorizationProviderImpl.java:72)
      at
      weblogic.security.service.SecurityServiceManager.createSecurityProvider(Secu
      rityServiceManager.java:1875)
      at
      weblogic.security.service.AuthorizationManager.initialize(AuthorizationManag
      er.java:206)
      at
      weblogic.security.service.AuthorizationManager.<init>(AuthorizationManager.j
      ava:127)
      at
      weblogic.security.service.SecurityServiceManager.doATZ(SecurityServiceManage
      r.java:1613)
      at
      weblogic.security.service.SecurityServiceManager.initializeRealm(SecuritySer
      viceManager.java:1426)
      at
      weblogic.security.service.SecurityServiceManager.loadRealm(SecurityServiceMa
      nager.java:1365)
      at
      weblogic.security.service.SecurityServiceManager.initializeRealms(SecuritySe
      rviceManager.java:1487)
      at
      weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceM
      anager.java:1207)
      at weblogic.t3.srvr.T3Srvr.initialize1(T3Srvr.java:723)
      at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:594)
      at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:282)
      at weblogic.Server.main(Server.java:32)

      Any information is greatly appreciated.

      thanks,
      Dominic

      Dominic Nagar Release Engineer
      p 415.875.7123 f 415.875.7001 dnagar@semaphorepartners.com
      ............................................................................
      ..........
      Semaphore Partners www.semaphorepartners.com



        • 1. Re: Problems configuration ldapRealm
          3004

          "Dominic Nagar" <dnagar@semaphorepartners.com> wrote in message
          news:3eb2be12@newsgroups.bea.com...
          Hello,
          I am trying to configure BEA Portal with our LDAP server which is Windows
          Active Directory.
          The key part of the error message is:

          [java.lang.reflect.InvocationTargetException - with target exception:
          [netscape.ldap.LDAPException: error result (49); 80090308: LdapErr:
          DSID-0C09030B, comment: AcceptSecurityContext error, data 525, v893 ;
          Invalid credentials]]>

          Double check the principal and credentials configured for the realm.





          • 2. Re: Problems configuration ldapRealm
            3004
            Dominic Nagar <dnagar@semaphorepartners.com> wrote:
            I am trying to configure BEA Portal with our LDAP server which is
            Windows Active Directory.
            Dominic and others:

            Here's what I've found concerning BEA Portal 7 and Active Directory
            2000. By the way, this is current as of BEA Platform 7.0.2.0. This
            could change with version 8.1 and beyond.


            - Active Directory does not currently work with Portal's
            "compatibilityRealm"

            - A future patch will be released by BEA (date unknown)


            Instead, I would investigate and use either the Sun ONE Directory
            Server (also known as, "iPlanet Directory"), Novell's eDirectory (also
            known as, "NDS"), or OpenLDAP.

            Give me a call if you need specifics.


            Brian J. Mitchell
            Systems Administrator, MIS
            TRX
            6 West Druid Hills Drive
            Atlanta, GA 30329 USA
            http://www.trx.com

            email: brian.mitchell@trx.com
            office: +1 404 327 7238
            mobile: +1 678 283 6530