Pb enable Security with ActiveDirectory - Websphere

This is a discussion on Pb enable Security with ActiveDirectory - Websphere ; Hello all, I'm trying to enable global security in WAS 6.0.2.23 with active directory. This errors occurs in the Dmgr logs file: 3/11/08 16:57:11:693 EET 00000028 UserRegistryI A SECJ0136I: Custom Registry:com.ibm.ws.security.registry.ldap.LdapReg istryImpl has been initialized 3/11/08 16:57:11:709 EET 00000028 UserRegistryI ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Pb enable Security with ActiveDirectory

  1. Pb enable Security with ActiveDirectory

    Hello all,



    I'm trying to enable global security in WAS 6.0.2.23 with active directory.

    This errors occurs in the Dmgr logs file:



    3/11/08 16:57:11:693 EET 00000028 UserRegistryI A SECJ0136I: Custom Registry:com.ibm.ws.security.registry.ldap.LdapReg istryImpl has been initialized

    3/11/08 16:57:11:709 EET 00000028 UserRegistryI A SECJ0136I: Custom Registry:com.ibm.ws.security.registry.ldap.LdapReg istryImpl has been initialized

    3/11/08 16:57:11:709 EET 00000028 LdapRegistryI E SECJ0352E: Could not get the users matching the pattern wasadmin because of the following exception {1}.

    3/11/08 16:57:11:709 EET 00000028 LdapRegistryI E SECJ0336E: Authentication failed for user wasadmin because of the following exception {1}

    3/11/08 16:57:11:709 EET 00000028 SecurityAdmin E SECJ0297E: Error checking password for user :wasadmin. The exception is <malformed parameter>.

    3/11/08 16:57:11:709 EET 00000028 ConnectToRunt E SECG0002E: An exception occurred in ConnectToRuntime when the server checked the password for user: wasadmin. The exception is <malformed parameter>.

    3/11/08 16:57:11:709 EET 00000028 SecurityValid E SECG0021E: An exception occurred while validating security configuration values: com.ibm.ws.console.security.ConnectToRuntimeExcept ion: null nested exception is com.ibm.websphere.security.CustomRegistryException : LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece

    at com.ibm.ws.console.security.ConnectToRuntime.authe nticate(ConnectToRuntime.java:122)

    at com.ibm.ws.console.security.SecurityValidation.run timeCheck(SecurityValidation.java:298)

    at com.ibm.ws.console.security.SecurityValidation.val idate(SecurityValidation.java:259)

    at com.ibm.ws.console.security.SecurityDetailAction.e xecute(SecurityDetailAction.java:188)

    at org.apache.struts.action.RequestProcessor.processA ctionPerform(RequestProcessor.java:484)

    at org.apache.struts.action.RequestProcessor.process( RequestProcessor.java:275)

    at org.apache.struts.action.ActionServlet.process(Act ionServlet.java:1486)

    at org.apache.struts.action.ActionServlet.doPost(Acti onServlet.java:528)

    at javax.servlet.http.HttpServlet.service(HttpServlet .java:763)

    at javax.servlet.http.HttpServlet.service(HttpServlet .java:856)

    at com.ibm.ws.webcontainer.servlet.ServletWrapper.ser vice(ServletWrapper.java:1577)

    at com.ibm.ws.webcontainer.servlet.ServletWrapper.ser vice(ServletWrapper.java:1521)

    at com.ibm.ws.webcontainer.filter.WebAppFilterChain.d oFilter(WebAppFilterChain.java:136)

    at com.ibm.ws.console.core.servlet.WSCUrlFilter.conti nueStoringTaskState(WSCUrlFilter.java:311)

    at com.ibm.ws.console.core.servlet.WSCUrlFilter.doFil ter(WSCUrlFilter.java:185)

    at com.ibm.ws.webcontainer.filter.FilterInstanceWrapp er.doFilter(FilterInstanceWrapper.java:142)

    at com.ibm.ws.webcontainer.filter.WebAppFilterChain.d oFilter(WebAppFilterChain.java:121)

    at com.ibm.ws.webcontainer.filter.WebAppFilterChain._ doFilter(WebAppFilterChain.java:82)

    at com.ibm.ws.webcontainer.servlet.ServletWrapper.han dleRequest(ServletWrapper.java:759)

    at com.ibm.ws.webcontainer.servlet.CacheServletWrappe r.handleRequest(CacheServletWrapper.java:89)

    at com.ibm.ws.webcontainer.WebContainer.handleRequest (WebContainer.java:1936)

    at com.ibm.ws.webcontainer.channel.WCChannelLink.read y(WCChannelLink.java:114)

    at com.ibm.ws.http.channel.inbound.impl.HttpInboundLi nk.handleDiscrimination(HttpInboundLink.java:472)

    at com.ibm.ws.http.channel.inbound.impl.HttpInboundLi nk.handleNewInformation(HttpInboundLink.java:411)

    at com.ibm.ws.http.channel.inbound.impl.HttpICLReadCa llback.complete(HttpICLReadCallback.java:101)

    at com.ibm.ws.tcp.channel.impl.WorkQueueManager.reque stComplete(WorkQueueManager.java:566)

    at com.ibm.ws.tcp.channel.impl.WorkQueueManager.attem ptIO(WorkQueueManager.java:619)

    at com.ibm.ws.tcp.channel.impl.WorkQueueManager.worke rRun(WorkQueueManager.java:952)

    at com.ibm.ws.tcp.channel.impl.WorkQueueManager$Worke r.run(WorkQueueManager.java:1039)

    at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.j ava:1471)


    I have any idea why this errors occurs. It's the first time with ActiveDirectory. There is any recommendation or optimisations?



    My User "wasadmin" is administrator in AD. I fill in the complete id in the WAS LDAP config (like cn=wasadmin,OU=...,DC=...,DC=... in the Bind Distinguished name and DC=...,DC=... in the Base Distinguished name).



    Any idea ?



    Thanks a lot.


  2. Re: Pb enable Security with ActiveDirectory

    I resolved my problem.



    For ActiveDirectory configuration, I fill in "wasadmin@<domaine name>" in the BindDistinguished name and not the "cn=wasadmin,OU=...,DC=..." string.



    Thanks to me!

  3. Re: Pb enable Security with ActiveDirectory

    Looking at the
    00000028 SecurityAdmin E SECJ0297E: Error checking password for
    user :wasadmin. The exception is <malformed parameter>.

    I will double check the password.
    Regards,
    Gabriel



    On Mar 11, 11:42 am, NkWas wrote:
    > Hello all,

    >

    > I'm trying to enable global security in WAS 6.0.2.23 with active directory.

    > This errors occurs in the Dmgr logs file:

    >

    > 3/11/08 16:57:11:693 EET 00000028 UserRegistryI A SECJ0136I: Custom Registry:com.ibm.ws.security.registry.ldap.LdapReg istryImpl has been initialized

    > 3/11/08 16:57:11:709 EET 00000028 UserRegistryI A SECJ0136I: Custom Registry:com.ibm.ws.security.registry.ldap.LdapReg istryImpl has been initialized

    > 3/11/08 16:57:11:709 EET 00000028 LdapRegistryI E SECJ0352E: Could not get the users matching the pattern wasadmin because of the following exception {1}.

    > 3/11/08 16:57:11:709 EET 00000028 LdapRegistryI E SECJ0336E: Authentication failed for user wasadmin because of the following exception {1}

    > 3/11/08 16:57:11:709 EET 00000028 SecurityAdmin E SECJ0297E: Error checking password for user :wasadmin. The exception is <malformed parameter>.

    > 3/11/08 16:57:11:709 EET 00000028 ConnectToRunt E SECG0002E: An exception occurred in ConnectToRuntime when the server checked the password for user: wasadmin. The exception is <malformed parameter>.

    > 3/11/08 16:57:11:709 EET 00000028 SecurityValid E SECG0021E: An exception occurred while validating security configuration values: com.ibm.ws.console.security.ConnectToRuntimeExcept ion: null nested exception is com.ibm.websphere.security.CustomRegistryException : LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece

    > at com.ibm.ws.console.security.ConnectToRuntime.authe nticate(ConnectToRuntime.java:122)

    > at com.ibm.ws.console.security.SecurityValidation.run timeCheck(SecurityValidation.java:298)

    > at com.ibm.ws.console.security.SecurityValidation.val idate(SecurityValidation.java:259)

    > at com.ibm.ws.console.security.SecurityDetailAction.e xecute(SecurityDetailAction.java:188)

    > at org.apache.struts.action.RequestProcessor.processA ctionPerform(RequestProcessor.java:484)

    > at org.apache.struts.action.RequestProcessor.process( RequestProcessor.java:275)

    > at org.apache.struts.action.ActionServlet.process(Act ionServlet.java:1486)

    > at org.apache.struts.action.ActionServlet.doPost(Acti onServlet.java:528)

    > at javax.servlet.http.HttpServlet.service(HttpServlet .java:763)

    > at javax.servlet.http.HttpServlet.service(HttpServlet .java:856)

    > at com.ibm.ws.webcontainer.servlet.ServletWrapper.ser vice(ServletWrapper.java:1577)

    > at com.ibm.ws.webcontainer.servlet.ServletWrapper.ser vice(ServletWrapper.java:1521)

    > at com.ibm.ws.webcontainer.filter.WebAppFilterChain.d oFilter(WebAppFilterChain.java:136)

    > at com.ibm.ws.console.core.servlet.WSCUrlFilter.conti nueStoringTaskState(WSCUrlFilter.java:311)

    > at com.ibm.ws.console.core.servlet.WSCUrlFilter.doFil ter(WSCUrlFilter.java:185)

    > at com.ibm.ws.webcontainer.filter.FilterInstanceWrapp er.doFilter(FilterInstanceWrapper.java:142)

    > at com.ibm.ws.webcontainer.filter.WebAppFilterChain.d oFilter(WebAppFilterChain.java:121)

    > at com.ibm.ws.webcontainer.filter.WebAppFilterChain._ doFilter(WebAppFilterChain.java:82)

    > at com.ibm.ws.webcontainer.servlet.ServletWrapper.han dleRequest(ServletWrapper.java:759)

    > at com.ibm.ws.webcontainer.servlet.CacheServletWrappe r.handleRequest(CacheServletWrapper.java:89)

    > at com.ibm.ws.webcontainer.WebContainer.handleRequest (WebContainer.java:1936)

    > at com.ibm.ws.webcontainer.channel.WCChannelLink.read y(WCChannelLink.java:114)

    > at com.ibm.ws.http.channel.inbound.impl.HttpInboundLi nk.handleDiscrimination(HttpInboundLink.java:472)

    > at com.ibm.ws.http.channel.inbound.impl.HttpInboundLi nk.handleNewInformation(HttpInboundLink.java:411)

    > at com.ibm.ws.http.channel.inbound.impl.HttpICLReadCa llback.complete(HttpICLReadCallback.java:101)

    > at com.ibm.ws.tcp.channel.impl.WorkQueueManager.reque stComplete(WorkQueueManager.java:566)

    > at com.ibm.ws.tcp.channel.impl.WorkQueueManager.attem ptIO(WorkQueueManager.java:619)

    > at com.ibm.ws.tcp.channel.impl.WorkQueueManager.worke rRun(WorkQueueManager.java:952)

    > at com.ibm.ws.tcp.channel.impl.WorkQueueManager$Worke r.run(WorkQueueManager.java:1039)

    > at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.j ava:1471)

    >


    > I have any idea why this errors occurs. It's the first time with ActiveDirectory. There is any recommendation or optimisations?

    >

    > My User "wasadmin" is administrator in AD. I fill in the complete id in the WAS LDAP config (like cn=wasadmin,OU=...,DC=...,DC=... in the Bind Distinguished name and DC=...,DC=... in the Base Distinguished name).

    >

    > Any idea ?

    >

    > Thanks a lot.



+ Reply to Thread