lookaside attribute getting updated for some users while for othersfailing - Websphere

This is a discussion on lookaside attribute getting updated for some users while for othersfailing - Websphere ; We have integrated WPS6.0.3.1 with AD(enable-security-wmmur-ldap).Also multiple realm enabled. We have a custom lookaside attribute called currentRole in wmmDatabase. Problem is this attribute is getting updated for some users while for others its throwing the following exception. Exception occured during ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: lookaside attribute getting updated for some users while for othersfailing

  1. lookaside attribute getting updated for some users while for othersfailing

    We have integrated WPS6.0.3.1 with AD(enable-security-wmmur-ldap).Also multiple realm enabled.
    We have a custom lookaside attribute called currentRole in wmmDatabase.
    Problem is this attribute is getting updated for some users while for others its throwing the following exception.

    Exception occured during processing: "javax.naming.NoPermissionException: [LDAP: error code 50 - 00002098: SecErr: DSID-03150A45, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0

    What is funny is it is working for half of the users perfectly and for the users it is throwing the above exception.And secondly inspite of being a wmmattribute its trying to update the LDAP.

    I am attaching the trace.log with this mail.

  2. Re: lookaside attribute getting updated for some users while forothers failing

    The "LDAP: error code ..." definitely means that WMM tries to write to the LDAP:

    http://www.ibm.com/support/docview.w...id=swg21295558

    Can we assume that this fails only for users in a certain LDAP? In a certain realm?

    The trace excerpt seems to indicate that attributes tmdsaleschannel1 and tmddesignation1 are being updated, rather than currentRole. Maybe the update fails because of this exception before it even gets to currentRole. If that is the case, then you need to verify the access rights for the bind user on this object in the LDAP. Alternatively, you could change the update so that only the custom attribute in lookaside is updated and these other attributes are not touched.

    Finally, with multiple realms, can we assume you have multiple LDAPs defined? If so, check to see if the configuration files referenced by each LDAP definition are the same. If not, do they map the problematic attributes the same?

    ldapRepository name="wmmLDAP" UUID="LDAP1" ... configurationFile="wmmLDAPServerAttributes.xml"

+ Reply to Thread