Topic
IC4NOTICE: developerWorks Community will be offline May 29-30, 2015 while we upgrade to the latest version of IBM Connections. For more information, read our upgrade FAQ.
7 replies Latest Post - ‏2009-04-22T14:24:06Z by SystemAdmin
SystemAdmin
SystemAdmin
2583 Posts
ACCEPTED ANSWER

Pinned topic Problems witn WSE 2.6 integrating with LDAP

‏2006-06-07T15:45:19Z |
We cleared off WSE 2.5 and installed 2.6, but are having problem. The script that runs to validate the LDAP setup could not find the group wpsadmins in the groups folder.

Has anyone run into this and have any suggestions?

Thanks!

Kris
Updated on 2009-04-22T14:24:06Z at 2009-04-22T14:24:06Z by SystemAdmin
  • SystemAdmin
    SystemAdmin
    2583 Posts
    ACCEPTED ANSWER

    Re: Problems witn WSE 2.6 integrating with LDAP

    ‏2006-06-07T19:23:17Z  in response to SystemAdmin
    Hi

    This would imply that you need to create the WPSADMINS group within your LDAP directory, and ensure that the wpsadmin user ID ( or similar ) is a member of the group. In addition, if you're using Domino as an LDAP server, you should also ensure that the WPSADMINS group and WPSADMIN user have the appropriate Manager authority for the directory.

    Please see: -

    IBM Workplace Services Express 2.5: A Configuration Guide

    http://www.ibm.com/developerworks/workplace/library/d-wp-wseconfigguide

    for further information ( the general procedure is the same for 2.6 as it is for 2.5 ).

    Regards

    Dave Hay
    david_hay@uk.ibm.com
    • SystemAdmin
      SystemAdmin
      2583 Posts
      ACCEPTED ANSWER

      Re: Problems witn WSE 2.6 integrating with LDAP

      ‏2006-06-07T21:03:04Z  in response to SystemAdmin
      Thanks for the feedback. We're not using Domino. We'll take a look at the link. In the meantime, here's the error message we get, if it helps:

      We have the user and group set up the way we are told to do it in active directory on Windows server 2003. We have actually recreated the group, put it in different places etc. in active directory a couple of times and always get the same error message

      Remaining name 'cn=wpsadmins, cn=groups, dc=workstage, dc=local'
      Error 2
      Specified entity does not exist in directory

      Build Failed
      File:../config/actions/validation.xml:469:Error:2
      • SystemAdmin
        SystemAdmin
        2583 Posts
        ACCEPTED ANSWER

        Re: Problems witn WSE 2.6 integrating with LDAP

        ‏2006-06-08T14:09:07Z  in response to SystemAdmin
        Hi,

        Are you sure that the DN of Wpsadmins is good ?
        Normally, without modification the group entities are store in cn=users.

        I suggest that you check that with a LDAP Browser (ADSI Edit in MMC or JXplorer for example).

        Vincent PERRIN
        vperrin@bestware.fr
        IBM Certified System Administrator - Administering IBM Workplace Services Express 2.5
        • SystemAdmin
          SystemAdmin
          2583 Posts
          ACCEPTED ANSWER

          Re: Problems witn WSE 2.6 integrating with LDAP

          ‏2009-04-22T14:24:06Z  in response to SystemAdmin
          Thanks,

          With your suggestion i could find my problem.

          In order to help someone in my case i am going to present my problem:
          • I had this error :
          action-validate-ldap-portal-admin-group error the entity does not exist in annuary

          • After a lot of search (look my AD, the filter, the rights), the solution was just because the path was uncorrect.

          I had to replace the default path: cn=wpsadmins,cn=groups,dc=domain,dc=com or fr
          TO
          cn=wpsadmins,cn=users,dc=domain,dc=com or fr
          where cn=users is the location where i can find my group.

          Excuse me for my english ;)
  • SystemAdmin
    SystemAdmin
    2583 Posts
    ACCEPTED ANSWER

    Re: Problems witn WSE 2.6 integrating with LDAP

    ‏2006-06-16T08:03:22Z  in response to SystemAdmin
    Hi!
    I was read "everything" in this article here and in config guides.
    But something wrong in my steps. My config is WSE 2.6 on a Linux box, AD in Win 2003 standard server. With config wizard I was disabled the security, then run again to "enable LDAP ... Ms AD". The wizard is finished with error.
    In Win2k3 security events: wasadmin, portaladmin, ldapbind users are logged in successfully.
    In the end of configwizard.log:
    [i]wsadmin Validation success. Configuration saved.
    logmsg 2006.06.15 14:49:51.701 action-cfg-was-security-ldap
    logmsg EJPC3050I LDAP security stopped.

    action-check-was-uid:
    checkpropertyvalue Property WasUserid was set to cn=wsadmin,cn=users,dc=teszt-2k3,dc=none,dc=local

    set-instance-properties:

    action-stop-portal-server-secure:
    logmsg 2006.06.15 14:49:52.240 stop-portal-server-secure
    logmsg EJPC3063I "WebSphere_Portal" prtal server stopping.

    iseries-switch-back:
    exec ADMU0116I: Tool information is being logged in file
    exec /IBM/AppServer/logs/WebSphere_Portal/stopServer.log
    exec ADMU3100I: Reading configuration for server: WebSphere_Portal
    exec ADMU0509I: The server "WebSphere_Portal" cannot be reached. It appears to be
    exec stopped.
    exec ADMU0211I: Error details may be seen in the file:
    exec /IBM/AppServer/logs/WebSphere_Portal/stopServer.log

    iseries-switch-to-was-user:

    action-stop-portal-server-insecure:

    stop-portal-server:

    set-instance-properties:

    action-start-portal-server-iseries:

    start-portal-server:
    logmsg 2006.06.15 14:50:00.017 start-portal-server
    logmsg EJPC3060I "WebSphere_Portal" server starting.

    exec ADMU0116I: Tool information is being logged in file
    exec /IBM/AppServer/logs/WebSphere_Portal/startServer.log
    exec ADMU3100I: Reading configuration for server: WebSphere_Portal
    exec ADMU3200I: Server launched. Waiting for initialization status.
    [b] exec ADMU3011E: Server launched but failed initialization. Server log files should
    exec contain failure information.[/b]

    action-create-deployment-credentials:
    xmlaccess java.net.ConnectException: The connection refused
    ldapcheck Checking for ''
    ldapcheck Checking for 'cn=portaladmins,cn=users,dc=teszt-2k3,dc=none,dc=local'
    exec Result: 246
    exec Result: 255
    xmlaccess XMLA0006I: Connecting to URL http://wse.mvhrt.hu:9081/lwp/config
    xmlaccess XMLA0002I: Reading input file /IBM/PortalServer/config/work/createDeploymentCredentials.xml

    BUILD FAILED
    file:../config/actions/wps_cfg.xml:319: XMLA0016E: An error occurred on the client: The conection refused

    Total time: 3 minutes 50 seconds[/i]

    The startserver.log:
    [i]Host Operating System is Linux, version 2.6.12-12mdk
    Java version = J2RE 1.3.1 IBM build cxia32131-20051021 (SR9) (JIT enabled: jitc), Java Compiler = jitc, Java VM name = Classic VM
    was.install.root = /IBM/AppServer
    user.install.root = null
    Java Home = /IBM/AppServer/java/jre
    ws.ext.dirs = /IBM/AppServer/java/lib:/IBM/AppServer/classes:/IBM/AppServer/lib:/IBM/AppServer/lib/ext:/IBM/AppServer/web/help:/IBM/AppServer/deploytool/itp/p
    Classpath = /IBM/AppServer/properties:/IBM/AppServer/lib/bootstrap.jar:/IBM/AppServer/lib/j2ee.jar:/IBM/AppServer/lib/lmproxy.jar:/IBM/AppServer/lib/urlprotoc
    Java Library path = /IBM/AppServer/java/jre/bin:/IBM/AppServer/java/jre/bin/classic:/IBM/AppServer/bin:/opt/mqm/java/lib:/opt/wemps/lib:/IBM/AppServer/lib:/IB
    Current trace specification = *=all=disabled
    • End Display Current Environment *************
    2006.06.15. 14:50:01:346 CEST 3c45bf73 ManagerAdmin I TRAS0017I: The startup trace state is *=all=disabled.
    2006.06.15. 14:50:01:353 CEST 3c45bf73 AdminTool A ADMU3100I: Reading configuration for server: WebSphere_Portal
    2006.06.15. 14:50:04:709 CEST 3c45bf73 AdminTool A ADMU3200I: Server launched. Waiting for initialization status.
    2006.06.15. 14:50:55:279 CEST 3c45bf73 AdminTool A ADMU3011E: Server launched but failed initialization. Server log files should contain failure information.[/i]

    SystemOut.log:
    [i]2006.06.15. 14:50:45:320 CEST 3eeca3e6 UserRegistryI A SECJ0136I: Custom Registry:com.ibm.ws.security.registry.ldap.LdapRegistryImpl has been initialized
    2006.06.15. 14:50:48:331 CEST 3eeca3e6 LdapRegistryI E SECJ0344E: Could not get the groups that the user cn=wsadmin,cn=users,dc=teszt-2k3,dc=none,dc=local b
    elongs to because of the following exception javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001A1, problem 2001 (NO_OBJ
    ECT), data 0, best match of:
    ''
    .];
    ...~~~....
    2006.06.15. 14:50:48:347 CEST 3eeca3e6 LTPAServerObj E SECJ0369E: Authentication failed when using LTPA. The exception is [LDAP: error code 32 - 0000208D: N
    ameErr: DSID-031001A1, problem 2001 (NO_OBJECT), data 0, best match of:
    ''
    .].
    2006.06.15. 14:50:48:379 CEST 3eeca3e6 SASRas E security.JSAS0130E
    2006.06.15. 14:50:48:402 CEST 3eeca3e6 SASRas E security.JSAS0240E
    2006.06.15. 14:50:49:953 CEST 3eeca3e6 LdapRegistryI E SECJ0344E: Could not get the groups that the user cn=wsadmin,cn=users,dc=teszt-2k3,dc=none,dc=local b
    elongs to because of the following exception javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001A1, problem 2001 (NO_OBJ
    ECT), data 0, best match of:[/i]

    The Potral server are stopped and don't start.

    [b]How can I correct this?[/b]
    [i]sorri for my poor english[/i]

    • SystemAdmin
      SystemAdmin
      2583 Posts
      ACCEPTED ANSWER

      Re: Problems witn WSE 2.6 integrating with LDAP

      ‏2006-06-16T19:26:58Z  in response to SystemAdmin
      Hi

      The error in the log that begins with "LDAP: error code 32 - 0000208D: NameErr: DSID-031001A1..." indicates that Active Directory is returning an exception about a missing object. Without the rest of the error message, it is hard to tell you what is missing.

      Do you have the remainder of the error ? This should indicate what the problem is within AD.

      Regards

      Dave Hay
      david_hay@uk.ibm.com
      • SystemAdmin
        SystemAdmin
        2583 Posts
        ACCEPTED ANSWER

        Re: Problems witn WSE 2.6 integrating with LDAP

        ‏2006-06-20T13:29:40Z  in response to SystemAdmin
        Thanks Dave,
        but I think this is the missing information:
        [i]2006.06.15. 14:50:48:331 CEST 3eeca3e6 LdapRegistryI E SECJ0344E:[b] Could not get the groups that the user cn=wsadmin,cn=users,dc=teszt-2k3,dc=none,dc=local belongs to because of the following exception javax.naming.NameNotFoundException:[/b] [LDAP: error code 32 - 0000208D: NameErr: DSID-031001A1, problem 2001 (NO_OBJECT), data 0, best match of:''[/i]

        [b]Maybe there is a missconfigured configwizard?[/b]
        Other idea or experience?

        When I was tested the LDAP (ldapsearch -x -b "cn=users,dc=teszt-2k3,dc=none,dc=local" -D "cn=wsadmin,cn=users,dc=teszt-2k3,dc=none,dc=local" -W -h 10.10.2.4 -p 389), and wrote a wsadmin's password, I give a complete list with the active directory users data.

        Regards

        Xmas