Direkt zum Hauptbereich

DPWWA1203E Permission denied // DPWAD0312E Object list failed: Forbidden

cmd> server task cnt-1a-webseald-hst7127 create -f -t tcp -h -v hst7105 -p 80 -w /ICB
DPWWA1203E Permission denied

pdadmin sec_master> object list /WebSEAL/hst7127-cnt-1a
DPWAD0312E Object list failed: Forbidden

The reason for this behaviour was that somehow my container /WebSEAL in the object space got the ACL default-root instead of default-webseal by the installation.

pdadmin sec_master> object listandshow /WebSEAL
Name: /WebSEAL/hst7127-cnt-1a
Description: WebSEAL Server Object
Type: 5 (Junction)
Is Policy Attachable: Yes
Extended Attributes:
Attached ACL:
Attached POP:
Attached AuthzRule:

Effective Extended Attributes:
Effective ACL: default-root
Effective POP:
Effective AuthzRule:

Name: /WebSEAL/hst7127-mas-01
Description: WebSEAL Server Object
Type: 5 (Junction)
Is Policy Attachable: Yes
Extended Attributes:
Attached ACL:
Attached POP:
Attached AuthzRule:

Effective Extended Attributes:
Effective ACL: default-root
Effective POP:
Effective AuthzRule:


I fixed it simply with:

pdadmin sec_master> acl attach /WebSEAL default-webseal

pdadmin sec_master> object listandshow /WebSEAL
Name: /WebSEAL/hst7127-cnt-1a
Description: WebSEAL Server Object
Type: 5 (Junction)
Is Policy Attachable: Yes
Extended Attributes:
Attached ACL:
Attached POP:
Attached AuthzRule:

Effective Extended Attributes:
Effective ACL: default-webseal
Effective POP:
Effective AuthzRule:

Name: /WebSEAL/hst7127-mas-01
Description: WebSEAL Server Object
Type: 5 (Junction)
Is Policy Attachable: Yes
Extended Attributes:
Attached ACL:
Attached POP:
Attached AuthzRule:

Effective Extended Attributes:
Effective ACL: default-webseal
Effective POP:
Effective AuthzRule:

Since I do not know why it happened and what else went wrong, I have a bad feeling. Did anybody get the same problem?






___
Labels:

Kommentare

Kommentar veröffentlichen

Beliebte Posts aus diesem Blog

Error: HPDMG0764E An internal error has occurred. (status 0x14c012fc)

Error: HPDMG0764E An internal error has occurred. (status 0x14c012fc) pdadmin sec_master> user create dg1234 uid=dg1234,cn=team1,cn=users,o=company lala lala ********** Could not perform the administration request Error: HPDMG0764E An internal error has occurred. (status 0x14c012fc) Description: After the upgrade from Policy Director (policy server) V5.1 to V6.0 the errors above occured when trying to write to the registry. Solution: The task of updating the ldap schema did not work well for some reason. After doing it again the errors did not occur again: # ivrgy_tool -d -h ldap_host -p port -D ldap_admin -w pwd schema
Kommentar veröffentlichen
Mehr anzeigen

WebSphere Application Server LDAP: The administrative user ID does not exist in the user repository.

When you try to enable global security with ldap authentication you get the following error when configuring your ldap repository (IBM Directory Server): The administrative user ID does not exist in the user repository. Reason: The bind user must be searchable. This means that an ldapsearch with this user as bind user must return his own entry. If this does not work, you have to add an aclEntry: vi change-was7101-aclentry.ldif dn: uid=was7101,cn=mygroup,cn=admusr,o=mycomp aclentry: access-id:UID=WAS7101,CN=MYGROUP,CN=ADMUSR,O=MYCOMP:normal:rsc $ ldapmodify -h myhost -x -D "cn=root" -w ******* -f change-was7101-aclentry.ldif modifying entry "uid=was7101,cn=mygroup,cn=admusr,o=mycomp" Now user was7101 can do an ldapsearch to find itself and therefore you can use it to configure you LDAP repository. This article gave me the hint: http://www-01.ibm.com/support/docview.wss?rs=767&uid=swg21219253
1 Kommentar
Mehr anzeigen

How to delete WebSEAL servers which have not been configured correctly.

Problem: The WebSEAL server list in the pdadmin: pdadmin> server list shows the server, but it does not exist anymore, i.e. because the host has been disassembled without unconfiguring the WebSEAL instance. Solution: 1.) Delete the instance in the LDAP under: SecAuthority=Default - cn=securitygroup - cn=webseal-servers - cn=secmgrd-servers 2.) Configure the instance again, which will lead to an error, because it seems to be installed already. Configuring WebSEAL instance 'DO-06'...HPDMG0453E A server with the same name already exists.DPWCF0473E The WebSEAL instance 'DO-06' failed to configure. 3.) Unconfigure the instance, which will show errors, but remove the instance totally. # amwebcfg -action unconfig -inst_name DO-06 -admin_id sec_master -admin_pwd ********* Unconfiguring WebSEAL instance 'DO-06'... 2008-10-28-15:30:10.158+01:00I----- 0x389D51F2 amwebcfg ERROR wcf Error WebCfgAdminApi.cpp 84 0x002198d0 DPWCF0498E The user 'DO-06-webseald/srv1252...
Kommentar veröffentlichen
Mehr anzeigen