Direkt zum Hauptbereich

How to delete WebSEAL servers which have not been configured correctly.

Problem: The WebSEAL server list in the pdadmin:

pdadmin> server list

shows the server, but it does not exist anymore, i.e. because the host has been disassembled without unconfiguring the WebSEAL instance.

Solution:
1.) Delete the instance in the LDAP under:
SecAuthority=Default
- cn=securitygroup
- cn=webseal-servers
- cn=secmgrd-servers

2.) Configure the instance again, which will lead to an error, because it seems to be installed already.

Configuring WebSEAL instance 'DO-06'...HPDMG0453E
A server with the same name already exists.DPWCF0473E
The WebSEAL instance 'DO-06' failed to configure.


3.) Unconfigure the instance, which will show errors, but remove the instance totally.

# amwebcfg -action unconfig -inst_name DO-06 -admin_id sec_master -admin_pwd *********
Unconfiguring WebSEAL instance 'DO-06'...
2008-10-28-15:30:10.158+01:00I----- 0x389D51F2 amwebcfg ERROR wcf Error WebCfgAdminApi.cpp 84 0x002198d0
DPWCF0498E The user 'DO-06-webseald/srv1252' could not be removed from the group 'securitygroup'. Error message: 'HPDMG0754W The entry was not found. If a user or group is being created, ensure that the Distinguished Name (DN) specified has the correct syntax and is valid.'
2008-10-28-15:30:10.365+01:00I----- 0x389D51F2 amwebcfg ERROR wcf Error WebCfgAdminApi.cpp 84 0x002198d0
DPWCF0498E The user 'DO-06-webseald/srv1252' could not be removed from the group 'webseal-servers'. Error message: 'HPDMG0754W The entry was not found. If a user or group is being created, ensure that the Distinguished Name (DN) specified has the correct syntax and is valid.'
2008-10-28-15:30:10.573+01:00I----- 0x389D51F2 amwebcfg ERROR wcf Error WebCfgAdminApi.cpp 84 0x002198d0DPWCF0498E The user 'DO-06-webseald/srv1252' could not be removed from the group 'secmgrd-servers'. Error message: 'HPDMG0754W The entry was not found. If a user or group is being created, ensure that the Distinguished Name (DN) specified has the correct syntax and is valid.'2008-10-28-15:30:10.788+01:00I----- 0x389D51FC amwebcfg ERROR wcf Error WebCfgAdminApi.cpp 409 0x002198d0
DPWCF0508E The protected object '/WebSEAL/srv1252-DO-06' could not be deleted. Error message: 'HPDAC0458E The protected object name specified was not found in the authorization policy database.'The WebSEAL instance 'DO-06' has been successfully unconfigured.




IBM says this: http://www-01.ibm.com/support/docview.wss?rs=638&uid=swg21106208

Edit: A better is solution is this: http://danimiddleware.blogspot.com/2009/10/how-to-get-rid-of-ghost-servers-in-your.html

Kommentare

Beliebte Posts aus diesem Blog

Error: HPDMG0764E An internal error has occurred. (status 0x14c012fc)

Error: HPDMG0764E An internal error has occurred. (status 0x14c012fc) pdadmin sec_master> user create dg1234 uid=dg1234,cn=team1,cn=users,o=company lala lala ********** Could not perform the administration request Error: HPDMG0764E An internal error has occurred. (status 0x14c012fc) Description: After the upgrade from Policy Director (policy server) V5.1 to V6.0 the errors above occured when trying to write to the registry. Solution: The task of updating the ldap schema did not work well for some reason. After doing it again the errors did not occur again: # ivrgy_tool -d -h ldap_host -p port -D ldap_admin -w pwd schema

WebSphere Application Server LDAP: The administrative user ID does not exist in the user repository.

When you try to enable global security with ldap authentication you get the following error when configuring your ldap repository (IBM Directory Server): The administrative user ID does not exist in the user repository. Reason: The bind user must be searchable. This means that an ldapsearch with this user as bind user must return his own entry. If this does not work, you have to add an aclEntry: vi change-was7101-aclentry.ldif dn: uid=was7101,cn=mygroup,cn=admusr,o=mycomp aclentry: access-id:UID=WAS7101,CN=MYGROUP,CN=ADMUSR,O=MYCOMP:normal:rsc $ ldapmodify -h myhost -x -D "cn=root" -w ******* -f change-was7101-aclentry.ldif modifying entry "uid=was7101,cn=mygroup,cn=admusr,o=mycomp" Now user was7101 can do an ldapsearch to find itself and therefore you can use it to configure you LDAP repository. This article gave me the hint: http://www-01.ibm.com/support/docview.wss?rs=767&uid=swg21219253