Direkt zum Hauptbereich

DPWWA1203E Permission denied // DPWAD0312E Object list failed: Forbidden

cmd> server task cnt-1a-webseald-hst7127 create -f -t tcp -h -v hst7105 -p 80 -w /ICB
DPWWA1203E Permission denied

pdadmin sec_master> object list /WebSEAL/hst7127-cnt-1a
DPWAD0312E Object list failed: Forbidden

The reason for this behaviour was that somehow my container /WebSEAL in the object space got the ACL default-root instead of default-webseal by the installation.

pdadmin sec_master> object listandshow /WebSEAL
Name: /WebSEAL/hst7127-cnt-1a
Description: WebSEAL Server Object
Type: 5 (Junction)
Is Policy Attachable: Yes
Extended Attributes:
Attached ACL:
Attached POP:
Attached AuthzRule:

Effective Extended Attributes:
Effective ACL: default-root
Effective POP:
Effective AuthzRule:

Name: /WebSEAL/hst7127-mas-01
Description: WebSEAL Server Object
Type: 5 (Junction)
Is Policy Attachable: Yes
Extended Attributes:
Attached ACL:
Attached POP:
Attached AuthzRule:

Effective Extended Attributes:
Effective ACL: default-root
Effective POP:
Effective AuthzRule:


I fixed it simply with:

pdadmin sec_master> acl attach /WebSEAL default-webseal

pdadmin sec_master> object listandshow /WebSEAL
Name: /WebSEAL/hst7127-cnt-1a
Description: WebSEAL Server Object
Type: 5 (Junction)
Is Policy Attachable: Yes
Extended Attributes:
Attached ACL:
Attached POP:
Attached AuthzRule:

Effective Extended Attributes:
Effective ACL: default-webseal
Effective POP:
Effective AuthzRule:

Name: /WebSEAL/hst7127-mas-01
Description: WebSEAL Server Object
Type: 5 (Junction)
Is Policy Attachable: Yes
Extended Attributes:
Attached ACL:
Attached POP:
Attached AuthzRule:

Effective Extended Attributes:
Effective ACL: default-webseal
Effective POP:
Effective AuthzRule:

Since I do not know why it happened and what else went wrong, I have a bad feeling. Did anybody get the same problem?






___
Labels:

Kommentare

Kommentar veröffentlichen

Beliebte Posts aus diesem Blog

Error: HPDMG0764E An internal error has occurred. (status 0x14c012fc)

Error: HPDMG0764E An internal error has occurred. (status 0x14c012fc) pdadmin sec_master> user create dg1234 uid=dg1234,cn=team1,cn=users,o=company lala lala ********** Could not perform the administration request Error: HPDMG0764E An internal error has occurred. (status 0x14c012fc) Description: After the upgrade from Policy Director (policy server) V5.1 to V6.0 the errors above occured when trying to write to the registry. Solution: The task of updating the ldap schema did not work well for some reason. After doing it again the errors did not occur again: # ivrgy_tool -d -h ldap_host -p port -D ldap_admin -w pwd schema
Kommentar veröffentlichen
Mehr anzeigen

How to delete WebSEAL servers which have not been configured correctly.

Problem: The WebSEAL server list in the pdadmin: pdadmin> server list shows the server, but it does not exist anymore, i.e. because the host has been disassembled without unconfiguring the WebSEAL instance. Solution: 1.) Delete the instance in the LDAP under: SecAuthority=Default - cn=securitygroup - cn=webseal-servers - cn=secmgrd-servers 2.) Configure the instance again, which will lead to an error, because it seems to be installed already. Configuring WebSEAL instance 'DO-06'...HPDMG0453E A server with the same name already exists.DPWCF0473E The WebSEAL instance 'DO-06' failed to configure. 3.) Unconfigure the instance, which will show errors, but remove the instance totally. # amwebcfg -action unconfig -inst_name DO-06 -admin_id sec_master -admin_pwd ********* Unconfiguring WebSEAL instance 'DO-06'... 2008-10-28-15:30:10.158+01:00I----- 0x389D51F2 amwebcfg ERROR wcf Error WebCfgAdminApi.cpp 84 0x002198d0 DPWCF0498E The user 'DO-06-webseald/srv1252...
Kommentar veröffentlichen
Mehr anzeigen

HPDAZ0602E Corrupted file: Insufficient information to contact a Policy Server.

Solution: Use another Java. I found this at IBM pages: Certain versions of Sun Java are incompatible with tfimcfg. The incompatibility causes the following error: HPDAZ0602E Corrupted file: Insufficient information to contact Policy ServerThe problem occurs because the Sun JRE is unable to read the keystores generated by the Tivoli(R) Access Manager PDJrteCfg. When this error occurs, you should either use an IBM(R) JVM or else apply the latest JRE patches from Sun. If the problem persists after applying the patches from Sun, use an IBM JVM for the configuration. I had the problem unconfiguring the WPM of TAM for e-business. So I used the java in /opt/WebSphere/AppServer: . /opt/WebSphere/AppServer/bin/setupCmdLine.sh
1 Kommentar
Mehr anzeigen