Direkt zum Hauptbereich

DPWWA1203E Permission denied // DPWAD0312E Object list failed: Forbidden

cmd> server task cnt-1a-webseald-hst7127 create -f -t tcp -h -v hst7105 -p 80 -w /ICB
DPWWA1203E Permission denied

pdadmin sec_master> object list /WebSEAL/hst7127-cnt-1a
DPWAD0312E Object list failed: Forbidden

The reason for this behaviour was that somehow my container /WebSEAL in the object space got the ACL default-root instead of default-webseal by the installation.

pdadmin sec_master> object listandshow /WebSEAL
Name: /WebSEAL/hst7127-cnt-1a
Description: WebSEAL Server Object
Type: 5 (Junction)
Is Policy Attachable: Yes
Extended Attributes:
Attached ACL:
Attached POP:
Attached AuthzRule:

Effective Extended Attributes:
Effective ACL: default-root
Effective POP:
Effective AuthzRule:

Name: /WebSEAL/hst7127-mas-01
Description: WebSEAL Server Object
Type: 5 (Junction)
Is Policy Attachable: Yes
Extended Attributes:
Attached ACL:
Attached POP:
Attached AuthzRule:

Effective Extended Attributes:
Effective ACL: default-root
Effective POP:
Effective AuthzRule:


I fixed it simply with:

pdadmin sec_master> acl attach /WebSEAL default-webseal

pdadmin sec_master> object listandshow /WebSEAL
Name: /WebSEAL/hst7127-cnt-1a
Description: WebSEAL Server Object
Type: 5 (Junction)
Is Policy Attachable: Yes
Extended Attributes:
Attached ACL:
Attached POP:
Attached AuthzRule:

Effective Extended Attributes:
Effective ACL: default-webseal
Effective POP:
Effective AuthzRule:

Name: /WebSEAL/hst7127-mas-01
Description: WebSEAL Server Object
Type: 5 (Junction)
Is Policy Attachable: Yes
Extended Attributes:
Attached ACL:
Attached POP:
Attached AuthzRule:

Effective Extended Attributes:
Effective ACL: default-webseal
Effective POP:
Effective AuthzRule:

Since I do not know why it happened and what else went wrong, I have a bad feeling. Did anybody get the same problem?






___
Labels:

Kommentare

Kommentar veröffentlichen

Beliebte Posts aus diesem Blog

How to delete WebSEAL servers which have not been configured correctly.

Problem: The WebSEAL server list in the pdadmin: pdadmin> server list shows the server, but it does not exist anymore, i.e. because the host has been disassembled without unconfiguring the WebSEAL instance. Solution: 1.) Delete the instance in the LDAP under: SecAuthority=Default - cn=securitygroup - cn=webseal-servers - cn=secmgrd-servers 2.) Configure the instance again, which will lead to an error, because it seems to be installed already. Configuring WebSEAL instance 'DO-06'...HPDMG0453E A server with the same name already exists.DPWCF0473E The WebSEAL instance 'DO-06' failed to configure. 3.) Unconfigure the instance, which will show errors, but remove the instance totally. # amwebcfg -action unconfig -inst_name DO-06 -admin_id sec_master -admin_pwd ********* Unconfiguring WebSEAL instance 'DO-06'... 2008-10-28-15:30:10.158+01:00I----- 0x389D51F2 amwebcfg ERROR wcf Error WebCfgAdminApi.cpp 84 0x002198d0 DPWCF0498E The user 'DO-06-webseald/srv1252...
Kommentar veröffentlichen
Mehr anzeigen

Error: HPDMG0764E An internal error has occurred. (status 0x14c012fc)

Error: HPDMG0764E An internal error has occurred. (status 0x14c012fc) pdadmin sec_master> user create dg1234 uid=dg1234,cn=team1,cn=users,o=company lala lala ********** Could not perform the administration request Error: HPDMG0764E An internal error has occurred. (status 0x14c012fc) Description: After the upgrade from Policy Director (policy server) V5.1 to V6.0 the errors above occured when trying to write to the registry. Solution: The task of updating the ldap schema did not work well for some reason. After doing it again the errors did not occur again: # ivrgy_tool -d -h ldap_host -p port -D ldap_admin -w pwd schema
Kommentar veröffentlichen
Mehr anzeigen