Direkt zum Hauptbereich

Posts

Posts mit dem Label "ldap" werden angezeigt.

removing my old ACLs from an obsolete WebSphere Portal Server's external authorization

Problem I want to delete the old WPS... ACLs from the old WebSphere Portal Server external authorization, which are not needed anymore. (Note: It was no problem to delete the object /WPS.) But I cannot modify/delete or even show the ACLs in pdadmin or WPM. In pdadmin I cannot see any ACL Entry on the object or on the ACL, but in a pdacld_dump I can see ACL entries for Groups and Users (Principals). I'm getting always: Could not perform the administration request Error: HPDAC1050E Operation is not authorized. (status 0x1005b41a) pdadmin sec_master> acl show WPS_PORTLET_DEFINITION_MCO-directory-Search_3_0_1O9-User ACL Name: WPS_PORTLET_DEFINITION_MCO-directory-Search_3_0_1O9-User Description: ACL for WP rolePORTLET_DEFINITION/MCO directory Search/3_0_1O9@User Entries: ---------> no ACLEntry can be seen I did a pdacld_dump on the PD from the PolicyDirector/db/master_authzn.db: /opt/PolicyDirector/sbin/pdacld_dump -f /var/PolicyDirector/db/master_authzn.db > /opt/install/...
1 Kommentar
Mehr anzeigen

LDAP: no mechanism available: No worthy mechs found

[root@SRV7127 V6.1]# ldapsearch -h localhost -p 389 -b "" -s base objectclass=* ldap_sasl_interactive_bind_s: Unknown authentication method (-6) additional info: SASL(-4): no mechanism available: No worthy mechs found [root@SRV7127 V6.1]# which ldapsearch /usr/bin/ldapsearch Use other ldapsearch: # /opt/ibm/ldap/V6.1/bin/ldapsearch -h localhost -p 389 -b "" -s base objectclass=*
Kommentar veröffentlichen
Mehr anzeigen

WebSphere Application Server LDAP: The administrative user ID does not exist in the user repository.

When you try to enable global security with ldap authentication you get the following error when configuring your ldap repository (IBM Directory Server): The administrative user ID does not exist in the user repository. Reason: The bind user must be searchable. This means that an ldapsearch with this user as bind user must return his own entry. If this does not work, you have to add an aclEntry: vi change-was7101-aclentry.ldif dn: uid=was7101,cn=mygroup,cn=admusr,o=mycomp aclentry: access-id:UID=WAS7101,CN=MYGROUP,CN=ADMUSR,O=MYCOMP:normal:rsc $ ldapmodify -h myhost -x -D "cn=root" -w ******* -f change-was7101-aclentry.ldif modifying entry "uid=was7101,cn=mygroup,cn=admusr,o=mycomp" Now user was7101 can do an ldapsearch to find itself and therefore you can use it to configure you LDAP repository. This article gave me the hint: http://www-01.ibm.com/support/docview.wss?rs=767&uid=swg21219253
1 Kommentar
Mehr anzeigen