IBM WebSphere Portal : Issues faced while configure Federated LDAP Repositories (non-SSL)


Issues faced while configuring the federated repository

  1. Have executed "was-change-admin" without creating the portal user in the LDAP, caused build failure
  2. If you are creating user using some UI (like softerra) and when you select the template , make sure to select the "Internet Organizational Person" (this template has the "uid" as relative distinguished name (RDN) instead of "cn") and for creating the select "group of uniquenames" as template
  3.  Failed while running Configuration Engine task 'wp-change-portal-admin-user'

com.ibm.websphere.management.exception.ConfigServiceException: javax.management.JMRuntimeException: ADMN0022E: Access is denied for the resolve operation on Con
figService MBean because of insufficient or empty credentials.
        at com.ibm.websphere.management.configservice.ConfigServiceProxy.resolve(ConfigServiceProxy.java:477)
        at com.ibm.wkplc.was.registry.AdminConfigRegistry.getExistingRegistry(AdminConfigRegistry.java:104)
        at com.ibm.wkplc.models.compregistry.ResourceWidget.loadRegistryFromWAS(ResourceWidget.java:200)
        at com.ibm.wkplc.models.compregistry.GenerateNodeRegistryXML.cacheWASRegistry(GenerateNodeRegistryXML.java:243)
        at com.ibm.wkplc.models.compregistry.RegistryHelper.getWasRegistry(RegistryHelper.java:132)
        at com.ibm.wps.config.ConfigEngine.loadRegistry(ConfigEngine.java:1250)
        at com.ibm.wps.config.ConfigEngine.process(ConfigEngine.java:707)
        at com.ibm.wps.config.ConfigEngine.main(ConfigEngine.java:247)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:48)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
        at java.lang.reflect.Method.invoke(Method.java:600)
        at com.ibm.ws.bootstrap.WSLauncher.main(WSLauncher.java:260)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:48)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
        at java.lang.reflect.Method.invoke(Method.java:600)
        at com.ibm.wps.config.launch.ConfigEngineLauncher.process(ConfigEngineLauncher.java:269)
        at com.ibm.wps.config.launch.ConfigEngineLauncher.main(ConfigEngineLauncher.java:311)
Caused by: javax.management.JMRuntimeException: ADMN0022E: Access is denied for the resolve operation on ConfigService MBean because of insufficient or empty cr
edentials.
        at com.ibm.ws.management.connector.soap.SOAPConnectorClient.handleAdminFault(SOAPConnectorClient.java:933)
        at com.ibm.ws.management.connector.soap.SOAPConnectorClient.invokeTemplateOnce(SOAPConnectorClient.java:901)
        at com.ibm.ws.management.connector.soap.SOAPConnectorClient.invokeTemplate(SOAPConnectorClient.java:667)
        at com.ibm.ws.management.connector.soap.SOAPConnectorClient.invokeTemplate(SOAPConnectorClient.java:657)
        at com.ibm.ws.management.connector.soap.SOAPConnectorClient.invoke(SOAPConnectorClient.java:643)
        at com.ibm.ws.management.connector.soap.SOAPConnectorClient.invoke(SOAPConnectorClient.java:465)
        at $Proxy0.invoke(Unknown Source)
        at com.ibm.ws.management.AdminClientImpl.invoke(AdminClientImpl.java:224)
        at com.ibm.websphere.management.configservice.ConfigServiceProxy.resolve(ConfigServiceProxy.java:452)
        ... 18 more
com.ibm.websphere.management.exception.ConfigServiceException: javax.management.JMRuntimeException: ADMN0022E: Access is denied for the resolve operation on Con
figService MBean because of insufficient or empty credentials.
        at com.ibm.websphere.management.configservice.ConfigServiceProxy.resolve(ConfigServiceProxy.java:477)
        at com.ibm.wkplc.was.registry.AdminConfigRegistry.getExistingRegistry(AdminConfigRegistry.java:104)
        at com.ibm.wkplc.models.compregistry.ResourceWidget.loadRegistryFromWAS(ResourceWidget.java:200)
        at com.ibm.wkplc.models.compregistry.GenerateNodeRegistryXML.cacheWASRegistry(GenerateNodeRegistryXML.java:243)
        at com.ibm.wkplc.models.compregistry.RegistryHelper.getWasRegistry(RegistryHelper.java:132)
        at com.ibm.wps.config.ConfigEngine.loadRegistry(ConfigEngine.java:1250)
        at com.ibm.wps.config.ConfigEngine.process(ConfigEngine.java:707)
        at com.ibm.wps.config.ConfigEngine.main(ConfigEngine.java:247)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:48)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
        at java.lang.reflect.Method.invoke(Method.java:600)
        at com.ibm.ws.bootstrap.WSLauncher.main(WSLauncher.java:260)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:48)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
        at java.lang.reflect.Method.invoke(Method.java:600)
        at com.ibm.wps.config.launch.ConfigEngineLauncher.process(ConfigEngineLauncher.java:269)
        at com.ibm.wps.config.launch.ConfigEngineLauncher.main(ConfigEngineLauncher.java:311)
Caused by: javax.management.JMRuntimeException: ADMN0022E: Access is denied for the resolve operation on ConfigService MBean because of insufficient or empty cr
edentials.
        at com.ibm.ws.management.connector.soap.SOAPConnectorClient.handleAdminFault(SOAPConnectorClient.java:933)
        at com.ibm.ws.management.connector.soap.SOAPConnectorClient.invokeTemplateOnce(SOAPConnectorClient.java:901)
        at com.ibm.ws.management.connector.soap.SOAPConnectorClient.invokeTemplate(SOAPConnectorClient.java:667)
        at com.ibm.ws.management.connector.soap.SOAPConnectorClient.invokeTemplate(SOAPConnectorClient.java:657)
        at com.ibm.ws.management.connector.soap.SOAPConnectorClient.invoke(SOAPConnectorClient.java:643)
        at com.ibm.ws.management.connector.soap.SOAPConnectorClient.invoke(SOAPConnectorClient.java:465)
        at $Proxy0.invoke(Unknown Source)
        at com.ibm.ws.management.AdminClientImpl.invoke(AdminClientImpl.java:224)
        at com.ibm.websphere.management.configservice.ConfigServiceProxy.resolve(ConfigServiceProxy.java:452)
        ... 18 more
Registry could not be loaded from WAS using current connection information.
Please verify your WAS connection properties and retry the operation.  Current input:
WasUserId: uid=wasadmin,cn=users,dc=sivavaka,dc=com
WasPassword: PASSWORD_REMOVED
WasRemoteHostName: sivapc.sivavaka.com
WasSoapPort: 8879
CellName: SivaPCCell01
NodeName: SivaPC
Return Value: -1

From Reference

Scenario #5
Conditions:

    WebSphere Application Server administrative user fails to log into the ISC when using the login attribute.
    WebSphere Application Server administrative user fails to log into the ISC when using the full DN (uid=wasadmin,o=ibm).
    WebSphere Portal administrative user login to WebSphere Portal can fail or succeed in this scenario.
    You are not able to choose different LDAP users for your administrative users that are unique across all of the repositories. You want to use the LDAP username(s) that are in conflict with the file registry user.
Resolution:
NOTE: The following resolution will remove the file registry from the federated repository so that there are no longer duplicate entries found for the user(s). If you setting up a non-production environment and want to keep the file registry, the alternative to the following steps would be to rename the user in the file registry so that the login attribute is unique


  1. When I tried to create a user within the portal I have the following errors

EJPSG0015E: Data Backend Problem com.ibm.websphere.wim.exception.WIMApplicationException: CWWIM4508E Virtual member manager failed to write to the 'C:IBMWP72WebSpherewp_profileconfigcellsSivaPCCell01 ileRegistry.xml' file: 'CWWIM6009E All updates must be performed at the deployment manager and not at a managed node.'.
com.ibm.wps.util.DataBackendException: EJPSG0015E: Data Backend Problem com.ibm.websphere.wim.exception.WIMApplicationException: CWWIM4508E Virtual member manager failed to write to the 'C:IBMWP72WebSpherewp_profileconfigcellsSivaPCCell01 ileRegistry.xml' file: 'CWWIM6009E All updates must be performed at the deployment manager and not at a managed node.'.
EJPSG0015E: Data Backend Problem com.ibm.websphere.wim.exception.WIMApplicationException: CWWIM4508E Virtual member manager failed to write to the 'C:IBMWP72WebSpherewp_profileconfigcellsSivaPCCell01 ileRegistry.xml' file: 'CWWIM6009E All updates must be performed at the deployment manager and not at a managed node.'.
CWWIM4508E Virtual member manager failed to write to the 'C:IBMWP72WebSpherewp_profileconfigcellsSivaPCCell01 ileRegistry.xml' file: 'CWWIM6009E All updates must be performed at the deployment manager and not at a managed node.'.
CWWIM6009E All updates must be performed at the deployment manager and not at a managed node.



To ensure that new users and groups are created in your LDAP. Edit the wkplc.properites file in <wp_profile root>/ConfigEngine/properties and set the
following values (these examples are from my own environment. Ensure you use values that match your LDAP environment):

personAccountParent=cn=users,dc=ibm,dc=com
groupParent=cn=groups,dc=ibm,dc=com
personAccountRdnProperties=uid
groupRdnProperties=cn

Execute the following ConfigEngine script to ensure that new users and groups are created in your LDAP:

./ConfigEngine.sh wp-set-entitytypes -DWasPassword=<password>

ConfigEngine.bat wp-set-entitytypes -DWasPassword=wpsadmin

  1. I have changed the realm name from ISC console to "sivatdsldap" instead "defaultWIMFileBasedRealm"

EJPSG0015E: Data Backend Problem com.ibm.websphere.wim.exception.DefaultParentNotFoundException: CWWIM0516E The default parent for 'PersonAccount' entity type cannot be determined. Verify that the configuration for the 'sivatdsrealm' realm is correct.
com.ibm.wps.util.DataBackendException: EJPSG0015E: Data Backend Problem com.ibm.websphere.wim.exception.DefaultParentNotFoundException: CWWIM0516E The default parent for 'PersonAccount' entity type cannot be determined. Verify that the configuration for the 'sivatdsrealm' realm is correct.
EJPSG0015E: Data Backend Problem com.ibm.websphere.wim.exception.DefaultParentNotFoundException: CWWIM0516E The default parent for 'PersonAccount' entity type cannot be determined. Verify that the configuration for the 'sivatdsrealm' realm is correct.
CWWIM0516E The default parent for 'PersonAccount' entity type cannot be determined. Verify that the configuration for the 'sivatdsrealm' realm is correct.


No comments:

Post a Comment