maandag 31 december 2007

Websphere Security

Currently I'm trying to port an application from WAS5.1 to WAS6.1. IBM's reputation of problem free migration and well supported and ducumented migration plans once again proves to be below the imaginary. The problem I run into lately was security: I ported over the settings for the ldap server. However that did not work out well, I even managed to cut of the branch I was sitting: I could not start the server anymore, and there for I could not modify the settings I just applied. The server quit with:

[31-12-07 12:06:23:222 CET] 0000000a ServiceLogger I com.ibm.ws.ffdc.IncidentStreamImpl resetIncidentStream FFDC0010I: FFDC closed incident stream file c:\Program Files\IBM\WebSphere\AppServer\profiles\profile1\logs\ffdc\server1_0000000a_07.12.31_12.06.23_6.txt
[31-12-07 12:06:23:191 CET] 0000000a ContextManage E SECJ0270E: Failed to get actual credentials. The exception is javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object]; remaining name ''
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3025)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2946)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2752)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1823)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1746)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:383)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:353)

Turned out that the copy paste action of the groupMemberId (advanced properties under ldap settings) from nsRole:nsRole to groupOfUniqueNames:uniqueMember was one bridge to far.
Gepost door op Geen opmerkingen:

donderdag 27 december 2007

websphere act as part of local os.

Currently fighting with WAS 6.1, security. The manual (http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/index.jsp?topic=/com.ibm.websphere.nd.doc/info/ae/ae/tsec_localos.html) states: Act as part of the operating system.
Which is quite easy according to MS: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\.
Unfortunately this option is disabled under my account @ work. However secpol.msc does get me there.
To stop mcafee do: net stop mcshield
Gepost door op Geen opmerkingen:
Abonneren op: Posts (Atom)