Jazz Forum Welcome to the Jazz Community Forum Connect and collaborate with IBM Engineering experts and users

Help with Tomcat to Liberty Profile LDAP Migration

Questions
Tags
Users
Badges
Robert Carter
(42938890) Dec 21 '15, 11:21 a.m.
 I have successfully gone through an upgrade from 5.0.2 to 6.0.1.  I am migrating from Tomcat to Liberty profile during the process.  I am now verifying my upgrade and I am unable to login.  It seems to be a problem with the LDAP config settings.

I get the error saying: 
[12/21/15 11:14:26:550 EST] 00000069 com.ibm.ws.security.wim.registry.util.LoginBridge            E CWIML4537E: The login operation could not be completed. The specified principal name rjcar

ter is not found in the back-end repository.

[12/21/15 11:14:26:550 EST] 00000069 y.authentication.jaas.modules.UsernameAndPasswordLoginModule A CWWKS1100A: Authentication did not succeed for user ID rjcarter. An invalid user ID or pas

sword was specified.
I need assistance in checking the LDAP setting.

Original Tomcat Settings: 
<Realm className="org.apache.catalina.realm.JNDIRealm"

roleBase="ou=groups,dc=company,dc=com"

roleName="cn"

roleSearch="(uniqueMember={0})"

roleSubtree="true"

userBase="ou=people,dc=company,dc=com"

userSearch="(cn={0})"

userSubtree="true"

/>
Liberty Profile Settings: 

<ldapRegistry baseDN="dc=company,dc=com"

                  ldapType="Custom"

                  recursiveSearch="true"">  

        <idsFilters groupFilter="(cn=%v)"

                    groupIdMap="*:cn"

                    groupMemberIdMap="ibm-allGroups:member;ibm-allGroups:uniqueMember"

                    userFilter="(cn=%v)"

                    userIdMap="*:cn">

        </idsFilters>

    <customFilters groupIdMap="*:cn"

                   groupMemberIdMap="*:uniqueMember"

                   userIdMap="*:cn"/>

    </ldapRegistry>

Any ideas?

0 votes

Comments
Robert Carter
Dec 21 '15, 12:02 p.m.

I was able to use the IBM ldapsearch utility and get a hit back from from LDAP server.

ldapsearch -b "dc=company,dc=com" -h "ldap.company.com" -p 389 -D "uid=ldapuser,ou=system" -w password "(&(cn=rjcarter)(objectclass=InetOrgPerson))" cn

3 answers
7,019 views
0 votes

Accepted answer

Permanent link
Robert Carter
(42938890) Dec 21 '15, 12:58 p.m.
I fixed this by moving the idsfilters section contents into my customfilter section.
Ralph Schoon selected this answer as the correct answer

0 votes

2 other answers

Permanent link
Mike Delargy
(211) Jan 12 '16, 6:51 p.m.
 Christopher, I was able to get this up over the weekend
https://jazz.net/wiki/bin/view/Deployment/ConfigureLDAPforLibertyProfile
Perhaps it could offer you some guidance.
Mike

2 votes

Permanent link
Christopher Starr
(44419) Jan 07 '16, 7:15 p.m.
Robert, I am having the exact same problem as you had with this question. 
Can you provide more details about what you did, including exactly how you moved the contents of the idsfilters section into your customfilter section? Thanks.

0 votes

Comments
Robert Carter
Jan 13 '16, 9:47 a.m.

Look to Mike's answer for some examples. 

Your answer

Register or log in to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.

Ask a question
Guidelines
FAQ
Search context
Follow this question

By Email: 

Once you sign in you will be able to subscribe for any updates here.

By RSS:

Answers
Answers and Comments
Question details
× 7,507
× 2,357
× 88

Question asked: Dec 21 '15, 11:21 a.m.

Question was seen: 7,019 times

Last updated: Jan 13 '16, 9:47 a.m.

Confirmation Cancel Confirm