It's all about the answers!

Ask a question
QuestionsTagsUsersBadges
Guidelines | FAQ
Follow this question
Question details

×42,877
×7,469
×6,036
×2,351
×88

question asked: Dec 21 '15, 11:21 a.m.
question was seen: 6,906 times
last updated: Jan 13 '16, 9:47 a.m.

Related questions

Help with Tomcat to Liberty Profile LDAP Migration

0
Robert Carter (42928790) | asked Dec 21 '15, 11:21 a.m.
 I have successfully gone through an upgrade from 5.0.2 to 6.0.1.  I am migrating from Tomcat to Liberty profile during the process.  I am now verifying my upgrade and I am unable to login.  It seems to be a problem with the LDAP config settings.

I get the error saying: 
[12/21/15 11:14:26:550 EST] 00000069 com.ibm.ws.security.wim.registry.util.LoginBridge            E CWIML4537E: The login operation could not be completed. The specified principal name rjcar

ter is not found in the back-end repository.

[12/21/15 11:14:26:550 EST] 00000069 y.authentication.jaas.modules.UsernameAndPasswordLoginModule A CWWKS1100A: Authentication did not succeed for user ID rjcarter. An invalid user ID or pas

sword was specified.
I need assistance in checking the LDAP setting.

Original Tomcat Settings: 
<Realm className="org.apache.catalina.realm.JNDIRealm"

roleBase="ou=groups,dc=company,dc=com"

roleName="cn"

roleSearch="(uniqueMember={0})"

roleSubtree="true"

userBase="ou=people,dc=company,dc=com"

userSearch="(cn={0})"

userSubtree="true"

/>
Liberty Profile Settings: 

<ldapRegistry baseDN="dc=company,dc=com"

                  ldapType="Custom"

                  recursiveSearch="true"">  

        <idsFilters groupFilter="(cn=%v)"

                    groupIdMap="*:cn"

                    groupMemberIdMap="ibm-allGroups:member;ibm-allGroups:uniqueMember"

                    userFilter="(cn=%v)"

                    userIdMap="*:cn">

        </idsFilters>

    <customFilters groupIdMap="*:cn"

                   groupMemberIdMap="*:uniqueMember"

                   userIdMap="*:cn"/>

    </ldapRegistry>

Any ideas?
Comments
Robert Carter commented Dec 21 '15, 12:02 p.m.

I was able to use the IBM ldapsearch utility and get a hit back from from LDAP server.

ldapsearch -b "dc=company,dc=com" -h "ldap.company.com" -p 389 -D "uid=ldapuser,ou=system" -w password "(&(cn=rjcarter)(objectclass=InetOrgPerson))" cn

Accepted answer

0
permanent link
Robert Carter (42928790) | answered Dec 21 '15, 12:58 p.m.
I fixed this by moving the idsfilters section contents into my customfilter section.
Ralph Schoon selected this answer as the correct answer

2 other answers

Most liked answers ↑|Newest answers|Oldest answers

2
permanent link
Mike Delargy (211) | answered Jan 12 '16, 6:51 p.m.
 Christopher, I was able to get this up over the weekend
https://jazz.net/wiki/bin/view/Deployment/ConfigureLDAPforLibertyProfile
Perhaps it could offer you some guidance.
Mike
0
permanent link
Christopher Starr (44419) | answered Jan 07 '16, 7:15 p.m.
Robert, I am having the exact same problem as you had with this question. 
Can you provide more details about what you did, including exactly how you moved the contents of the idsfilters section into your customfilter section? Thanks.
Comments
Robert Carter commented Jan 13 '16, 9:47 a.m.

Look to Mike's answer for some examples. 

Your answer

Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.