It's all about the answers!

Ask a question
QuestionsTagsUsersBadges
Guidelines | FAQ
Follow this question
Question details

×42,848
×88
×13
×2

question asked: Oct 31 '16, 5:24 a.m.
question was seen: 4,134 times
last updated: Oct 31 '16, 8:46 a.m.

Related questions

LDAP not working correct with blue pages after migration from CLM 5.0.2 to CLM 6.0.2

0
Torsten Welk (341710) | asked Oct 31 '16, 5:24 a.m.
Hi,

I have seen
https://jazz.net/wiki/bin/view/Deployment/EnableLibertyRTCServerDebugMode
https://www.ibm.com/support/knowledgecenter/was_beta_liberty/com.ibm.websphere.wlp.nd.multiplatform.doc/ae/twlp_sec_ldap.html
...
After modifing the server.xml and conf/ldapUserRegistry.xml
...
        <idsFilters
        groupFilter="(&amp;(cn=%v)(|(objectclass=groupOfNames)(objectclass=posixGroup)))"
        groupIdMap="*:cn"
        groupMemberIdMap="*:uniquemember"
        userFilter="(preferredIdentity=%v)"
        userIdMap="*:preferredIdentity">
        </idsFilters>
...
I am not able to login.

I tried log login with 1) an unknow user 2) a known user with worng password and 3) known user with correct password.
For me it looks that in the third case the user was correct identified.

Any idea ?

In all cases I see


See the log from
>>>> unknown user
[10/31/16 9:59:48:154 CET] 0000007f com.ibm.ws.session.WASSessionCore                            W Detected JSESSIONID with invalid length; expected length of 23, found 28, setting: 566EDA4000C1DC454D4422F34DC0 to null.
[10/31/16 9:59:48:354 CET] 0000007f com.ibm.ws.security.wim.registry.util.LoginBridge            E CWIML4537E: The login operation could not be completed. The specified principal name twelk is not found in the back-end repository.
[10/31/16 9:59:48:354 CET] 0000007f y.authentication.jaas.modules.UsernameAndPasswordLoginModule A CWWKS1100A: Authentication did not succeed for user ID twelk. An invalid user ID or password was specified.
[10/31/16 9:59:48:363 CET] 000000e5 com.ibm.ws.session.WASSessionCore                            W Detected JSESSIONID with invalid length; expected length of 23, found 28, setting: 566EDA4000C1DC454D4422F34DC0 to null.
<<<< unknown user
>>>> known user with wrong password
[10/31/16 10:00:17:980 CET] 00000081 com.ibm.ws.session.WASSessionCore                            W Detected JSESSIONID with invalid length; expected length of 23, found 28, setting: 566EDA4000C1DC454D4422F34DC0 to null.
[10/31/16 10:00:18:557 CET] 00000081 com.ibm.ws.security.wim.registry.util.LoginBridge            E CWIML4529E: The login operation could not be completed. The password verification for the Torsten.Welk@de.ibm.com principal name failed. Root cause: javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]; resolved object com.sun.jndi.ldap.LdapCtx@28019e01. Specify the principal name and the password correctly and check that the account is enabled and not locked.
[10/31/16 10:00:18:557 CET] 00000081 y.authentication.jaas.modules.UsernameAndPasswordLoginModule A CWWKS1100A: Authentication did not succeed for user ID Torsten.Welk@de.ibm.com. An invalid user ID or password was specified.
[10/31/16 10:00:18:564 CET] 0000003b com.ibm.ws.session.WASSessionCore                            W Detected JSESSIONID with invalid length; expected length of 23, found 28, setting: 566EDA4000C1DC454D4422F34DC0 to null.
<<<< known user with wrong password
>>>> known user with correct password
[10/31/16 10:00:48:633 CET] 0000009b com.ibm.ws.session.WASSessionCore                            W Detected JSESSIONID with invalid length; expected length of 23, found 28, setting: 566EDA4000C1DC454D4422F34DC0 to null.
[10/31/16 10:00:52:472 CET] 00000051 com.ibm.ws.session.WASSessionCore                            W Detected JSESSIONID with invalid length; expected length of 23, found 28, setting: 566EDA4000C1DC454D4422F34DC0 to null.
<<<< known user with correct password

Accepted answer

0
permanent link
Isabel Murakami (3811615) | answered Oct 31 '16, 6:33 a.m.
Hello,

I do suppose your user search is starting from the wrong place. Are you using ou=bluepages,o=ibm.com ?
I will contact internally to give some tips about our configuration.



Torsten Welk selected this answer as the correct answer

One other answer

Most liked answers ↑|Newest answers|Oldest answers

0
permanent link
Torsten Welk (341710) | answered Oct 31 '16, 8:46 a.m.
Found it.
userFilter should look like this for me
userFilter="(&amp;(preferredidentity=%v)(objectclass=person))"

   <ldapRegistry
        id="bluepages.ibm.com:389"
        baseDN="o=ibm.com"
        host="bluepages.ibm.com"
        ignoreCase="false"
        ldapType="IBM Tivoli Directory Server"
        port="389"
        realm="bluepages.ibm.com:389"
        recursiveSearch="true"
        sslEnabled="false">
       <idsFilters
        groupFilter="(&amp;(cn=%v)(|(objectclass=groupOfUniqueNames)(objectclass=posixGroup)))"
        groupIdMap="*:cn"
        groupMemberIdMap="*:uniquemember"
        userFilter="(&amp;(preferredidentity=%v)(objectclass=person))"
        userIdMap="*:preferredidentity">
        </idsFilters>
    </ldapRegistry>


Your answer

Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.