Bind group to community error
After we upgrade our RAM server to 7511 version, now we follow the following steps do binding will cause problem:
1) Use RAM admin user login, visit administration -> communities
2) select the community, in the first "Users" tab, click the button "New User Group"
3) Specify the name and description, click "Create" link beside "Public group"
4) In the popup window, input the "group name' we have created in LDAP before, and click "search"
5) Select the group in the window and click "Bind" button.
error log:
[11/13/12 02:16:01 GMT] CRRAM0001E 1001954584 ERROR web pagecode.error.Error - 3D4C9BF7-96EE-6D82-6CBD-4177D775787B - URL: https://usaxram012ccxra.ccmp.ibm.lab/cloud/enterprise/ram/admin/group/userGroupDetail.faces - javax.faces.FacesException: #{pc_UserGroupDetail.doBindToSearchGroups}: com.ibm.ram.repository.security.CustomUserInformationFactory$CustomUserRegistryException: Error on creating search itr for Search="uid=dummy" Base=""
at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:118)
at javax.faces.component.UICommand.broadcast(UICommand.java:387)
at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:458)
at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:763)
at com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:82)
at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:100)
at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:118)
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1663)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1597)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:131)
at com.ibm.ram.repository.web.security.RAMServletFilter.doFilter(RAMServletFilter.java:529)
at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:188)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:116)
at com.ibm.ram.repository.web.filters.CSRFSecurityFilter.doFilter(CSRFSecurityFilter.java:66)
at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:188)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:116)
at com.ibm.ram.repository.web.filters.JavascriptSecurityFilter.doFilter(JavascriptSecurityFilter.java:29)
at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:188)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:116)
at com.ibm.ram.repository.web.filters.GZipFilter.doFilter(GZipFilter.java:45)
at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:188)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:116)
at com.ibm.ram.repository.web.security.SecureAccessFilter.doFilter(SecureAccessFilter.java:41)
at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:188)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:116)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain._doFilter(WebAppFilterChain.java:77)
at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:908)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:934)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:502)
at com.ibm.ws.webcontainer.servlet.ServletWrapperImpl.handleRequest(ServletWrapperImpl.java:181)
at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:3935)
at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:276)
at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:931)
at com.ibm.ws.webcontainer.WSWebContainer.handleRequest(WSWebContainer.java:1592)
at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:186)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:452)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewRequest(HttpInboundLink.java:511)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.processRequest(HttpInboundLink.java:305)
at com.ibm.ws.http.channel.inbound.impl.HttpICLReadCallback.complete(HttpICLReadCallback.java:83)
at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:165)
at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217)
at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161)
at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:138)
at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:204)
at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:775)
at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:905)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1613)
Caused by: javax.faces.el.EvaluationException: com.ibm.ram.repository.security.CustomUserInformationFactory$CustomUserRegistryException: Error on creating search itr for Search="uid=dummy" Base=""
at com.sun.faces.application.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:102)
at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:102)
... 47 more
Caused by: com.ibm.ram.repository.security.CustomUserInformationFactory$CustomUserRegistryException: Error on creating search itr for Search="uid=dummy" Base=""
at com.ibm.ram.repository.custom.LDAPUserInformationFactory$SearchIterator.<init>(LDAPUserInformationFactory.java:1175)
at com.ibm.ram.repository.custom.LDAPUserInformationFactory.search(LDAPUserInformationFactory.java:1303)
at com.ibm.ram.repository.custom.LDAPUserInformationFactory.search(LDAPUserInformationFactory.java:1096)
at com.ibm.ram.repository.custom.LDAPUserInformationFactory$LDAPGroupInformation$GroupMemberIterator.searchBase(LDAPUserInformationFactory.java:751)
at com.ibm.ram.repository.custom.LDAPUserInformationFactory$LDAPGroupInformation$GroupMemberIterator.flushBases(LDAPUserInformationFactory.java:768)
at com.ibm.ram.repository.custom.LDAPUserInformationFactory$LDAPGroupInformation$GroupMemberIterator.buildSearchItr(LDAPUserInformationFactory.java:706)
at com.ibm.ram.repository.custom.LDAPUserInformationFactory$LDAPGroupInformation$GroupMemberIterator.hasNext(LDAPUserInformationFactory.java:611)
at com.ibm.ram.repository.security.CustomUserInformationManager$1.synchronize(CustomUserInformationManager.java:788)
at com.ibm.ram.repository.security.UserGroupInstance.synchronize(UserGroupInstance.java:1472)
at com.ibm.ram.repository.security.CustomUserInformationManager.updateRAMGroup(CustomUserInformationManager.java:779)
at pagecode.admin.group.UserGroupDetail.bindToExternalGroup(UserGroupDetail.java:699)
at pagecode.admin.group.UserGroupDetail.doBindToSearchGroups(UserGroupDetail.java:712)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:48)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:600)
at org.apache.el.parser.AstValue.invoke(AstValue.java:159)
at org.apache.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:276)
at com.sun.faces.application.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:88)
... 48 more
Caused by: javax.naming.OperationNotSupportedException: [LDAP: error code 53 - Unwilling To Perform]; Remaining name: '/'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3140)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3013)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2820)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1829)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1752)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)
at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:222)
at com.ibm.ram.repository.custom.LDAPUserInformationFactory$SearchIterator.<init>(LDAPUserInformationFactory.java:1157)
... 66 more
1) Use RAM admin user login, visit administration -> communities
2) select the community, in the first "Users" tab, click the button "New User Group"
3) Specify the name and description, click "Create" link beside "Public group"
4) In the popup window, input the "group name' we have created in LDAP before, and click "search"
5) Select the group in the window and click "Bind" button.
error log:
[11/13/12 02:16:01 GMT] CRRAM0001E 1001954584 ERROR web pagecode.error.Error - 3D4C9BF7-96EE-6D82-6CBD-4177D775787B - URL: https://usaxram012ccxra.ccmp.ibm.lab/cloud/enterprise/ram/admin/group/userGroupDetail.faces - javax.faces.FacesException: #{pc_UserGroupDetail.doBindToSearchGroups}: com.ibm.ram.repository.security.CustomUserInformationFactory$CustomUserRegistryException: Error on creating search itr for Search="uid=dummy" Base=""
at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:118)
at javax.faces.component.UICommand.broadcast(UICommand.java:387)
at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:458)
at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:763)
at com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:82)
at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:100)
at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:118)
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1663)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1597)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:131)
at com.ibm.ram.repository.web.security.RAMServletFilter.doFilter(RAMServletFilter.java:529)
at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:188)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:116)
at com.ibm.ram.repository.web.filters.CSRFSecurityFilter.doFilter(CSRFSecurityFilter.java:66)
at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:188)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:116)
at com.ibm.ram.repository.web.filters.JavascriptSecurityFilter.doFilter(JavascriptSecurityFilter.java:29)
at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:188)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:116)
at com.ibm.ram.repository.web.filters.GZipFilter.doFilter(GZipFilter.java:45)
at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:188)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:116)
at com.ibm.ram.repository.web.security.SecureAccessFilter.doFilter(SecureAccessFilter.java:41)
at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:188)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:116)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain._doFilter(WebAppFilterChain.java:77)
at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:908)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:934)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:502)
at com.ibm.ws.webcontainer.servlet.ServletWrapperImpl.handleRequest(ServletWrapperImpl.java:181)
at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:3935)
at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:276)
at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:931)
at com.ibm.ws.webcontainer.WSWebContainer.handleRequest(WSWebContainer.java:1592)
at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:186)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:452)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewRequest(HttpInboundLink.java:511)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.processRequest(HttpInboundLink.java:305)
at com.ibm.ws.http.channel.inbound.impl.HttpICLReadCallback.complete(HttpICLReadCallback.java:83)
at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:165)
at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217)
at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161)
at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:138)
at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:204)
at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:775)
at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:905)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1613)
Caused by: javax.faces.el.EvaluationException: com.ibm.ram.repository.security.CustomUserInformationFactory$CustomUserRegistryException: Error on creating search itr for Search="uid=dummy" Base=""
at com.sun.faces.application.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:102)
at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:102)
... 47 more
Caused by: com.ibm.ram.repository.security.CustomUserInformationFactory$CustomUserRegistryException: Error on creating search itr for Search="uid=dummy" Base=""
at com.ibm.ram.repository.custom.LDAPUserInformationFactory$SearchIterator.<init>(LDAPUserInformationFactory.java:1175)
at com.ibm.ram.repository.custom.LDAPUserInformationFactory.search(LDAPUserInformationFactory.java:1303)
at com.ibm.ram.repository.custom.LDAPUserInformationFactory.search(LDAPUserInformationFactory.java:1096)
at com.ibm.ram.repository.custom.LDAPUserInformationFactory$LDAPGroupInformation$GroupMemberIterator.searchBase(LDAPUserInformationFactory.java:751)
at com.ibm.ram.repository.custom.LDAPUserInformationFactory$LDAPGroupInformation$GroupMemberIterator.flushBases(LDAPUserInformationFactory.java:768)
at com.ibm.ram.repository.custom.LDAPUserInformationFactory$LDAPGroupInformation$GroupMemberIterator.buildSearchItr(LDAPUserInformationFactory.java:706)
at com.ibm.ram.repository.custom.LDAPUserInformationFactory$LDAPGroupInformation$GroupMemberIterator.hasNext(LDAPUserInformationFactory.java:611)
at com.ibm.ram.repository.security.CustomUserInformationManager$1.synchronize(CustomUserInformationManager.java:788)
at com.ibm.ram.repository.security.UserGroupInstance.synchronize(UserGroupInstance.java:1472)
at com.ibm.ram.repository.security.CustomUserInformationManager.updateRAMGroup(CustomUserInformationManager.java:779)
at pagecode.admin.group.UserGroupDetail.bindToExternalGroup(UserGroupDetail.java:699)
at pagecode.admin.group.UserGroupDetail.doBindToSearchGroups(UserGroupDetail.java:712)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:48)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:600)
at org.apache.el.parser.AstValue.invoke(AstValue.java:159)
at org.apache.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:276)
at com.sun.faces.application.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:88)
... 48 more
Caused by: javax.naming.OperationNotSupportedException: [LDAP: error code 53 - Unwilling To Perform]; Remaining name: '/'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3140)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3013)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2820)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1829)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1752)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)
at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:222)
at com.ibm.ram.repository.custom.LDAPUserInformationFactory$SearchIterator.<init>(LDAPUserInformationFactory.java:1157)
... 66 more
2 answers
Your LDAP group is invalid. You have a member of the group that is just "uid=Dummy". Members of a group should be ONLY Distinguished Names. uid=Dummy is not a valid group member.
Comments
Hi Rich,
Sorry, I am still confusing what happened with RAM 7.5.1.1 version. Let me conclude our problem:
1) Originally our RAM version is 7.2.0.2, we created community and bind LDAP group then assigned member as named "secAuthority=Default" , it is no problem for group binding.
2) We upgrade to RAM 7.5.0.2, found it not work, the error like I post on the URL:
https://jazz.net/forum/questions/71865/ram-bind-group-in-ldap-error#74539
We created PMR for that , number is 30105 499 000.
RAM support team response is:
RAM team feedback is:
I have received updates from development team. They are on the same boat with myself saying that you need to have the uid set for that user:
"
RAM requires a uid to be set. It is invalid in RAM to not have one set. They must either remove that "user" from the group, or give that user in LDAP a dummy uid such as "!!dummy!!"."
So please edit that user and assign it a uid and let me know of the results.
Then we decide to change the LDAP member from "secAuthority=Default" to "uid=dummy"
After that on 7.5.0.2 it is working and we closed PMR
3) But After we upgrade to 7.5.1.1 , another exception is thrown out as I paste. As you mean we can not contain any member in the LDAP group? Is this the new version change?
Rich, do you have any suggestion for my answer?
Thanks.
Members of a group must have a distinguished name. That is what is looked for. uid=dummy is not a distinguished name.
A distinguished name is of the form like:
uid=dummy,ou=bluepages,o=ibm.com
uid=dummy is not enough to identify the member in a group. There needs to be at least two parts to a distinguished name, one is not sufficient. Your LDAP doesn't allow searching like this, so it is throwing the error.
I do not know how this could of worked before because it is the same code doing the search.
Rich,
We need to discuss more about this change, will send you a seperate mail about this issue.
Hi all,
I have the same problem on RAM 7.5.2:
[04/08/15 09:36:22 BRT] CRRAM0004E 558880475 ERROR web com.ibm.ram.repository.security.CustomUserInformationManager - Error updating user group id=1043 name=XXX07 binding id=cn=XXXX07X,ou=xxx,ou=xxxxxxxxx,ou=groups,ou=access,o=xx,c=br Msg=Error on creating search itr for Search="uid=dummy" Base="". It took 1 msecs to process the previous user in the group. [04/08/15 09:36:22 BRT] CRRAM0004E 558880477 ERROR web com.ibm.ram.repository.security.CustomUserInformationManager - A usergroup had failed updating. Will try updating the next usergroup in sequence. Had updated 0 groups so far. com.ibm.ram.repository.security.CustomUserInformationFactory$CustomUserRegistryException: Error on creating search itr for Search="uid=dummy" Base="" at com.ibm.ram.repository.custom.LDAPUserInformationFactory$SearchIterator.<init>(LDAPUserInformationFactory.java:1215) at com.ibm.ram.repository.custom.LDAPUserInformationFactory.search(LDAPUserInformationFactory.java:1343) at com.ibm.ram.repository.custom.LDAPUserInformationFactory.search(LDAPUserInformationFactory.java:1136) at com.ibm.ram.repository.custom.LDAPUserInformationFactory$LDAPGroupInformation$GroupMemberIterator.searchBase(LDAPUserInformationFactory.java:758) at com.ibm.ram.repository.custom.LDAPUserInformationFactory$LDAPGroupInformation$GroupMemberIterator.flushBases(LDAPUserInformationFactory.java:775) at com.ibm.ram.repository.custom.LDAPUserInformationFactory$LDAPGroupInformation$GroupMemberIterator.buildSearchItr(LDAPUserInformationFactory.java:713) at com.ibm.ram.repository.custom.LDAPUserInformationFactory$LDAPGroupInformation$GroupMemberIterator.hasNext(LDAPUserInformationFactory.java:618) at com.ibm.ram.repository.security.CustomUserInformationManager$1.synchronize(CustomUserInformationManager.java:813) at com.ibm.ram.repository.security.UserGroupInstance.synchronize(UserGroupInstance.java:1472) at com.ibm.ram.repository.security.CustomUserInformationManager.updateRAMGroup(CustomUserInformationManager.java:804) at com.ibm.ram.repository.security.CustomUserInformationManager.updateAllRAMUserGroups(CustomUserInformationManager.java:885) at pagecode.admin.repository.Tools.doUpdateCustomUserInfo(Tools.java:184) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:48) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:600) at org.apache.el.parser.AstValue.invoke(AstValue.java:159) at org.apache.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:276) at com.sun.faces.application.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:88) at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:102) at javax.faces.component.UICommand.broadcast(UICommand.java:387) at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:458) at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:763) at com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:82) at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:100) at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:118) at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265) at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1667) at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1602) at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:149) at com.ibm.ram.repository.web.security.RAMServletFilter.doFilter(RAMServletFilter.java:591) at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:190) at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:125) at com.ibm.ram.repository.web.filters.CSRFSecurityFilter.doFilter(CSRFSecurityFilter.java:66) at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:190) at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:125) at com.ibm.ram.repository.web.filters.JavascriptSecurityFilter.doFilter(JavascriptSecurityFilter.java:29) at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:190) at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:125) at com.ibm.ram.repository.web.filters.GZipFilter.doFilter(GZipFilter.java:42) at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:190) at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:125) at com.ibm.ram.repository.web.security.SecureAccessFilter.doFilter(SecureAccessFilter.java:58) at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:190) at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:125) at com.ibm.ws.webcontainer.filter.WebAppFilterChain._doFilter(WebAppFilterChain.java:80) at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:908) at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:939) at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:507) at com.ibm.ws.webcontainer.servlet.ServletWrapperImpl.handleRequest(ServletWrapperImpl.java:181) at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:3954) at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:276) at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:945) at com.ibm.ws.webcontainer.WSWebContainer.handleRequest(WSWebContainer.java:1592) at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:191) at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:453) at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewRequest(HttpInboundLink.java:515) at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.processRequest(HttpInboundLink.java:306) at com.ibm.ws.http.channel.inbound.impl.HttpICLReadCallback.complete(HttpICLReadCallback.java:84) at com.ibm.ws.ssl.channel.impl.SSLReadServiceContext$SSLReadCompletedCallback.complete(SSLReadServiceContext.java:1784) at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:175) at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217) at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161) at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:138) at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:204) at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:775) at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:905) at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1656) Caused by: javax.naming.OperationNotSupportedException: [LDAP: error code 53 - R010018 Search with null base DN requires either scope=base (for root DSE search) or scope=subtree (for null based subtree search) (process_root_request:294)]; Remaining name: '/' at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3140) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3013) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2820) at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1829) at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1752) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338) at com.ibm.ram.repository.custom.LDAPUserInformationFactory$SearchIterator.<init>(LDAPUserInformationFactory.java:1197) ... 67 more
I have the same problem on RAM 7.5.2:
[04/08/15 09:36:22 BRT] CRRAM0004E 558880475 ERROR web com.ibm.ram.repository.security.CustomUserInformationManager - Error updating user group id=1043 name=XXX07 binding id=cn=XXXX07X,ou=xxx,ou=xxxxxxxxx,ou=groups,ou=access,o=xx,c=br Msg=Error on creating search itr for Search="uid=dummy" Base="". It took 1 msecs to process the previous user in the group. [04/08/15 09:36:22 BRT] CRRAM0004E 558880477 ERROR web com.ibm.ram.repository.security.CustomUserInformationManager - A usergroup had failed updating. Will try updating the next usergroup in sequence. Had updated 0 groups so far. com.ibm.ram.repository.security.CustomUserInformationFactory$CustomUserRegistryException: Error on creating search itr for Search="uid=dummy" Base="" at com.ibm.ram.repository.custom.LDAPUserInformationFactory$SearchIterator.<init>(LDAPUserInformationFactory.java:1215) at com.ibm.ram.repository.custom.LDAPUserInformationFactory.search(LDAPUserInformationFactory.java:1343) at com.ibm.ram.repository.custom.LDAPUserInformationFactory.search(LDAPUserInformationFactory.java:1136) at com.ibm.ram.repository.custom.LDAPUserInformationFactory$LDAPGroupInformation$GroupMemberIterator.searchBase(LDAPUserInformationFactory.java:758) at com.ibm.ram.repository.custom.LDAPUserInformationFactory$LDAPGroupInformation$GroupMemberIterator.flushBases(LDAPUserInformationFactory.java:775) at com.ibm.ram.repository.custom.LDAPUserInformationFactory$LDAPGroupInformation$GroupMemberIterator.buildSearchItr(LDAPUserInformationFactory.java:713) at com.ibm.ram.repository.custom.LDAPUserInformationFactory$LDAPGroupInformation$GroupMemberIterator.hasNext(LDAPUserInformationFactory.java:618) at com.ibm.ram.repository.security.CustomUserInformationManager$1.synchronize(CustomUserInformationManager.java:813) at com.ibm.ram.repository.security.UserGroupInstance.synchronize(UserGroupInstance.java:1472) at com.ibm.ram.repository.security.CustomUserInformationManager.updateRAMGroup(CustomUserInformationManager.java:804) at com.ibm.ram.repository.security.CustomUserInformationManager.updateAllRAMUserGroups(CustomUserInformationManager.java:885) at pagecode.admin.repository.Tools.doUpdateCustomUserInfo(Tools.java:184) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:48) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:600) at org.apache.el.parser.AstValue.invoke(AstValue.java:159) at org.apache.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:276) at com.sun.faces.application.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:88) at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:102) at javax.faces.component.UICommand.broadcast(UICommand.java:387) at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:458) at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:763) at com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:82) at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:100) at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:118) at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265) at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1667) at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1602) at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:149) at com.ibm.ram.repository.web.security.RAMServletFilter.doFilter(RAMServletFilter.java:591) at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:190) at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:125) at com.ibm.ram.repository.web.filters.CSRFSecurityFilter.doFilter(CSRFSecurityFilter.java:66) at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:190) at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:125) at com.ibm.ram.repository.web.filters.JavascriptSecurityFilter.doFilter(JavascriptSecurityFilter.java:29) at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:190) at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:125) at com.ibm.ram.repository.web.filters.GZipFilter.doFilter(GZipFilter.java:42) at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:190) at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:125) at com.ibm.ram.repository.web.security.SecureAccessFilter.doFilter(SecureAccessFilter.java:58) at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:190) at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:125) at com.ibm.ws.webcontainer.filter.WebAppFilterChain._doFilter(WebAppFilterChain.java:80) at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:908) at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:939) at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:507) at com.ibm.ws.webcontainer.servlet.ServletWrapperImpl.handleRequest(ServletWrapperImpl.java:181) at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:3954) at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:276) at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:945) at com.ibm.ws.webcontainer.WSWebContainer.handleRequest(WSWebContainer.java:1592) at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:191) at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:453) at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewRequest(HttpInboundLink.java:515) at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.processRequest(HttpInboundLink.java:306) at com.ibm.ws.http.channel.inbound.impl.HttpICLReadCallback.complete(HttpICLReadCallback.java:84) at com.ibm.ws.ssl.channel.impl.SSLReadServiceContext$SSLReadCompletedCallback.complete(SSLReadServiceContext.java:1784) at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:175) at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217) at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161) at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:138) at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:204) at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:775) at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:905) at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1656) Caused by: javax.naming.OperationNotSupportedException: [LDAP: error code 53 - R010018 Search with null base DN requires either scope=base (for root DSE search) or scope=subtree (for null based subtree search) (process_root_request:294)]; Remaining name: '/' at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3140) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3013) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2820) at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1829) at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1752) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338) at com.ibm.ram.repository.custom.LDAPUserInformationFactory$SearchIterator.<init>(LDAPUserInformationFactory.java:1197) ... 67 more