|
Home > Archive > WebSphere Application Server > February 2007 > WAS 6.0 Global Security with Tivoli Directory Server
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
WAS 6.0 Global Security with Tivoli Directory Server
|
|
|
| Hi all, I am the new to Tivoli Directory Server.
I have tried lots of times to configure user registry using LDAP, but I always got the following message in WAS Admin console:
Authentication failed for user: com.ibm.ws.console.security.ConnectToRuntimeException: null nested exception is com.ibm.websphere.security.CustomRegistryException: No user xpuser found. Try again.
I set the LDAP fields in WAS as below:
Server User ID : xpuser (this is the username I logged on Windows XP)
Server user password : (windows login password)
Type : IBM Tivoli Directory Server
Host : localhost
Port : 389
Base distinguished name (DN): o=ibm,c=us
Bind distinguished name (DN): cn=root (With which I logged to operate the
directory using Web Admin Tool of
IDSWebApp.war)
Bind password : (root password)
And I left the advance attributes the default values.
In Tivoli Server, I have done the following setting:
Set the administrator cn=root password
Configure and set up db2
Add suffix o=ibm, c=us
Import sample LDIF file
With Web administration tool for Tivoli Server, I have done the follow setting.
Create a Realm for o=ibm,c=us
Create a administrator for the Realm cn=admin1,o=ibm,c=us
Create a user template for the Realm with all default setting.
Create a user with the user template RDN sn=foo, cn=realm, o=ibm, c=us
In WAS console:
Check Global security box
Select LTPA as Active authentication mechanism
Select LDAP as Active user registry.
I would like thank you all for any help.
| |
| Paul Ilechko 2007-01-23, 1:25 pm |
| chen@iol.ie wrote:
> Hi all, I am the new to Tivoli Directory Server.
> I have tried lots of times to configure user registry using LDAP, but I always got the following message in WAS Admin console:
>
> Authentication failed for user: com.ibm.ws.console.security.ConnectToRuntimeException: null nested exception is com.ibm.websphere.security.CustomRegistryException: No user xpuser found. Try again.
> I set the LDAP fields in WAS as below:
>
> Server User ID : xpuser (this is the username I logged on Windows XP)
> Server user password : (windows login password)
This has to be a valid userid in the directory.
> Type : IBM Tivoli Directory Server
> Host : localhost
> Port : 389
> Base distinguished name (DN): o=ibm,c=us
> Bind distinguished name (DN): cn=root (With which I logged to operate the
> directory using Web Admin Tool of
> IDSWebApp.war)
> Bind password : (root password)
>
> And I left the advance attributes the default values.
>
> In Tivoli Server, I have done the following setting:
>
> Set the administrator cn=root password
> Configure and set up db2
> Add suffix o=ibm, c=us
> Import sample LDIF file
>
> With Web administration tool for Tivoli Server, I have done the follow setting.
>
> Create a Realm for o=ibm,c=us
> Create a administrator for the Realm cn=admin1,o=ibm,c=us
> Create a user template for the Realm with all default setting.
> Create a user with the user template RDN sn=foo, cn=realm, o=ibm, c=us
This is not how you create users in ITDS. I know it's a little
confusing, but you should be creating objects under "Directory
Management>Add an Entry"
First you create a domain object
Then you create containers under the domain for things like users and groups
Then you create users in the user container (you can have multiple
containers, such as employees, customers etc.) with object class
inetOrgPerson
| |
|
| Hi Paul, thanks for your reply. But can you give a step-by-step example for configuring both WAS and Tivoli? I would appreciate it.
| |
| Paul Ilechko 2007-01-24, 7:51 am |
| chen@iol.ie wrote:
> Hi Paul, thanks for your reply. But can you give a step-by-step
> example for configuring both WAS and Tivoli? I would appreciate it.
I don't have such a thing - did you search on developerworks, or look at
the redbooks ?
| |
|
| Hi Paul, I have read a few of Admin and Config book. I followed the steps but none works so far.
I just want to know at present, what user name I should put in the field:
Server User ID
in WAS Console? Is it a OS user name, or Tivoli user name or an Tivoli entry?
Thanks
| |
|
| I was unable to even get the Web Administration Tool to log me in.
I installed Tivoli etc but when I started up WAS Express, went to the Web Admin Tool UTL and tried to login with the root cn=idsldap that I setup when configuring the instance, it comes back with:
Authorization error: The user name and/or password given was invalid or the password has expired.
I can't quite figure out what I'm doing wrong. I've tried the following login combinations:
Login/Password: idsldap / idsldap
cn=idsldap / idsldap
cn=idsldap, cn=Configuration /idsldap
Anyone have any suggestions ?
Thanks
| |
| Paul Ilechko 2007-02-26, 1:19 pm |
| steve.clarke4@baesystems.com wrote:
> I was unable to even get the Web Administration Tool to log me in.
>
> I installed Tivoli etc but when I started up WAS Express, went to the Web Admin Tool UTL and tried to login with the root cn=idsldap that I setup when configuring the instance, it comes back with:
>
> Authorization error: The user name and/or password given was invalid or the password has expired.
>
> I can't quite figure out what I'm doing wrong. I've tried the following login combinations:
>
> Login/Password: idsldap / idsldap
> cn=idsldap / idsldap
> cn=idsldap, cn=Configuration /idsldap
>
>
> Anyone have any suggestions ?
>
> Thanks
>
cn=root ?
|
|
|
|
|