Hi all, I am the new to Tivoli Directory Server.
I have tried lots of times to configure user registry using LDAP, but I alwa
ys got the following message in WAS Admin console:

Authentication failed for user: com.ibm.ws.console.security.ConnectToRuntime
Exception: null nested exception is com.ibm.websphere.security.CustomRegistr
yException: No user xpuser found. Try again.

I set the LDAP fields in WAS as below:

Server User ID        : xpuser (this is the username I logged on Windows XP)
Server user password  : (windows login password)
Type                  : IBM Tivoli Directory Server
Host                  : localhost
Port                  : 389
Base distinguished name (DN): o=ibm,c=us
Bind distinguished name (DN): cn=root (With which I logged to operate the
directory using Web Admin Tool of
IDSWebApp.war)
Bind password               : (root password)

And I left the advance attributes the default values.

In Tivoli Server, I have done the following setting:

Set the administrator cn=root password
Configure and set up db2
Add suffix o=ibm, c=us
Import sample LDIF file

With Web administration tool for Tivoli Server, I have done the follow setti
ng.

Create a Realm for o=ibm,c=us
Create a administrator for the Realm cn=admin1,o=ibm,c=us
Create a user template for the Realm with all default setting.
Create a user with the user template RDN sn=foo, cn=realm, o=ibm, c=us

In WAS console:

Check Global security box
Select LTPA as Active authentication mechanism
Select LDAP as Active user registry.

I would like thank you all for any help.

[ Post a follow-up to this message ]

chen@iol.ie wrote:
> Hi all, I am the new to Tivoli Directory Server.
> I have tried lots of times to configure user registry using LDAP, but I al
ways got the following message in WAS Admin console:
>
> Authentication failed for user: com.ibm.ws.console.security.ConnectToRuntimeExcept
ion: null nested exception is com.ibm.websphere.security.CustomRegistryException: No
 user xpuser found. Try again.

> I set the LDAP fields in WAS as below:
>
> Server User ID        : xpuser (this is the username I logged on Windows X
P)
> Server user password  : (windows login password)

This has to be a valid userid in the directory.

> Type                  : IBM Tivoli Directory Server
> Host                  : localhost
> Port                  : 389
> Base distinguished name (DN): o=ibm,c=us
> Bind distinguished name (DN): cn=root (With which I logged to operate the
>                                        directory using Web Admin Tool of
>                                        IDSWebApp.war)
> Bind password               : (root password)
>
> And I left the advance attributes the default values.
>
> In Tivoli Server, I have done the following setting:
>
> Set the administrator cn=root password
> Configure and set up db2
> Add suffix o=ibm, c=us
> Import sample LDIF file
>
> With Web administration tool for Tivoli Server, I have done the follow set
ting.
>
> Create a Realm for o=ibm,c=us
> Create a administrator for the Realm cn=admin1,o=ibm,c=us
> Create a user template for the Realm with all default setting.
> Create a user with the user template RDN sn=foo, cn=realm, o=ibm, c=us

This is not how you create users in ITDS. I know it's a little
confusing, but you should be creating objects under "Directory
Management>Add an Entry"

First you create a domain object

Then you create containers under the domain for things like users and groups

Then you create users in the user container (you can have multiple
containers, such as employees, customers etc.) with object class
inetOrgPerson

[ Post a follow-up to this message ]

Hi Paul, thanks for your reply. But can you give a step-by-step example for 
configuring both WAS and Tivoli? I would appreciate it.

[ Post a follow-up to this message ]

chen@iol.ie wrote:
> Hi Paul, thanks for your reply. But can you give a step-by-step
> example for configuring both WAS and Tivoli? I would appreciate it.

I don't have such a thing - did you search on developerworks, or look at
the redbooks ?

[ Post a follow-up to this message ]

Hi Paul, I have read a few of Admin and Config book. I followed the steps bu
t none works so far.

I just want to know at present, what user name I should put in the field:
Server User ID
in WAS Console? Is it a OS user name, or Tivoli user name or an Tivoli entry
?

Thanks

[ Post a follow-up to this message ]

I was unable to even get the Web Administration Tool to log me in.

I installed Tivoli etc but when I started up WAS Express, went to the Web Ad
min Tool UTL and tried to login with the root cn=idsldap that I setup when c
onfiguring the instance, it comes back with:

Authorization error: The user name and/or password given was invalid or the 
password has expired.

I can't quite figure out what I'm doing wrong. I've tried the following logi
n combinations:

Login/Password:   idsldap / idsldap
cn=idsldap / idsldap
cn=idsldap, cn=Configuration  /idsldap


Anyone have any suggestions ?

Thanks

[ Post a follow-up to this message ]

steve.clarke4@baesystems.com wrote:
> I was unable to even get the Web Administration Tool to log me in.
>
> I installed Tivoli etc but when I started up WAS Express, went to the Web 
Admin Tool UTL and tried to login with the root cn=idsldap that I setup when
 configuring the instance, it comes back with:
>
> Authorization error: The user name and/or password given was invalid or th
e password has expired.
>
> I can't quite figure out what I'm doing wrong. I've tried the following lo
gin combinations:
>
> Login/Password:   idsldap / idsldap
>                   cn=idsldap / idsldap
>                   cn=idsldap, cn=Configuration  /idsldap
>
>
> Anyone have any suggestions ?
>
> Thanks
>

cn=root ?

[ Post a follow-up to this message ]