DSXchange

A short text to describe your forum
http://dsxchange.com./

LDAP Security in IIS

http://dsxchange.com./viewtopic.php?f=24&t=109407

Page 1 of 1

LDAP Security in IIS

Posted: Wed Apr 25, 2007 10:16 am
by gomez
Hi:
I am having problems configuring IIS to use LDAP registry. I have been following the Admin guide in setting this up.
While install, the user registry is chosen to be OS registry.
Then I configured LDAP security at the WAS administration console. I set up an user as Administrator, Confirgurator, Operator, Monitor and changed the protocol to LDAP in the Global security page. I tested this configuration by restarting the application server and logging in using the LDAP user and this works fine
The next step in the admin document is login to IISAdmin console using suite administrator. Here is where I am facing a problem. When I use the LDAP user to login, access is denied

Code: Select all

[4/25/07 8:40:57:257 PDT] 00000034 SystemOut     O Unable to authenticate user <adminuser>/SessionId=A30B13C9-BE88-4880-8C5E-7B937233C525: CORBA NO_PERMISSION 0x0 No; nested exception is: 
	org.omg.CORBA.NO_PERMISSION: java.rmi.AccessException:  ; nested exception is: 
	com.ibm.websphere.csi.CSIAccessException: SECJ0053E: Authorization failed for wps.<ldapserver.com>:389/<adminuser> while invoking (Bean)ascential/acs/ejb/impl/AuthenticationService login(java.lang.String,char[],com.ascential.asb.util.security.SessionInfo):1 JACC Authorization failed for bean: AuthenticationService  vmcid: 0x0  minor code: 0  completed: No
On the IISAdmin Console->Domain Management->Directory Configuration, WebSphere User Registry is set as the Active Provider and the admin user is created

When I try login to IIS Admin Console using this admin user, I get the above error.

Is there something that has to be done at the LDAP end to make the LDAP user as the Suite administrator ?

Any suggestions on how to resolve this ?

Thanks

Posted: Thu Jun 21, 2007 3:52 pm
by gomez
The issue was resolved by IBM Ascential Helpdesk. The bind name(the X500 distinguished name ) for LDAP was defined in lower case where as in active directory in our environment it is upper case. And IIS authentication is case sensitive.

Thanks

how to resolve this?

Posted: Tue Apr 08, 2008 10:29 pm
by thesn
Dear Gomez,

I experienced the same probem, but using the local OS registry.
When I put the user it is in: domain\userid (lower case domain).
Please advice. Thanks.

/satria
gomez wrote:The issue was resolved by IBM Ascential Helpdesk. The bind name(the X500 distinguished name ) for LDAP was defined in lower case where as in active directory in our environment it is upper case. And IIS authentication is case sensitive.

Thanks

Posted: Fri Jul 25, 2008 1:42 pm
by gomez
Did you get this resolved? You might have to open a new thread because people might think this is a resolved thread and not look at it.
IIS is case sensitive, so try giving the name as defined in your Local OS
IHTH
All times are UTC-06:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited