LDAP Security in IIS
Posted: Wed Apr 25, 2007 10:16 am
Hi:
I am having problems configuring IIS to use LDAP registry. I have been following the Admin guide in setting this up.
While install, the user registry is chosen to be OS registry.
Then I configured LDAP security at the WAS administration console. I set up an user as Administrator, Confirgurator, Operator, Monitor and changed the protocol to LDAP in the Global security page. I tested this configuration by restarting the application server and logging in using the LDAP user and this works fine
The next step in the admin document is login to IISAdmin console using suite administrator. Here is where I am facing a problem. When I use the LDAP user to login, access is denied
On the IISAdmin Console->Domain Management->Directory Configuration, WebSphere User Registry is set as the Active Provider and the admin user is created
When I try login to IIS Admin Console using this admin user, I get the above error.
Is there something that has to be done at the LDAP end to make the LDAP user as the Suite administrator ?
Any suggestions on how to resolve this ?
Thanks
I am having problems configuring IIS to use LDAP registry. I have been following the Admin guide in setting this up.
While install, the user registry is chosen to be OS registry.
Then I configured LDAP security at the WAS administration console. I set up an user as Administrator, Confirgurator, Operator, Monitor and changed the protocol to LDAP in the Global security page. I tested this configuration by restarting the application server and logging in using the LDAP user and this works fine
The next step in the admin document is login to IISAdmin console using suite administrator. Here is where I am facing a problem. When I use the LDAP user to login, access is denied
Code: Select all
[4/25/07 8:40:57:257 PDT] 00000034 SystemOut O Unable to authenticate user <adminuser>/SessionId=A30B13C9-BE88-4880-8C5E-7B937233C525: CORBA NO_PERMISSION 0x0 No; nested exception is:
org.omg.CORBA.NO_PERMISSION: java.rmi.AccessException: ; nested exception is:
com.ibm.websphere.csi.CSIAccessException: SECJ0053E: Authorization failed for wps.<ldapserver.com>:389/<adminuser> while invoking (Bean)ascential/acs/ejb/impl/AuthenticationService login(java.lang.String,char[],com.ascential.asb.util.security.SessionInfo):1 JACC Authorization failed for bean: AuthenticationService vmcid: 0x0 minor code: 0 completed: No
When I try login to IIS Admin Console using this admin user, I get the above error.
Is there something that has to be done at the LDAP end to make the LDAP user as the Suite administrator ?
Any suggestions on how to resolve this ?
Thanks