Friday, December 19, 2008
Cannot find entries for (uid=amadmin) - amAuthLDAP
Error : Cannot find entries for (uid=amadmin)
12/18/2008 04:31:50:746 PM CET: Thread[service-j2ee-7,5,main]
Connecting to dev-ds.iam.finbel.intra:389
Searching dc=iam,dc=finbel,dc=intra for (uid=amadmin)
scope = 2
12/18/2008 04:31:50:746 PM CET: Thread[service-j2ee-7,5,main]
userAttrSize is : 2
12/18/2008 04:31:50:749 PM CET: Thread[service-j2ee-7,5,main]
Cannot find entries for (uid=amadmin)
If you do not configure the debug level of AM server in mode message the message does not show up !
/etc/opt/SUNWam/config/AMConfig.properties
...
com.iplanet.services.debug.level=message
...
BTW it is a good practice to put the server in "message" to investigate a problem and to put back the mode in "error" or "warning" later. Ton of messages if you don't !
Symptoms : The administrator(amadmin) cannot log into the AM console.
Environment : AM : 7.1 patch 1; Solaris 10 on Sparc
Comments : It is very weird because amadmin cannot log in. We have experienced this just after an installation from state files(I did not do myself).
As amldapuser(cn=amldapuser,ou=DSAME Users,dc=iam,dc=finbel,dc=intra) and using ldapsearch you can retriveve amadmin in the DS.
vegan:rudy ~ $ ldapsearch -b "dc=iam,dc=finbel,dc=intra" -h dps-t-prod-z1.iam.finbel.intra -D "cn=amldapuser,ou=DSAME Users,dc=iam,dc=finbel,dc=intra" -w XXX "uid=amadmin" dn
version: 1
dn: uid=amAdmin,ou=People,dc=iam,dc=finbel,dc=intra
Solution :
12/18/2008 04:31:50:746 PM CET: Thread[service-j2ee-7,5,main]
Connecting to dev-ds.iam.finbel.intra:389
Searching dc=iam,dc=finbel,dc=intra for (uid=amadmin)
scope = 2
12/18/2008 04:31:50:746 PM CET: Thread[service-j2ee-7,5,main]
userAttrSize is : 2
12/18/2008 04:31:50:749 PM CET: Thread[service-j2ee-7,5,main]
Cannot find entries for (uid=amadmin)
If you do not configure the debug level of AM server in mode message the message does not show up !
/etc/opt/SUNWam/config/AMConfig.properties
...
com.iplanet.services.debug.level=message
...
BTW it is a good practice to put the server in "message" to investigate a problem and to put back the mode in "error" or "warning" later. Ton of messages if you don't !
Symptoms : The administrator(amadmin) cannot log into the AM console.
Environment : AM : 7.1 patch 1; Solaris 10 on Sparc
Comments : It is very weird because amadmin cannot log in. We have experienced this just after an installation from state files(I did not do myself).
As amldapuser(cn=amldapuser,ou=DSAME Users,dc=iam,dc=finbel,dc=intra) and using ldapsearch you can retriveve amadmin in the DS.
vegan:rudy ~ $ ldapsearch -b "dc=iam,dc=finbel,dc=intra" -h dps-t-prod-z1.iam.finbel.intra -D "cn=amldapuser,ou=DSAME Users,dc=iam,dc=finbel,dc=intra" -w XXX "uid=amadmin" dn
version: 1
dn: uid=amAdmin,ou=People,dc=iam,dc=finbel,dc=intra
Solution :
- Enter the AM console using the full name.
Example : uid=amAdmin,ou=People,dc=iam,dc=finbel,dc=intra - "Access Control"->"Realms"->Authentication->"Modules Instances"->"LDAP"
Check the data. In my case "Password for Root User Bind:" was empty ! Save and restart the server because the LDAP intialisation does only occur one time.
Subscribe to:
Posts (Atom)
