LDAP login works with xx:xx/ibm/console but not xx:xx/wps/portal

Discussion:

(too old to reply)

k***@gmail.com

2009-03-02 17:40:00 UTC

I have just configured Websphere Portal with LDAP(SunOne). I am able to login using the Admin Console http://server:port/ibm/console , however I am unable to login using portal login http://server:port/wps/portal.

I check the logs and both seem to be able to talk to LDAP. The only difference is when I login using Portal, it does'nt let me in. The logs say " [GMT] 00000030 DefaultLoginF E com.ibm.wps.auth.impl.DefaultLoginFilter doLoginWithExceptions WpsException occured: com.ibm.wps.services.authentication.exceptions.UserRetrieveException: EJPSD0008E: Exception occurred while retrieving the user [wpsadmin] from the user registry. "

Any help is greatly appreciated.

j***@us.ibm.com

2009-03-02 20:28:55 UTC

Permalink

Are you running Portal 6.0.x? Is WMMUR configured? One possible scenario is that the user can be found in wmmWASAdmin.xml (which would allow the WAS admin console login) but not in the LDAP (due to some misconfiguration?).

k***@gmail.com

2009-03-02 22:45:23 UTC

Permalink

I am running Portal 6.1.0.15 . I don't know what WMMUR is. I have'nt configured it. All I did was added LDAP settings (the userid/pwd/host/port etc.,) using the admin console and tested the connection using the 'Test Connection' button on the admin console.

Another symptom I noticed was, when I add a new user from Portal, even though it says the user is added, it does'nt show up in LDAP Server (SunOne). However, if I try to add the same user again using portal, it says user already exists. Also, I noticed when I enter wrong password while logging in, I get a different error saying Password incorrect. So I believe, Portal is actually talking to the ldap server, but something is going wrong after that. Not sure if I have missed any other steps. Do I need to do anything more on LDAPServer (for example having an administrator group and adding wpsadmin to it?) or do I need to do anything more on Websphere (you mentioned WMMUR and anything else).

Thanks for your input.

r***@gmx.net

2009-03-03 12:20:26 UTC

Permalink

Hi

If I understood this correct you have configured the security at the WAS Admin console.

Portal does need VMM and WAS security be in sync. That's why we do have configuration tasks available which perform the right steps in both areas. If you only configure it at the WAS admin console you will only do 50% of the job and this would lead to a symptom that VMM is still configured against the FileRepository, but WAS security points to LDAP whihc stops Portal authentication flow to work.

Suren

2009-03-03 12:35:12 UTC

Permalink

Just see the OU present in WMMUR.xml file. It will be in

X:\Program Files\IBM\WebSphere\PortalServer\wmm\

In that one OU structure will be mentioned. Check whether the user you are trying to login comes under that OU.. I don't think he will be there in that OU.. Thats why you are getting that retrieve user exception.

j***@us.ibm.com

2009-03-03 13:23:32 UTC

Permalink

The tasks Stefan mentioned are described in the InfoCenter:

(standalone)
http://publib.boulder.ibm.com/infocenter/wpdoc/v6r1m0/index.jsp?topic=/com.ibm.wp.ent.doc/install/standalone_cfg_wp_ureg.html

(clustered/AIX - there are other sections for the other OS-s)
http://publib.boulder.ibm.com/infocenter/wpdoc/v6r1m0/index.jsp?topic=/com.ibm.wp.ent.doc/install/aix_cfg_wp_ureg.html

Running the appropriate ConfigEngine tasks will configure WAS and VMM to allow you to log in to both the WAS admin console and Portal.

k***@gmail.com

2009-03-03 19:39:13 UTC

Permalink

Thanks everyone. This is now sorted. I have used the ConfigEngine Tasks and now it seems to be all well.