cn=ad,cn=groups,dc=mycompany,dc=com
to
cn=groups,ou=myDept,dc=mycompany,dc=com
but you had a group in subcontainer
cn=anotherLevel,cn=ad,cn=groups,dc=mycompany,dc=com
OID would not find it.
The patch almost worked as expected--we got one of the two object classes promised and we could find the groups in subcontainers. Unfortunately the patchset broke Windows Native Authentication (WNA). The problem is that the patch introduced a new java JDK, version 1.4.2._14. After many hours of troubleshooting we found Oracle bug 6658334--WNA FAILS AFTER APPLYING IDM 10.1.4.2.0 PATCHSET. The solution appears to be to downgrade the Sun JDK to 1.4.2_13. We did this and it works, but oh what a headache.
You might get an error stack that looks like this:
DAS servlet init enter oiddas: Release 10.1.4.0.1 Production Started <$ORACLE_HOME>/j2ee/OC4J_SECURITY/applications/oiddas/ui/WEB-INF/lib/oiddas.jar archive DAS servlet init exit Getting creds for HTTP/ ... Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt true ticketCache is null KeyTab is
<$ORACLE_HOME>/j2ee/OC4J_SECURITY/config/sso.keytab refreshKrb5Config is
false principal is HTTP/tryFirstPass is false
useFirstPass is false storePass is false clearPass is false
principal's key obtained from the keytabprincipal is HTTP/ KerberosAuthenticator: GSSException raised in constructor -
No valid credentials provided (Mechanism level: Attempt to obtain new ACCEPT
credentials failed!)GSSException: No valid credentials provided (Mechanism
level: Attempt to obtain new ACCEPT credentials failed!)at
sun.security.jgss.krb5.Krb5AcceptCredential.getKeyFromSubject(Krb5AcceptCreden
tial.java:189)at
sun.security.jgss.krb5.Krb5AcceptCredential.getInstance(Krb5AcceptCredential.j
ava:80)
. . .30 Caused by: javax.security.auth.login.LoginException:
java.lang.NullPointerException
at java.lang.StringBuffer.append(StringBuffer.java:467)
at
com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginMo
dule.java:576)
at
com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:475)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
1 comment:
cheap wow power leveling buy wow gold cheapest wow power leveling CHEAP wow gold BUY power leveling CHEAPEST wow powerleveling
wow goldwow goldwow goldwow goldweiwei
Post a Comment