Posts Tagged ‘Ldap’
Delete changelog.data?
This morning I tried to save some space in my computer. I found a file changelog.data
in the folder <domain>\admin\data\ldap\ldapfiles
of which size was more than 7 Go… This file is used by WebLogic, but I don’t know for which purpose.
I performed a head command on it, here is the output:
☻ U♠cn=urn@Lbea@Lxacml@L2.0@Lentitlement@Lresource@Ltype@AE@AFurl@AG@AM@AOapplication@AEconsoleapp@AM@AOcontextPath@AE@AUconsole@AM@AOuri@AE@AU@AK+xacmlVersion=1.0,ou=Policies,ou=XACMLAuthorization,ouv"xacmlDocument☺er♠OrH~'<?xml version="1.0" encoding="UTF-8"?> <Policy xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os" PolicyId="urn:bea:xacml:2.0:entitlement:resource:type@E@Furl@G@M@Oapplication@Econsoleapp@M@OcontextPath@E@Uconsole@M@Ouri@E@U@K" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable"><Description>Rol(Admin,Operator,Deployer,Monitor)</Description><Target><Resources><Resource><ResourceMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"><AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">type=<url>, application=consoleapp, contextPath=/console, uri=/*</AttributeValue><ResourceAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:resource:resource-ancestor-or-self" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/></ResourceMatch></Resource></Resources></Target><Rule RuleId="primary-rule" Effect="Permit"><Condition><Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-at-least-one-member-of"><Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-bag"><AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Admin</AttributeValue><AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Operator</AttributeValue><AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Deployer</AttributeValue><AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Monitor</AttributeValue></Apply><SubjectAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role" DataType="http://www.w3.org/2001/XMLSchema#string"/></Apply></Condition></Rule><Rule RuleId="deny-rule" Effect="Deny"></Rule></Policy> ♂ gUxacmlStatus☺ ☺ ♥3 E☻♫ ƒ♫wlsXmlFragment☺A÷<WLSPolicytwmodifiersName☺nf$☻D§cn=admin☻ #â♠cn=urn@Lbea@Lxacml@L2.0@Lentitlement@Lresource@Ltype@AE@AFurl@AG@AM@AOapplication@AEconsoleapp@AM@AOcontextPath@AE@AUconsole@AM@AOuri@AE@AUimages@AU@AK+xacmlVersionv"xacmlDocument☺,o♥AX)¿k<?xml version="1.0" encoding="UTF-8"?> ♥_☻ <Policy xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os" PolicyId="urn:bea:xacml:2.0:entitlement:resource:type@E@Furl@G@M@Oapplication@Econsoleapp@M@OcontextPath@E@Uconsole@M@Ouri@E@Uimages@U@K" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable"><Description>?weblogic.entitlement.rules.UncheckedPolicy()</Description><Target><Resources><Resource><ResourceMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"><AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">type=<url>, application=consoleapp, contextPath=/console, uri=/images/*</AttributeValue><ResourceAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:resource:resource-ancestor-or-self" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/></ResourceMatch></Resource></Resources></Target><Rule RuleId="unchecked-policy" Effect="Permit"></Rule></Policy> ♂ gUxacmlStatus☺ ☺ ♥3 E☻♫ ƒ♫wlsXmlFragment☺ ( ☺A÷<WLSPolicyInfo wlstwmodifiersName☺lo$☻D§cn=admin☻ywlcn=urn@Lbea@Lxacml@L2.0@Lentitlement@Lresource@Ltype@AE@AFurl@AG@AM@AOapplication@AEconsoleapp@AM@AOcontextPath@AE@AUconsole@AM@AOuri@AE@AU@AK+xacmlVersion=1.0,ou=Polv"xacmlDocument☺th♠OiH~'<?xml version="1.0" encoding="UTF-8"?> <Policy xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os" PolicyId="urn:bea:xacml:2.0:entitlement:resource:type@E@Furl@G@M@Oapplication@Econsoleapp@M@OcontextPath@E@Uconsole@M@Ouri@E@U@K" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable"><Description>Rol(Admin,Operator,Deployer,Monitor)</Description><Target><Resources><Resource><ResourceMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"><AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">type=<url>, application=consoleapp, contextPath=/console, uri=/*</AttributeValue><ResourceAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:resource:resource-ancestor-or-self" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/></ResourceMatch></Resource></Resources></Target><Rule RuleId="primary-rule" Effect="Permit"><Condition><Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-at-least-one-member-of"><Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-bag"><AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Admin</AttributeValue><AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Operator</AttributeValue><AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Deployer</AttributeValue><AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Monitor</AttributeValue></Apply><SubjectAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role" DataType="http://www.w3.org/2001/XMLSchema#string"/></Apply></Condition></Rule><Rule RuleId="deny-rule" Effect="Deny"></Rule></Policy> ♂ gUxacmlStatus☺ ☺ ♥3 E☻♫ ƒ♫wlsXmlFragment☺A÷<WLSPolicytwmodifiersName☺nf$☻D§cn=Admin☻ +cn=urn@Lbea@Lxacml@L2.0@Lentitlement@Lresource@Ltype@AE@AFurl@AG@AM@AOapplication@AEconsoleapp@AM@AOcontextPath@AE@AUconsole@AM@AOuri@AE@AUimages@AU@AK+xacmlVersion=1v"xacmlDocument☺u=♥AC)¿k<?xml version="1.0" encoding="UTF-8"?>♥_☻ <Policy xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os" PolicyId="urn:bea:xacml:2.0:entitlement:resource:type@E@Furl@G@M@Oapplication@Econsoleapp@M@OcontextPath@E@Uconsole@M@Ouri@E@Uimages@U@K" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable"><Description>?weblogic.entitlement.rules.UncheckedPolicy()</Description><Target><Resources><Resource><ResourceMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"><AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">type=<url>, application=consoleapp, contextPath=/console, uri=/images/*</AttributeValue><ResourceAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:resource:resource-ancestor-or-self" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/></ResourceMatch></Resource></Resources></Target><Rule RuleId="unchecked-policy" Effect="Permit"></Rule></Policy> ♂ gUxacmlStatus☺ ☺ ♥3 E☻♫ ƒ♫wlsXmlFragment☺ ( ☺A÷<WLSPolicyInfo wlstwmodifiersName☺lo$☻D§cn=Admin☻yw+UCre<▼modifyTimeStamp☺eploy +☻ <▼modifyTimeStamp☺ cn=urn@Lbea@Lxacml@L2.0@Lentitlement@Lresource@Ltype@AE@AFurl@AG@AM@AOapplication@AEconsoleapp@AM@AOcontextPath@AE@AUconsole@AM@AOuri@AE@AU@AK+xacmlVersion=1.0,ou=Policies,ou=XACMLAuthorization,ou=myreav"xacmlDocument☺ ♠♠O H~'<?xml version="1.0" encoding="UTF-8"?> <Policy xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os" PolicyId="urn:bea:xacml:2.0:entitlement:resource:type@E@Furl@G@M@Oapplication@Econsoleapp@M@OcontextPath@E@Uconsole@M@Ouri@E@U@K" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable"><Description>Rol(Admin,Operator,Deployer,Monitor)</Description><Target><Resources><Resource><ResourceMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"><AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">type=<url>, application=consoleapp, contextPath=/console, uri=/*</AttributeValue><ResourceAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:resource:resource-ancestor-or-self" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/></ResourceMatch></Resource></Resources></Target><Rule RuleId="primary-rule" Effect="Permit"><Condition><Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-at-least-one-member-of"><Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-bag"><AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Admin</AttributeValue><AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Operator</AttributeValue><AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Deployer</AttributeValue><AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Monitor</AttributeValue></Apply><SubjectAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role" DataType="http://www.w3.org/2001/XMLSchema#string"/></Apply></Condition></Rule><Rule RuleId="deny-rule" Effect="Deny"></Rule></Policy> ♂ gUxacmlStatus☺ ☺ ♥3 E☻♫ ƒ♫wlsXmlFragment☺A÷<WLSPolicytwmodifiersName☺nf$☻D§cn=Admin☻ +â♫ <▼modifyTimeStamp☺ ♠ 7Ödeploy +☻ <▼modifyTimeStamp☺ cn=urn@Lbea@Lxacml@L2.0@Lentitlement@Lresource@Ltype@AE@AFurl@AG@AM@AOapplication@AEconsoleapp@AM@AOcontextPath@AE@AUconsole@AM@AOuri@AE@AUimages@AU@AK+xacmlVersion=1.0,ou=Policies,ou=XACMLAuthorizationv"xacmlDocument☺l_♥Ar)¿k<?xml version="1.0" encoding="UTF-8"?> <Policy xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os" PolicyId="urn:bea:xacml:2.0:entitlement:resource:type@E@Furl@G@M@Oapplication@Econsoleapp@M@OcontextPath@E@Uconsole@M@Ouri@E@Uimages@U@K" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable"><Description>?weblogic.entitlement.rules.UncheckedPolicy()</Description><Target><Resources><Resource><ResourceMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"><AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">type=<url>, application=consoleapp, contextPath=/console, uri=/images/*</AttributeValue><ResourceAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:resource:resource-ancestor-or-self" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/></ResourceMatch></Resource></Resources></Target><Rule RuleId="unchecked-policy" Effect="Permit"></Rule></Policy> ♂ gUxacmlStatus☺ ☺ ♥3 E☻♫ ƒ♫wlsXmlFragment☺ ( ☺A÷<WLSPolicyInfo wlstwmodifiersName☺lo$☻D§cn=Admin☻yw+U♀cn=urn@Lbea@Lxacml@L2.0@Lentitlement@Lresource@Ltype@AE@AFurl@AG@AM@AOapplication@AEconsoleapp@AM@AOcontextPath@AE@AUconsole@AM@AOuri@AE@AU@AK+xacmlVersion=1.0,ou=Pv"xacmlDocument☺Au♠OoH~'<?xml version="1.0" encoding="UTF-8"?> <Policy xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os" PolicyId="urn:bea:xacml:2.0:entitlement:resource:type@E@Furl@G@M@Oapplication@Econsoleapp@M@OcontextPath@E@Uconsole@M@Ouri@E@U@K" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable"><Description>Rol(Admin,Operator,Deployer,Monitor)</Description><Target><Resources><Resource><ResourceMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"><AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">type=<url>, application=consoleapp, contextPath=/console, uri=/*</AttributeValue><ResourceAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:resource:resource-ancestor-or-self" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/></ResourceMatch></Resource></Resources></Target><Rule RuleId="primary-rule" Effect="Permit"><Condition><Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-at-least-one-member-of"><Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-bag"><AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Admin</AttributeValue><AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Operator</AttributeValue><AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Deployer</AttributeValue><AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Monitor</AttributeValue></Apply><SubjectAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role" DataType="http://www.w3.org/2001/XMLSchema#string"/></Apply></Condition></Rule><Rule RuleId="deny-rule" Effect="Deny"></Rule></Policy> ♂ gUxacmlStatus☺ ☺ ♥3 E☻♫ ƒ♫wlsXmlFragment☺A÷<WLSPolicytwmodifiersName☺nf$☻D§cn=Admin☻ +â♀cn=urn@Lbea@Lxacml@L2.0@Lentitlement@Lresource@Ltype@AE@AFurl@AG@AM@AOapplication@AEconsoleapp@AM@AOcontextPath@AE@AUconsole@AM@AOuri@AE@AUimages@AU@AK+xacmlVersionv"xacmlDocument☺,o♥AX)¿k<?xml version="1.0" encoding="UTF-8"?> ♥_☻
I assume this is a kind of binary/XML logger.
You can stop your server, delete this file (and another: changelog.index
) and restart the server. The files will be created again.
java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[myRole]
Short stacktrace:
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'myJmsTemplate' (...)
Invocation of init method failed; nested exception is java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[myRole]
Complete stacktrace
(copy paste in a text editor if the complete stack is not displayed in your browser):
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'myJmsTemplate' defined in URL [zip:C:/workarea/development/servers/wl_server/servers/XXXX/tmp/_WL_user/XXXXXXXXXXXX-ear/7gtxm8/XXXXXXXX-services-ejb.jar!/com/XXXXX/businessApplicationContext-XXXXXXXX.xml]: Cannot resolve reference to bean 'myJmsQueueConnectionFactory' while setting bean property 'connectionFactory'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'myJmsQueueConnectionFactory' defined in URL [zip:C:/workarea/development/servers/wl_server/servers/ejbtier/tmp/_WL_user/XXXXXX-ear/7gtxm8/XXXXXXXX.jar!/com/bnpparibas/primeweb/businessApplicationContextXXXXXXXXXXXX.xml]: Invocation of init method failed; nested exception is java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[myRole] at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:275) at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:104) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1245) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1010) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:472) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.java:409) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:380) at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:264) at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:221) at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:261) at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:185) at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:164) at org.springframework.context.support.AbstractApplicationContext.getBean(AbstractApplicationContext.java:881) (...) |
The issue appears when I try to deploy an EJB sending JMS messages from my Weblogic server, to another one, in another domain.
Fix:
- I have not fixed the issue myself, I gave pieces of advice to the teams in charge of solving them. But I assume following guidelines are OK.
- Indeed there are two issues: one on credentials and another on servers
- Servers need trust each other. More information is available here. I assume trust is granted thanks to the use of certificates.
- On another hand, credentials from my server, it is to say here “
myRole
” must be accepted by distant Ldap juridiction. I assume that distant EJB environment must something like:distantEnvironment.put(InitialContext.SECURITY_PRINCIPAL, "myRole");
Now it should work!
LDIFReader: modify record not ends with ‘-‘ in the record starting on line
Error:
Error: LDAPLocalException: com.novell.ldap.ldif_dsml.LDIFReader: modify record not ends with '-' in the record starting on line 38 of the file. (82) Local Error
Fix:
- go to the line hinted in the error (here:
38
) - get the block of the entry which is modified, for instance:
dn: cn=foo,ou=OUfoos,ou=Groups, dc=DCfoos
changetype: modify
add: uniqueMember
uniqueMember: cn=myFoo, ou=OUfoos, ou=Groups, dc=DCfoos
- then add a character
'-'
at the end of this block, you get:
dn: cn=foo,ou=OUfoos,ou=Groups, dc=DCfoos
changetype: modify
add: uniqueMember
uniqueMember: cn=myFoo, ou=OUfoos, ou=Groups, dc=DCfoos
-
com.novell.ldap.ldif_dsml.LDIFReader: Version line must be the first meaningful line
Error:
LDAPLocalException: com.novell.ldap.ldif_dsml.LDIFReader: Version line must be the first meaningful line(on line 1 of the file) (82) Local Error
Fix: add this line at the bottom of your Ldif file:
version: 1