Jonathan Lalou's blog

Posts Tagged ‘Ldap’

Delete changelog.data?

This morning I tried to save some space in my computer. I found a file changelog.data in the folder <domain>\admin\data\ldap\ldapfiles of which size was more than 7 Go… This file is used by WebLogic, but I don’t know for which purpose.

I performed a head command on it, here is the output:

☻   U♠cn=urn@Lbea@Lxacml@L2.0@Lentitlement@Lresource@Ltype@AE@AFurl@AG@AM@AOapplication@AEconsoleapp@AM@AOcontextPath@AE@AUconsole@AM@AOuri@AE@AU@AK+xacmlVersion=1.0,ou=Policies,ou=XACMLAuthorization,ouv"xacmlDocument☺er♠OrH~'<?xml version="1.0" encoding="UTF-8"?>
<Policy xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os" PolicyId="urn:bea:xacml:2.0:entitlement:resource:type@E@Furl@G@M@Oapplication@Econsoleapp@M@OcontextPath@E@Uconsole@M@Ouri@E@U@K" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable"><Description>Rol(Admin,Operator,Deployer,Monitor)</Description><Target><Resources><Resource><ResourceMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"><AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">type=&lt;url&gt;, application=consoleapp, contextPath=/console, uri=/*</AttributeValue><ResourceAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:resource:resource-ancestor-or-self" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/></ResourceMatch></Resource></Resources></Target><Rule RuleId="primary-rule" Effect="Permit"><Condition><Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-at-least-one-member-of"><Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-bag"><AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Admin</AttributeValue><AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Operator</AttributeValue><AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Deployer</AttributeValue><AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Monitor</AttributeValue></Apply><SubjectAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role" DataType="http://www.w3.org/2001/XMLSchema#string"/></Apply></Condition></Rule><Rule RuleId="deny-rule" Effect="Deny"></Rule></Policy>   ♂  gUxacmlStatus☺   ☺   ♥3   E☻♫  ƒ♫wlsXmlFragment☺A÷<WLSPolicytwmodifiersName☺nf$☻D§cn=admin☻  #â♠cn=urn@Lbea@Lxacml@L2.0@Lentitlement@Lresource@Ltype@AE@AFurl@AG@AM@AOapplication@AEconsoleapp@AM@AOcontextPath@AE@AUconsole@AM@AOuri@AE@AUimages@AU@AK+xacmlVersionv"xacmlDocument☺,o♥AX)¿k<?xml version="1.0" encoding="UTF-8"?>  ♥_☻
<Policy xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os" PolicyId="urn:bea:xacml:2.0:entitlement:resource:type@E@Furl@G@M@Oapplication@Econsoleapp@M@OcontextPath@E@Uconsole@M@Ouri@E@Uimages@U@K"
RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable"><Description>?weblogic.entitlement.rules.UncheckedPolicy()</Description><Target><Resources><Resource><ResourceMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"><AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">type=&lt;url&gt;, application=consoleapp, contextPath=/console,
uri=/images/*</AttributeValue><ResourceAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:resource:resource-ancestor-or-self" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/></ResourceMatch></Resource></Resources></Target><Rule RuleId="unchecked-policy" Effect="Permit"></Rule></Policy>   ♂  gUxacmlStatus☺   ☺   ♥3   E☻♫  ƒ♫wlsXmlFragment☺   ( ☺A÷<WLSPolicyInfo wlstwmodifiersName☺lo$☻D§cn=admin☻ywlcn=urn@Lbea@Lxacml@L2.0@Lentitlement@Lresource@Ltype@AE@AFurl@AG@AM@AOapplication@AEconsoleapp@AM@AOcontextPath@AE@AUconsole@AM@AOuri@AE@AU@AK+xacmlVersion=1.0,ou=Polv"xacmlDocument☺th♠OiH~'<?xml version="1.0" encoding="UTF-8"?>
<Policy xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os" PolicyId="urn:bea:xacml:2.0:entitlement:resource:type@E@Furl@G@M@Oapplication@Econsoleapp@M@OcontextPath@E@Uconsole@M@Ouri@E@U@K" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable"><Description>Rol(Admin,Operator,Deployer,Monitor)</Description><Target><Resources><Resource><ResourceMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"><AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">type=&lt;url&gt;, application=consoleapp, contextPath=/console, uri=/*</AttributeValue><ResourceAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:resource:resource-ancestor-or-self" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/></ResourceMatch></Resource></Resources></Target><Rule RuleId="primary-rule" Effect="Permit"><Condition><Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-at-least-one-member-of"><Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-bag"><AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Admin</AttributeValue><AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Operator</AttributeValue><AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Deployer</AttributeValue><AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Monitor</AttributeValue></Apply><SubjectAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role" DataType="http://www.w3.org/2001/XMLSchema#string"/></Apply></Condition></Rule><Rule RuleId="deny-rule" Effect="Deny"></Rule></Policy>   ♂  gUxacmlStatus☺   ☺   ♥3   E☻♫  ƒ♫wlsXmlFragment☺A÷<WLSPolicytwmodifiersName☺nf$☻D§cn=Admin☻  +cn=urn@Lbea@Lxacml@L2.0@Lentitlement@Lresource@Ltype@AE@AFurl@AG@AM@AOapplication@AEconsoleapp@AM@AOcontextPath@AE@AUconsole@AM@AOuri@AE@AUimages@AU@AK+xacmlVersion=1v"xacmlDocument☺u=♥AC)¿k<?xml version="1.0" encoding="UTF-8"?>♥_☻
<Policy xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os" PolicyId="urn:bea:xacml:2.0:entitlement:resource:type@E@Furl@G@M@Oapplication@Econsoleapp@M@OcontextPath@E@Uconsole@M@Ouri@E@Uimages@U@K"
RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable"><Description>?weblogic.entitlement.rules.UncheckedPolicy()</Description><Target><Resources><Resource><ResourceMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"><AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">type=&lt;url&gt;, application=consoleapp, contextPath=/console,
uri=/images/*</AttributeValue><ResourceAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:resource:resource-ancestor-or-self" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/></ResourceMatch></Resource></Resources></Target><Rule RuleId="unchecked-policy" Effect="Permit"></Rule></Policy>   ♂  gUxacmlStatus☺   ☺   ♥3   E☻♫  ƒ♫wlsXmlFragment☺   ( ☺A÷<WLSPolicyInfo wlstwmodifiersName☺lo$☻D§cn=Admin☻yw+UCre<▼modifyTimeStamp☺eploy   +☻   <▼modifyTimeStamp☺
cn=urn@Lbea@Lxacml@L2.0@Lentitlement@Lresource@Ltype@AE@AFurl@AG@AM@AOapplication@AEconsoleapp@AM@AOcontextPath@AE@AUconsole@AM@AOuri@AE@AU@AK+xacmlVersion=1.0,ou=Policies,ou=XACMLAuthorization,ou=myreav"xacmlDocument☺ ♠♠O H~'<?xml version="1.0" encoding="UTF-8"?>
<Policy xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os" PolicyId="urn:bea:xacml:2.0:entitlement:resource:type@E@Furl@G@M@Oapplication@Econsoleapp@M@OcontextPath@E@Uconsole@M@Ouri@E@U@K" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable"><Description>Rol(Admin,Operator,Deployer,Monitor)</Description><Target><Resources><Resource><ResourceMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"><AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">type=&lt;url&gt;, application=consoleapp, contextPath=/console, uri=/*</AttributeValue><ResourceAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:resource:resource-ancestor-or-self" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/></ResourceMatch></Resource></Resources></Target><Rule RuleId="primary-rule" Effect="Permit"><Condition><Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-at-least-one-member-of"><Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-bag"><AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Admin</AttributeValue><AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Operator</AttributeValue><AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Deployer</AttributeValue><AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Monitor</AttributeValue></Apply><SubjectAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role" DataType="http://www.w3.org/2001/XMLSchema#string"/></Apply></Condition></Rule><Rule RuleId="deny-rule" Effect="Deny"></Rule></Policy>   ♂  gUxacmlStatus☺   ☺   ♥3   E☻♫  ƒ♫wlsXmlFragment☺A÷<WLSPolicytwmodifiersName☺nf$☻D§cn=Admin☻  +â♫  <▼modifyTimeStamp☺  ♠  7Ödeploy   +☻   <▼modifyTimeStamp☺
cn=urn@Lbea@Lxacml@L2.0@Lentitlement@Lresource@Ltype@AE@AFurl@AG@AM@AOapplication@AEconsoleapp@AM@AOcontextPath@AE@AUconsole@AM@AOuri@AE@AUimages@AU@AK+xacmlVersion=1.0,ou=Policies,ou=XACMLAuthorizationv"xacmlDocument☺l_♥Ar)¿k<?xml version="1.0" encoding="UTF-8"?>
<Policy xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os" PolicyId="urn:bea:xacml:2.0:entitlement:resource:type@E@Furl@G@M@Oapplication@Econsoleapp@M@OcontextPath@E@Uconsole@M@Ouri@E@Uimages@U@K"
RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable"><Description>?weblogic.entitlement.rules.UncheckedPolicy()</Description><Target><Resources><Resource><ResourceMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"><AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">type=&lt;url&gt;, application=consoleapp, contextPath=/console,
uri=/images/*</AttributeValue><ResourceAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:resource:resource-ancestor-or-self" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/></ResourceMatch></Resource></Resources></Target><Rule RuleId="unchecked-policy" Effect="Permit"></Rule></Policy>   ♂  gUxacmlStatus☺   ☺   ♥3   E☻♫  ƒ♫wlsXmlFragment☺   ( ☺A÷<WLSPolicyInfo wlstwmodifiersName☺lo$☻D§cn=Admin☻yw+U♀cn=urn@Lbea@Lxacml@L2.0@Lentitlement@Lresource@Ltype@AE@AFurl@AG@AM@AOapplication@AEconsoleapp@AM@AOcontextPath@AE@AUconsole@AM@AOuri@AE@AU@AK+xacmlVersion=1.0,ou=Pv"xacmlDocument☺Au♠OoH~'<?xml version="1.0" encoding="UTF-8"?>
<Policy xmlns="urn:oasis:names:tc:xacml:2.0:policy:schema:os" PolicyId="urn:bea:xacml:2.0:entitlement:resource:type@E@Furl@G@M@Oapplication@Econsoleapp@M@OcontextPath@E@Uconsole@M@Ouri@E@U@K" RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable"><Description>Rol(Admin,Operator,Deployer,Monitor)</Description><Target><Resources><Resource><ResourceMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"><AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">type=&lt;url&gt;, application=consoleapp, contextPath=/console, uri=/*</AttributeValue><ResourceAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:resource:resource-ancestor-or-self" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="true"/></ResourceMatch></Resource></Resources></Target><Rule RuleId="primary-rule" Effect="Permit"><Condition><Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-at-least-one-member-of"><Apply FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-bag"><AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Admin</AttributeValue><AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Operator</AttributeValue><AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Deployer</AttributeValue><AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">Monitor</AttributeValue></Apply><SubjectAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:2.0:subject:role" DataType="http://www.w3.org/2001/XMLSchema#string"/></Apply></Condition></Rule><Rule RuleId="deny-rule" Effect="Deny"></Rule></Policy>   ♂  gUxacmlStatus☺   ☺   ♥3   E☻♫  ƒ♫wlsXmlFragment☺A÷<WLSPolicytwmodifiersName☺nf$☻D§cn=Admin☻  +â♀cn=urn@Lbea@Lxacml@L2.0@Lentitlement@Lresource@Ltype@AE@AFurl@AG@AM@AOapplication@AEconsoleapp@AM@AOcontextPath@AE@AUconsole@AM@AOuri@AE@AUimages@AU@AK+xacmlVersionv"xacmlDocument☺,o♥AX)¿k<?xml version="1.0" encoding="UTF-8"?>  ♥_☻

I assume this is a kind of binary/XML logger.

You can stop your server, delete this file (and another: changelog.index) and restart the server. The files will be created again.

Posted in en-US | Tags: changelog.data, changelog.index, Jonathan Lalou, Ldap, Weblogic | 2 Comments »

java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[myRole]

Author: Jonathan Lalou

Short stacktrace:

org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'myJmsTemplate' (...) Invocation of init method failed; nested exception is java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[myRole]

Complete stacktrace

(copy paste in a text editor if the complete stack is not displayed in your browser):

org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'myJmsTemplate' defined in URL [zip:C:/workarea/development/servers/wl_server/servers/XXXX/tmp/_WL_user/XXXXXXXXXXXX-ear/7gtxm8/XXXXXXXX-services-ejb.jar!/com/XXXXX/businessApplicationContext-XXXXXXXX.xml]: Cannot resolve reference to bean 'myJmsQueueConnectionFactory' while setting bean property 'connectionFactory'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'myJmsQueueConnectionFactory' defined in URL [zip:C:/workarea/development/servers/wl_server/servers/ejbtier/tmp/_WL_user/XXXXXX-ear/7gtxm8/XXXXXXXX.jar!/com/bnpparibas/primeweb/businessApplicationContextXXXXXXXXXXXX.xml]: Invocation of init method failed; nested exception is java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[myRole]
 at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:275)
 at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:104)
 at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1245)
 at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1010)
 at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:472)
 at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.java:409)
 at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:380)
 at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:264)
 at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:221)
 at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:261)
 at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:185)
 at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:164)
 at org.springframework.context.support.AbstractApplicationContext.getBean(AbstractApplicationContext.java:881)
(...)

The issue appears when I try to deploy an EJB sending JMS messages from my Weblogic server, to another one, in another domain.

Fix:

I have not fixed the issue myself, I gave pieces of advice to the teams in charge of solving them. But I assume following guidelines are OK.
Indeed there are two issues: one on credentials and another on servers
Servers need trust each other. More information is available here. I assume trust is granted thanks to the use of certificates.
On another hand, credentials from my server, it is to say here “myRole” must be accepted by distant Ldap juridiction. I assume that distant EJB environment must something like:
- distantEnvironment.put(InitialContext.SECURITY_PRINCIPAL, "myRole");

Now it should work!

Posted in en-US | Tags: 090398, credentials, Java, JMS, Jonathan Lalou, Ldap, SecurityException, Spring, Weblogic | 1 Comment »

LDIFReader: modify record not ends with ‘-‘ in the record starting on line

Author: Jonathan Lalou

Error:

Error: LDAPLocalException: com.novell.ldap.ldif_dsml.LDIFReader: modify record not ends with '-' in the record starting on line 38 of the file. (82) Local Error

Fix:

go to the line hinted in the error (here: 38)
get the block of the entry which is modified, for instance:

dn: cn=foo,ou=OUfoos,ou=Groups, dc=DCfoos
changetype: modify
add: uniqueMember 
uniqueMember: cn=myFoo, ou=OUfoos, ou=Groups, dc=DCfoos

then add a character '-' at the end of this block, you get:

dn: cn=foo,ou=OUfoos,ou=Groups, dc=DCfoos
changetype: modify
add: uniqueMember 
uniqueMember: cn=myFoo, ou=OUfoos, ou=Groups, dc=DCfoos
-

Posted in en-US, General | Tags: Java, Ldap, LDAPLocalException, Ldif, LDIFReader | No Comments »

com.novell.ldap.ldif_dsml.LDIFReader: Version line must be the first meaningful line

Author: Jonathan Lalou

Error:

 LDAPLocalException: com.novell.ldap.ldif_dsml.LDIFReader: Version line must be the first meaningful line(on line 1 of the file) (82) Local Error

Fix: add this line at the bottom of your Ldif file:

 version: 1

Posted in en-US, General, The geek way of life | Tags: Java, Ldap, LDAPLocalException, Ldif, LDIFReader | No Comments »

S	M	T	W	T	F	S
« Sep
				1	2	3
4	5	6	7	8	9	10
11	12	13	14	15	16	17
18	19	20	21	22	23	24
25	26	27	28	29	30