Saturday, 13 October 2012

Unable to configure Federated Repositories in Integrated Solutions Console with Domino LDAP

In this post, I describe how I used an IBM Technote to find a solution to a problem that was preventing me from successfully securing WebSphere Application Server 7 against Lotus Domino 8.5.3.

Having installed WebSphere Portal 7 onto my 64-bit Red Hat Enterprise Linux 6.3 server, I was startled to see this exception: -

java.lang.NullPointerException     
 at   
com.ibm.ws.console.security.IdMgrRealm.VirtualRealmDetailActionGen.populateCollectionTableRow (VirtualRealmDetailActionGen.java:213)


whilst navigating to Security -> Global Security -> Federated Repositories -> Configure within the WAS Integrated Solutions Console.

My LDAP server is Lotus Domino 8.5.3, and the underlying WAS version was 7.0.0.11, which comes as default with WP 7.0.0.

I'd seen this before, but had forgotten the problem / solution.

Thankfully, I found this IBM Technote: -

Unable to configure Federated Repositories in Integrated Solutions Console with Domino LDAP

which says, in part: -

...
The WebSphere Application Server (WAS) Integrated Solutions Console (ISC) is unable to parse federated repositories configurations that contain a blank base entry. Many LDAPs do not require a blank base entry; however, due to Domino's LDAP default flat non-hierarchical design, a blank base entry for Domino LDAP is required for the configuration to function properly (Domino stores groups in "" by default though can be configured otherwise).
...
 Note: It is valid and indeed possible for an LDAP server other than Domino LDAP to have a blank base entry. However, it is very rare to observe this outside of Domino LDAP.
...

As I'd previously observed: -

WebSphere Portal 8 and Lotus Domino 8.5.1 Together - Can you say Doh! ?

it's acceptable to have a blank Base Distinguished Name ( Base DN ), so there was no need to change Domino.

Thankfully, the Technote had the answer: -

...
APAR PM47114 contains a fix for this issue. Please check the APAR link for more details of which versions of WebSphere Application Server the fix is available in. If you are unable to upgrade your WebSphere Application Server to a newer version, contact IBM Support to request a copy of iFix PM47114 for your current WebSphere Application Server version.
...

and the APAR: -

PM47114: VMM DOES NOT HANDLE ROOT BASE ENTRIES FROM LDAP PROPERLY.

confirmed that my solution was to upgrade WAS to 7.0.0.21 or above: -

7.0.0.21: WebSphere Application Server V7.0 Fix Pack 21
8.0.0.2: WebSphere Application Server V8.0 Fix Pack 2
8.0.0.3: WebSphere Application Server V8.0 Fix Pack 3
7.0.0.23: WebSphere Application Server V7.0 Fix Pack 23
8.0.0.4: WebSphere Application Server V8.0 Fix Pack 4
7.0.0.25: WebSphere Application Server V7.0 Fix Pack 25

Thankfully, I had the 7.0.0.21 fix pack downloaded, so I popped this on, and all is now well.

#LifeIsGood

No comments:

Note to self - use kubectl to query images in a pod or deployment

In both cases, we use JSON ... For a deployment, we can do this: - kubectl get deployment foobar --namespace snafu --output jsonpath="{...