HI Juergen,
Some comments and questions inline:
Juergen Arndt wrote:
Hello all,
I have some trouble with SSGD 4.40 and OpenLDAP. I know, OpenLDAP is
not supported officialy, but out customer doesn't want to switch to
the Sun Jave Directory Server.
So here are my points:
1) When assigning a user group to a directory or group of
applications, I get every time logged out of the administration
console. The reason is: "Authentication Error - You do not have
Administrator privileges". I was logged in with the account
"Administrator", so I'm really wondering , what this could mean.
Is there anything special about your SSGD administrator? ie, Is it an
LDAP user? Do you have multiple administrators (possibly using SSGD at
the same time)?
How are you accessing the admin console? ie Directly, using /sgdadmin or
from the Administrator's webtop?
On a different machine with a different browser I even get a java
exception (while doing the same action) like this:
com.tarantella.tta.webservices.TTAException
FaultCode: Server.Exception
FaultString: java.lang.Exception: Caught exception from SOAP method:
admin->runcommand()
FaultDetails: [java.lang.Exception:
javax.naming.directory.AttributeModificationException [Root exception
is javax.naming.directory.
ue or invalid ID.]First unexecuted modification: Add attribute:
scottamembergroups: cn=mygroup,ou=group,dc=mycompany,dc=de
at com.sco.tta.server.soapcommands.Admin.runCommand(Admin.java:275)
at sun.reflect.GeneratedMethodAccessor49.invoke(Unknown Source)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at
com.sco.tta.server.server.soap.SOAPControlledElement.invoke(SOAPControlledElement.java:124)
at
com.sco.tta.server.server.soap.SOAPController.invoke(SOAPController.java:204)
at
com.sco.tta.server.server.soap.SOAPCalcTask.processEnvelope(SOAPCalcTask.java:213)
at com.sco.tta.server.server.CalcTask.runTask(CalcTask.java:125)
at com.sco.tta.server.server.Task.run(Task.java:122)
at com.sco.cid.common.WorkerPool$Worker.run(WorkerPool.java:524)
at java.lang.Thread.run(Thread.java:619)
Caused by: javax.naming.directory.AttributeModificationException [Root
exception is javax.naming.directory.InvalidAttributeValueExce
nexecuted modification: Add attribute: scottamembergroups:
cn=mygroup,ou=group,dc=mycompany,dc=de
at
com.sco.jndi.toolkit.provider.BaseContext.modificationException(BaseContext.java:661)
at
com.sco.jndi.toolkit.provider.BaseContext.simpleModifyAttributes(BaseContext.java:595)
at
com.sco.tta.common.jndi.provider.diskds.DiskDSContext.pc_modifyAttributes(DiskDSContext.java:3878)
at
com.sco.jndi.toolkit.provider.PartialCompositeContext.pc_modifyAttributes(PartialCompositeContext.java:525)
at
com.sco.jndi.toolkit.provider.PartialCompositeContext.modifyAttributes(PartialCompositeContext.java:374)
at
javax.naming.spi.ContinuationDirContext.modifyAttributes(ContinuationDirContext.java:136)
at
com.sco.jndi.toolkit.provider.ToolkitContext.nns_modifyAttributes(ToolkitContext.java:2103)
at
com.sco.jndi.toolkit.provider.PartialCompositeContext.modifyAttributes(PartialCompositeContext.java:376)
at
com.sco.jndi.toolkit.provider.BaseContext.modifyAttributes(BaseContext.java:1436)
at
com.sco.tta.admin.common.actions.ModifyAttributesCommand.execute(ModifyAttributesCommand.java:100)
at
com.sco.tta.admin.common.CCToolkit.runAuthenticatedJNDIOp(CCToolkit.java:570)
at
com.sco.tta.admin.common.actions.BaseActionMap.doAction(BaseActionMap.java:273)
at
com.sco.tta.admin.common.actions.BaseActionMap.doAction(BaseActionMap.java:240)
at com.sco.tta.server.soapcommands.Admin.runCommand(Admin.java:268)
... 10 more
Caused by: javax.naming.directory.InvalidAttributeValueException:
Invalid value or invalid ID.
... 23 more
and so on.
From the command line, could send me the output from "# tarantella
object list_attributes --name <object_name>" of the object you are
trying to assigning the LDAP group to?
2) Sometimes - not always! - I get the message "No Connection to the
LDAP Server - Please check the network connection and the LDAP
server." while browsing with the administration console through the
user profiles for example.
The admin console holds a connection to the LDAP server so if the LDAP
server closes the connection, maybe due to an inactivity timeout, then
you will see this error. Do you see this error after a long period of
browsing the LDAP Tree in the admin console?
The LDAP-Server is working properly, I can do a ldapsearch with the
filter SSGD is using, and the LDAP server gives always a correct
answer. Interesting too, why SSGD writes this message immediately,
although the timeout for ldap-operations is set to 30 seconds. I
cannot reproduce this behaviour, it occurs from time to time.
Did anybody else encountered these problems when using OpenLDAP?
I've been using OpenLDAP as my LDAP backend for SSGD for a while and
have not seen these errors before, although I do prefer to use the "#
tarantella" command line interface into SSGD. I'll start using the admin
console more from now on to try and flush out any problems so they can
get fixed.
Hope this helped,
-- DD
_______________________________________________
SGD-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sgd-users
