iDA 1.2 & iPlanet Messaging Server 5.2 integration problem
We are getting the following error when we click "Delegated Administrator" link under "Options" in iPlanet Messaging Server 5.2 webmail:
[06/Jan/2007:11:00:42] failure ( 2547): Internal error: servlet service function had thrown ServletException (uri=/servlet/ge
tPage): javax.servlet.ServletException: java.lang.Exception: ../templates/enduser/My-acct/HomePage.html:150 ->
Unable to locate entry corresponding to dataType -> self, stack: javax.servlet.ServletException: java.lang.Exception: ../temp
lates/enduser/My-acct/HomePage.html:150 ->
Unable to locate entry corresponding to dataType -> self
at netscape.nda.servlet.NDAIMSGetPage.execute(NDAIMSGetPage.java:496)
at netscape.nda.servlet.NDAServlet.doPost(NDAServlet.java:117)
at netscape.nda.servlet.NDAServlet.doGet(NDAServlet.java:138)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.iplanet.server.http.servlet.NSServletRunner.invokeServletService(NSServletR unner.java:897)
at com.iplanet.server.http.servlet.NSServletRunner.Service(NSServletRunner.java:46 4)
, root cause:
this was working fine for a long time and we're not sure what may have happened to break this. We have checked tha the ida proxy username & password is correct, and the ACI is in place. Any help is appreciated.
# 1
Hi,Are you able to log into your iDA installation as a user via http://<iDA hostname>:<iDA port>/nda/start.htm ?If so, what have you set for the NDAStartPage variable in your main.js file under <msg_root>/html/ ?Regards,Shane.
# 2
If you're actually using iDA 1.2, you might want to download "patch2", uninstall your current version, and install the new one.If you updated your web server, likely that's the problem. iDA depends on specific behavior of the old web server it's installed on to funciton fully,
# 3
I am not able to login via http://...:.../nda/start.htm. Says "Invalid credentials". However, I did have the wrong host in NDAStartPage. Going in the iDA via Messaging Server web interface, I get "server error" page. I am now getting this message in the IWS6 error log:
[11/Jan/2007:12:31:48] failure ( 9383): Internal error: servlet service function had thrown ServletException (uri=/servlet/ssoauth): javax.se
rvlet.ServletException: java.lang.NullPointerException: IWSHttpSession: Session attribute name or value is null, stack: javax.servlet.Servlet
Exception: java.lang.NullPointerException: IWSHttpSession: Session attribute name or value is null
at netscape.nda.servlet.NDAAuth.execute(NDAAuth.java:342)
at netscape.nda.servlet.NDASSOAuth.execute(NDASSOAuth.java:67)
at netscape.nda.servlet.NDAServlet.doPost(NDAServlet.java:117)
at netscape.nda.servlet.NDAServlet.doGet(NDAServlet.java:138)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.iplanet.server.http.servlet.NSServletRunner.invokeServletService(NSServletR unner.java:897)
at com.iplanet.server.http.servlet.NSServletRunner.Service(NSServletRunner.java:46 4)
, root cause:
I am able to login to the directory as the NDAUser and as the proxy user, and have verified that the usernames & passwords for these are specified correctly in the .properties files for nda and iws6. What am I missing?
# 4
Hi,
> I am not able to login via
> http://...:.../nda/start.htm. Says "Invalid
> credentials".
This is where you need to start. Try logging in again as a valid user and look at the directory server access/error logs to see whether there is a matching search. See if that search returns successful or not, that should help point you in the right direction.
Regards,
Shane.
# 5
If I try to connect directly using the url (http://fqdn:8080/nda/start.htm), click the "Login" link, then enter my username & password, I get the "Invalid Credentials" page. I did not notice any related entries in the DS log.
When going through Messenger Express (Options->Delegated Administrator), I get a server error page and the following appears in the DS log:
[11/Jan/2007:16:02:41 -0500] conn=178156 fd=194 slot=194 connection from IMS-IP to IDS-IP
[11/Jan/2007:16:02:41 -0500] conn=178156 op=0 BIND dn="uid=NDAUser, ou=config, o=mydomain" method=128 version=3
[11/Jan/2007:16:02:41 -0500] conn=178156 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=ndauser,ou=config,o=mydomain"
[11/Jan/2007:16:02:41 -0500] conn=178156 op=1 SRCH base="dc=my,dc=domain,o=internet" scope=0 filter="(|(objectClass=*)(objectClass=ldapsubentry))" attrs=ALL
[11/Jan/2007:16:02:41 -0500] conn=178156 op=1 RESULT err=0 tag=101 nentries=0 etime=0
[11/Jan/2007:16:02:41 -0500] conn=178156 op=2 BIND dn="" method=128 version=3
[11/Jan/2007:16:02:41 -0500] conn=178156 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn=""
[11/Jan/2007:19:25:51 -0500] conn=178156 op=3 BIND dn="uid=NDAUser, ou=config, o=mydomain" method=128 version=3
[11/Jan/2007:19:25:51 -0500] conn=178156 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=ndauser,ou=config,o=mydomain"
[11/Jan/2007:19:25:51 -0500] conn=178156 op=4 SRCH base="o=mydomain" scope=2 filter="(&(objectClass=nsManagedPerson)(uid=doe_john))" attrs=ALL
[11/Jan/2007:19:25:51 -0500] conn=178156 op=4 RESULT err=0 tag=101 nentries=1 etime=0
[11/Jan/2007:19:25:51 -0500] conn=178156 op=5 BIND dn="" method=128 version=3
[11/Jan/2007:19:25:51 -0500] conn=178156 op=5 RESULT err=0 tag=97 nentries=0 etime=0 dn=""
Thanks for the help!
# 6
If you don't see iDA BINDing to DS as NDAUser, then, likely, it's looking at the wrong Directory, or is in some major way misconfigured.
# 7
Did you see something in the log that indicates that NDAUser is not binding to the DS server? I wan't sure what the log was telling me.
# 8
Actually, I hadn't looked.
[11/Jan/2007:19:25:51 -0500] conn=178156 op=3 BIND dn="uid=NDAUser, ou=config, o=mydomain" method=128 version=3
[11/Jan/2007:19:25:51 -0500] conn=178156 op=3 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=ndauser,ou=config,o=mydomain"
[11/Jan/2007:19:25:51 -0500] conn=178156 op=4 SRCH base="o=mydomain" scope=2 filter="(&(objectClass=nsManagedPerson)(uid=doe_john))" attrs=ALL
[11/Jan/2007:19:25:51 -0500] conn=178156 op=4 RESULT err=0 tag=101 nentries=1 etime=0
I see the successful bind as NDAUser. Also, a successful search for doe_john. Is that the user you're using?
Did this iDA ever work? Have you patched anything since it worked?
# 9
iDA did work at one time. We use a system called Luminis from SCT/Sunguard. We upgraded Luminis, which runs on a separate server that hosts the iPlanet Web Server for the portal, iPlanet Calendar Server, and iPlanet Directory Server for user database. After this we noticed that iDA was broken. I am not sure if the Luminis upgrade also upgraded any of the iPlanet components. Initially we were thinking that an ACI or something got changed in LDAP, but It seems like everything is still okay. Per your suggestion, we did re-install iDA patch2, but it's still broke.
# 10
If lumis patched the web server, it's likely that is what broke iDA.If this were my system, I'd reinstall the web server that came with Messaging, as well as iDA.jay
# 11
As far as I know, the Luminis upgrade did not touch the messaging server box. I will try to verify this, though. Any other suggestions?
# 12
I'm sorry, it feels like you're not reading what I wrote. . .
You said that the Luninis upgrade was done on the box with the web server. The web server is where iDA runs. Has little to do with Messaging Server itself. In fact, iDA doesn't even talk to Messaging Server. Just to the LDAP server.....
It does depend on exactly the correct version of the web server to run. If that gets changed, then iDA doesn't run. Period.
# 13
Clarification:
host1:
iPlanet Web Server v5-something (portal)
iPlanet Directory Server (contains users users)
iPlanet Calendar Server
host2:
iPlanet Web Server v6 (iDA)
iPlanet Delegated Administrator v1.2 patch2
iPlanet Messaging Server v5.2
iPlanet Directory Server (iMS config)
The Luminis upgrade happened on host1. That's why we're guessing that iWS6 on host2 was unaffected by the upgrade.
# 14
Well, this isn't really a very good place to take your system fully apart. I would consider opening a support case.
Something must have changed to make "working" into "not working".
You should also be looking at upgrading to 6.2 (or 6.3, due out within a few weeks to months). 5.2 is on the "EOL" track. (End Of Life)
