Attempts to start the server fail after making a change to the LDAP
settings in the administrative console or with wsadmin. For example, you
change the Server user ID in the administrative console, save the changes,
and then attempt to restart the server. The startServer.log shows
the following message:
ADMU3011E: Server launched but failed
initialization.
Server log files should contain failure information. Log file
<install_root>/logs/<servername>/SystemOut.log
contains an exception similar to the following:
SECJ0336E: Authentication failed for
user uid=12345, c=us, ou=bluepages, o=ibm.com because of the following
exception: javax.naming. AuthenticationException: [LDAP: error code 49 -
Invalid Credentials]
The following changes are necessary to fix any problems starting the
server when security is enabled, regardless of the cause.
- Disable global security in the
security.xml file. This
allows you to start the server.
-
- Locate
security.xml file in
<install_path>/WebSphere/AppServer/config/cells/<your_cell_name>
- Make a backup copy and store it somewhere outside of WebSphere
Application server directories.
- Open
security.xml file in an editor and search for the
first occurrence of the word enabled.
- Change enabled="true" to enabled="false".
- Save the file and restart the server.
- Open the Administration Console and go to Security > Global
Security. The "Enabled" box should now be unchecked.
- Start the server and make any needed changes in the LDAP settings
panel of the WebSphere Administrative Console.
- Go to the Global Security panel and re-enable security. At this point,
the userid and password will be checked against the LDAP server.
If authentication to the LDAP server fails, an error message will appear
in the console.
- Once validation is successful, restart the WebSphere server to save
your changes.
|