Skip to main content

WebLogic 10 Active Directory Authentication Provider Bug


This is a simple symptom-cause-solution blog entry only. I hope these blogs will help fellow administrators.

Symptom

With an Active Directory Authenticator configured, if a user logs in once with incorrect credentials further attempts to log in will fail, even with the correct username and password (until the server is restarted). If the user continues to login with correct credentials, WebLogic will eventually lockout the account.

Cause

This is a known bug for WebLogic 10 MP1.
During authentication the AD provider binds twice using the same LDAP connection, once with the username password being authenticated, and once with the credentials supplied when you configure the LDAP provider. If authentication fails, the second binding doesn’t happen, and the unauthenticated LDAP connection is returned to the internal LDAP connection pool. This poses a problem when later trying to authenticate and the unauthenticated LDAP connection is retrieved from the pool...
-Cobbie Behrend (Source: Bastion)

Solution

Contact Oracle for a WebLogic patch, or upgrade to a later service pack.

Note to Vignette users: If you encounter this problem with VCM 7.6, Vignette will supply SP1 to fix the issue.

References

Comments

Popular posts from this blog

BAD_CERTIFICATE - A corrupt or unuseable certificate...

This is a simple symptom-cause-solution blog entry only. I hope these blogs will help fellow administrators.
Symptom
In wls_utc, when trying to test a webservice using SSL, the following error message is received: javax.net.ssl.SSLKeyException: FATAL Alert:BAD_CERTIFICATE - A corrupt or unuseable certificate was received.
If SSL debugging is enabled, the following error also appears in the logs: ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)' <1254822672320>>
verification failed because RSA key public exponent [3] is too small
Cause
The certificate encryption is of a weaker strength than expected by newer versions of Java.
Solution
Add the flag "-Dweblogic.security.SSL.allowSmallRSAExponent=true" to the server startup parameters.
References


None.

Connection refused: No available router to destination

This is a simple symptom-cause-solution blog entry only. I hope these blogs will help fellow administrators.
Symptom

The following exception occurs in WebLogic server logs. Most likely to occur during WebLogic server start-up, but similar exceptions may occur at other times.
java.net.ConnectException: t3://myserver:8000: Destination unreachable; nested exception is: java.net.ConnectException: Connection refused: connect; No available router to destination] at weblogic.jndi.internal.ExceptionTranslator.toNamingException(ExceptionTranslator.java:49) at weblogic.jndi.WLInitialContextFactoryDelegate.toNamingException(WLInitialContextFactoryDelegate.java:773) at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:363) at weblogic.jndi.Environment.getContext(Environment.java:307) at weblogic.jndi.Environment.getContext(Environment.java:277)
Cause
This message (Connection refused: connect; No available router to destination) is a kind of "catch…

BEASVC.EXE - WebLogic as a Windows Service

I remember the first time I had to work out why WebLogic wouldn't run as a service. It was a frustrating experience. There were no error messages. No Windows error dialog. No console output.

How do you troubleshoot something like this??!!

This short article will show you. For simplicity I'll talk about the node manager, but the same principles apply for running an admin or managed server as a service.

First Steps

First, you still have your server logs. Sure the console output is better, but it's a starting point. Check this log for errors and especially take note of the start up variables such as PATH and CLASSPATH. If the server log isn't being created, that tells you WebLogic probably isn't even being started. (Check that you have a license file if you haven't already.)

Ok, so the logs were no help. The next step is to look at how the service is trying to start WebLogic.

When you install WebLogic as a service, you're really setting up beasvc.exe as the service.…