Webseal runtime component configuration

947 views Asked by At

enter image description here

Hello i am working on the IBM webseal authentication. i want to implement the webseal authentication into my application. while configuring the runtime component i am getting the following error.

Unable to verify the management domain location DN in the
LDAP server: (secAuthority=Default).
If the location does not exist on the server, create it,
otherwise specify a different location that does exist.


Error: DPWAP0003I An error occurred while executing the command: /opt/PolicyDirector/sbin/PDMgr_config -s TRUE -y no -v TRUE -d CN=jony mittal,OU=dev,DC=dgad,DC=com -w XXXX -L 389 -C fips -D Default -m XXXX -l 1460 (0x1)

anyone please help me to resolve this issue. thanks

1

There are 1 answers

0
Matt On

When you are configuring ISAM/ISVA PD runtime, PDMgr_config will deploy its registry into your LDAP directory server. This requires modifying the schema of the LDAP server. To do this, it requires administrator rights on the directory. Commonly this will be an account such as cn=root, cn=admin, cn=DM, etc. depending on your directory server.

I believe what may work better for you, if you are configuring ISAM from scratch, is likely deploy using the internal/embedded LDAP. When configuring the runtime choose the local LDAP server option. You can set the credentials on the local/embedded LDAP server on the tab where you configure the runtime. Just set a password on it, then feed that password into the runtime configuration.

Then, if you are needing to tie into another directory, which I expect is the case since you are trying to do this now, then use basic user mode with a "federated registry" so you don't have to deploy the ISAM "registry" and hence do not have to modify the existing directory. This way you can authenticate and authorize users off an existing directory without having to modify that directory specifically to support ISAM.

Additional information here: