cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

VDS Errors in GRC

Go to solution
former_member2987
Active Contributor

on ‎04-03-2012 9:46 PM

0 Kudos

Hi folks,

Trying to set up the connection between IDM and GRC using IDM 7.2 SP3 and GRC 10 SP5.  I have created the EAR/SCA and posted it, and created the IDM/GRC configuration based on the IDM template GRC AC 10 Integration.xml and tested it using the internal LDAP Browser.

However when I go to run the GRC initial load job I get the following Error:


Error

fromDSA.doSearch got exception, returning false

javax.naming.AuthenticationException: [LDAP: error code 49 - Explicit authentication failed]

Error

Init failed

We are using an Oracle Database and a RHEL server.the VDS User is grcuser with a password of grcuser, I believe that I am getting through since I can browse to see the o=grc and the ous underneath, but I cannot see any deeper than that.

Any ideas?

Thanks,

Matt

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎04-04-2012 3:46 PM
0 Kudos

Hi Matt,

I've not done this on IdM 7.2/ GRC 10 I'm afraid - but what do your repository constants look like on the GRC repository in IdM?

Cheers,

Ian

Show replies
Show replies
former_member2987
Active Contributor
‎04-04-2012 5:18 PM
0 Kudos

We were able to get past the credentials issue.  It seems we had an issue with how VDS was talking to GRC.  Now I get this error:

Pass: Get Priorities From VDS

Error

fromDSA.doSearch got exception, returning false

javax.naming.NamingException: [LDAP: error code 1 - (GRC Lookup Service:1:Exception in GRC WS API call:(403)Forbidden)]; remaining name ''

Error

Init failed

The other interesting thing I see in the log is a warning at the end:

Pass: Get Roles From VDS

Warning

FromDSA.init. The Query select id from sapGRC10applications returned no entries!

Warning

Failed reading next page (Maybe server did not support it?

java.lang.NullPointerException

It would seem that there is something from GRC that IDM is expecting to see, but it's not there.  Any ideas?

The Error is occuring for all of the from LDAP passes...

Matt

former_member2987
Active Contributor
‎04-04-2012 6:08 PM
0 Kudos

Some more information from VDS log when I try to execute the GRC Initial Load Commons:

XML sent:
---------------------------------------------------
Enter: SOAPPart::saveChanges
POST /sap/bc/srt/rfc/sap/grac_lookup_ws/200/grac_lookup_ws/grac_lookup_ws HTTP/1.0
Content-Type: text/xml; charset=utf-8
Accept: application/soap+xml, application/dime, multipart/related, text/*
User-Agent: Axis/1.4
Host: acd-kiecore.kiewit.com:8000
Cache-Control: no-cache
Pragma: no-cache
SOAPAction: ""
Content-Length: 342
Authorization: Basic bWF0dC5wb2xsaWNvOjFxMnchUUBX
<?xml version="1.0" encoding="UTF-8"?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><soapenv:Body><GracIdmLookupServices xmlns="urn:sap-com:document:sap:soap:functions:mc-style"/></soapenv:Body></soapenv:Envelope>
HTTP/1.0 403 Forbidden
content-type text/html; charset=utf-8
content-length 2435
server SAP NetWeaver Application Server / ABAP 702
org.apache.axis.i18n.resource::handleGetObject(return01)
(403)Forbidden
Enter: SOAPPart ctor(FORM_FAULT)
org.apache.axis.i18n.resource::handleGetObject(setMsgForm)
Setting current message form to: FORM_FAULT (currentMessage is now org.apache.axis.AxisFault)
Exit: SOAPPart ctor()
org.apache.axis.i18n.resource::handleGetObject(toAxisFault00)
Mapping Exception to AxisFault
Exception in GRC WS API call:(403)Forbidden
*** Starting post processing phase ***
(Node:o=grc,ou=lookupservice,*): Failed
*** Fetch result code ***
Exception: (GRC Lookup Service:1:Exception in GRC WS API call:(403)Forbidden)
Java
{0}#1#com.sap.idm.vds.MVDException
at com.sap.idm.vds.operations.MVDSearchOperation.FetchResultCode(MVDSearchOperation.java:908)
at com.sap.idm.vds.operations.SearchOperation.mxperform(SearchOperation.java:49)
at com.sap.idm.vds.Engine.answerRequest(Engine.java:261)
at com.sap.idm.vds.protocols.ldap.MxLdapSession.run(MxLdapSession.java:193)
Returning: opResult:1,info: ((GRC Lookup Service:1:Exception in GRC WS API call:(403)Forbidden))
Finished search operation
Sending operation result
Sending response to socket: 65497
LDAP Session continues ...

The entry: 

Exception: (GRC Lookup Service:1:Exception in GRC WS API call:(403)Forbidden) 

concerns me greatly.  Any idea why this might be happening?

M

Former Member
‎01-25-2013 2:46 AM
0 Kudos

Hi Matt

How did you get past this?  I've just run smack into the 403 error...

Peter

former_member2987
Active Contributor
‎01-25-2013 1:56 PM
0 Kudos

Peter,

Make sure all of the GRC Webservices are installed and properly configured.

Matt

Former Member
‎03-11-2013 3:08 PM
0 Kudos

Hello Mat,

I previously having our AD on 389 port using LDAP .now during migration we are going to use VDS instead of AD on port 636 and LDAPS protocol. DUring authentication with VDS my application is failing with error

javax.naming.AuthenticationException: [LDAP: error code 49 - Explicit authentication failed]

Could you please help me in this issue. I tried username i.e.Context.SECURITY_PRINCIPAL

by various ways but still fails with same.

previously i was getting error

javax.naming.CommunicationException: simple bind failed: vds-xxx.xx.com:636[Root exception is javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:No trusted certificate found]

But i installed all the certificates manually using mmc command and its removed. But above error just frustrating me from last 2 days.

Please help me in this.

My application code is in java...

former_member2987
Active Contributor
‎03-11-2013 3:23 PM
0 Kudos

Kalpesh,

Not sure why you are using LDAPS for GRC, the communication should all be through the internal network so there should be no real reason for this.

LDAP 49 is a credentials error.  Please check your login ID / Password to VDS. It also looks like your certificate was not installed correctly.  I believe there's a tutorial for using LDAPS in VDS but it is centered on working with a directory service, not GRC.

Matt

Former Member
‎03-26-2013 10:22 AM
0 Kudos

Hello Mat,

i appreciated for your help.

Still hanging with same issue.....

The reason of using LDAPS is our CITS team who develop VDS for us suggests that the current version of the VDS will support only SSL connections. Any application will therefore need to have the internal root CA trusted.and The port  is the standard LDAPS port 636.

Yes,i also agree with you that the issue is with the username & password to VDS but didnt figure out how to solve this issue as a naive users of AD/VDS.

So could you please suggest how to solve this issue?

if u suggest not to use ldaps then what should be there instead of LDAPS?

See my java code is(for reference):

env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");

env.put(Context.PROVIDER_URL, "ldaps://vds-us.xxx.com:636");

env.put(Context.SECURITY_AUTHENTICATION, "simple");

env.put(Context.SECURITY_PRINCIPAL, "svc_appadquery");

env.put(Context.SECURITY_CREDENTIALS, "zqHw2re$");

"svc_appadquery" is service account created under pharma domain and values for dc are:  dc=vds,dc=enterprise

Any inputs from you is valueble for us so please help.

Regards,

Kalpesh.

former_member2987
Active Contributor
‎03-26-2013 12:58 PM
0 Kudos

Kalpesh,

VDS will do secured SSL or non-SSL (default) connections.

Not a Java developer so I'm afraid I can't help you with your coding.  Sorry.

Matt

Answers (0)

Ask a Question