WAS lessons from last week

Last week I overcame two stumbling blocks on my way to getting Lotus Connections 2.0 Beta 1 (yeah I know there’s a beta 2) up and running. I’m blogging about it to help others that might experience the same problems.

LDAP issue

The first problem was that I couldn’t log into the WAS admin. console after configuring the federated LDAP directory (I’m using Domino 7.0.2 LDAP). The exception I got in my SystemOut.log was the following (important part in bold):

“00000023 exception E com.ibm.ws.wim.adapter.ldap.LdapConnection search(String, String, Object[], SearchControls) CWWIM4520E The ‘javax.naming.NoPermissionException: [LDAP: error code 50 – Insufficient Access Rights]; remaining name ‘/’; resolved object com.sun.jndi.ldap.LdapCtx@9e009e0′ naming exception occurred during processing.
[29/04/08 11:46:22:494 CEST] 00000023 exception E com.ibm.ws.wim.adapter.ldap.LdapConnection search(String, String, Object[], SearchControls)
com.ibm.websphere.wim.exception.WIMSystemException: CWWIM4520E The ‘javax.naming.NoPermissionException: [LDAP: error code 50 – Insufficient Access Rights]; remaining name ‘/’; resolved object com.sun.jndi.ldap.LdapCtx@9e009e0′ naming exception occurred during processing.
at com.ibm.ws.wim.adapter.ldap.LdapConnection.search(LdapConnection.java:2419)
at com.ibm.ws.wim.adapter.ldap.LdapConnection.checkSearchCache(LdapConnection.java:2349)
at com.ibm.ws.wim.adapter.ldap.LdapConnection.search(LdapConnection.java:2524)
at com.ibm.ws.wim.adapter.ldap.LdapConnection.searchEntities(LdapConnection.java:2668)
at com.ibm.ws.wim.adapter.ldap.LdapAdapter.search(LdapAdapter.java:2763)
at com.ibm.ws.wim.ProfileManager.searchRepository(ProfileManager.java:4094)

After spending a lot of time trying to diagnose the issue and making sure I did it EXACTLY as prescribed by IBM I still couldn’t solve the issue. I had no problems logging into the LDAP directory which otherwise worked perfectly from other applications. Finally thanks to Robert Thatcher from IBM the problem was solved. It had nothing to do with wimconfig.xml as such or other WAS goodness – it was simply due to missing rights to the LDAP directory. I guess the exception says it too…

I simply didn’t think the user logging into the LDAP needed anything else than reader access in the ACL of Domino Directory. It turns out that Manager is more like it. Hmmm…. I haven’t turned the access level down yet so I don’t know if less will do it as well.

Also many, many thanks to Courious Mitch for helping me out with wimconfig.xml.
</p<

IHS node issue

Second issue was that I ended up with two nodes under my WAS profile when configuring the IHS WAS plugin. The actual issue that made me look there was that I was unable to manage SSL certificates for the IHS plugin.

The problem was that when creating the webserver1 in the WAS admin. console I didn’t specify the hostname that WAS was actually bound to. Instead I specified the DNS name I would like to contact WAS using which made WAS create two nodes. Using the fully qualified hostname of the WAS server solved this issue.