Software AG Products 10.7 | Administering CentraSite | Configuring CentraSite | Configuring User Authentication and Repositories | Transforming and Migrating Internal and LDAP Configuration Data | Creating Technical User for Reconfiguring Migrated Configuration
 
Creating Technical User for Reconfiguring Migrated Configuration
Upgraded configurations might suffer from the limitation that the new LDAPLoginModule requires a technical user for dealing with incomplete user DNs. A missing technical user is indicated by the following error messages in the SIN.log:
Sample A
[LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment:
AcceptSecurityContext error, data 52e, v1db1]
Sample B
[LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903AA, comment:
AcceptSecurityContext error, data 525, v1772]
The above error messages indicate that there was an authentication failure while attempting to login the user.
Important:
To create a SIN log, the following property lines need only be applied to the first occurring login module in the CentraSite login context of jaas.config file. You can find the file in the directory <Software AG_directory>/profiles/CTP/configuration.
useLog="true"
logFile="path-to-log-folder/SIN.log"
logLevel="DEBUG"
To configure a technical user, you must manually update the jaas.config file in the following way:
*Specify the full User DN value of the technical user in the prin property.
prin="CN=tech-user,OU=Generic,OU=Germany,DC=eur,DC=ad,DC=sag"
*Specify the password of the technical user in the cred property.
cred="password"
After making the above changes, the Jaas configuration would look like the following:
CentraSite {
com.softwareag.security.jaas.login.internal.InternalLoginModule sufficient
domain="INTERNAL"
alias="INTERNAL"
applyDomain="true"
create_group_principal="false"
internalRepository="C:/SoftwareAG/common/conf/users.txt";

com.softwareag.security.sin.is.ldap.lm.LDAPLoginModule required
domain="EUR"
url="ldap://ldap-server:389"
createGroupProperties="true"
creategroups="true"
noPrinIsAnonymous="false"
prin="CN=tech-user,ou=user,OU=Germany,DC=EUR,DC=example,DC=com"
cred="password"
usecaching="false"
alias="EUR"
personobjclass="inetOrgPerson"
useaf="false"
grouprootdn="DC=EUR,DC=example,DC=com"
userrootdn="DC=EUR,DC=example,DC=com"
memberinfoingroups="false"
applyDomain="true"
createUserProperties="true"
groupobjclass="group"
uidprop="sAMAccountName";
};