IBM Support

CWWIM4548E error on server startup after configuring security

Troubleshooting


Problem

After configuring security using the "wp-modify-ldap-security" task and restarting the portal server, you are unable to access any portal pages. The SystemOut.log contains the following error: [] [8/27/08 10:37:23:991 IST] 00000015 VaultServiceI E com.ibm.wps.services.credentialvault.VaultServiceImpl checkSystemDNInitialized EJPSK0028E: Invalid system user DN 'systemcred.dn' property value. Ensure that the DN value is valid in the vault service properties file. com.ibm.wps.util.DataBackendException: EJPSG0015E: Data Backend Problem java.security.PrivilegedActionException: com.ibm.wps.um.exceptions.impl.PumaSystemExceptionImpl: com.ibm.wps.util.DataBackendException: EJPSG0015E: Data Backend Problem . . . . Caused by: com.ibm.websphere.wim.exception.WIMSystemException: CWWIM4548E The LDAP attribute used as an external identifier 'ibm-entryuuid' has a null value for entity 'uid=wpsadmin,o=org'. at com.ibm.ws.wim.adapter.ldap.LdapConfigManager.getExtIdFromAttributes (LdapConfigManager.java:2011) []

Symptom

Unable to access any page in WebSphere® Portal. CWWIM4548E error in SystemOut.log.

Cause

LDAP server did not contain the expected external identifier for the user and group entries.

Environment

Any environment where WebSphere Portal expects an external identifier to be returned by the LDAP and the LDAP does not return such an identifier.

Diagnosing The Problem


Based on the following property in wkplc.properties:

standalone.ldap.ldapServerType=<value>



the WIM code expected to find <value> (in this case ibm-entryuuid) as an attribute for the user objects based on the default settings of the chosen LDAP server type. However, this particular LDAP did not contain a uniquely generated identifier. Thus, it was necessary to use the distinguished name of the user/group as the actual external identifier in the WIM configuration.

Resolving The Problem


Manually edit the wimconfig.xml located in <wp_profile_root>/config/cells/<cellname>/wim/config/. Set the externalIdAttributes as follows:

      <config:attributeConfiguration>
       . . . .                                                    
           <config:externalIdAttributes name="distinguishedName"/>
       . . . .                                        
      <config:attributes name="userPassword"        

If the externalIDAttributes line does not exist, then add it. After saving the file and restarting the server, the error should no longer exist and the portal server should be accessible via the browser.

[{"Product":{"code":"SSHRKX","label":"WebSphere Portal"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Security","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"6.1","Edition":"Enable;Extend;Server;Express","Line of Business":{"code":"LOB31","label":"WCE Watson Marketing and Commerce"}}]

Document Information

Modified date:
03 December 2021

UID

swg21318255

Page Feedback