20 December 2011

pdadmin login fail after migration

There are time that you want to do some unusual stuff with Tivoli Access Manager such as migrate whole TAM instance to a different machine/environment. I did that when trying to replicate KVM environment to a different location, with changing target KVMs IPs to exactly match original one and all the rest as well, including LDAP.

That last component replacement seemed to be a bit too harsh for TAM, and despite copying secAuthority suffix data 1:1, after starting KVM machine and trying to log into pdadmin, I failed to authenticate.

After some investigation it turned out that after copying security suffix data into LDAP, you then need to apply TAM acls to secAuthority objects with ivrgy tool, such as:

/opt/PolicyDirector/sbin/ivrgy_tool -h ldap_host -389 -D "<LDAP_admin_id>" -w <LDAP_admin_pwd> add-acls domain_name

where domain_name is usually Default, but you may also have something more fancy :)

good luck, feel free to comment.

02 December 2011

WebSphere console error SRVE0260E

If when trying to log to a newly configured Deployment Manager in Websphere you see the following error with a stack dump:

Error Page Exception
SRVE0260E: The server cannot use the error page specified for your application to handle the Original Exception printed below.

Original Exception:
Error Message: java.lang.NullPointerException
Error Code: 500
Target Servlet:
Error Stack:
     at com.ibm.isclite.container.provider.PortletContainerContextProvider.addContainerService(PortletContainerContextProvider.java:101)

then you need to raise your system limit for number of open files. on linux you do it with ulimit command:

ulimit -f 8192

where number depends on the DMgr console configuration - for standard WebSphere 1024 is sufficient, whereas with WebSphere Process Server 7 you need to raise it more, to, say, 8192.

Using ulimit -f however sets ulimit for your shell session only, so next time when you restart dmgr in your shell you will hit the same problem again. You can either raise fopen parameter for your profile (in .profile) or for the whole system by inserting:

#<domain>      <type>  <item>         <value>

*               soft    nofile          8192

to /etc/security/limits.conf. You must reboot your Linux in order for this change to take effect.

But of course beware on the impact on your system and consider this change well.

Good luck! Please leave a comment if my hint helped you and feel free to contact me on G+ !