Errors when trying to configure or enable security
"LTPA password not set. validation failed" message displayed as error in the Administrative Console after saving global security settings
This error can be caused if, when configuring WebSphere Application Server security, "LTPA" is selected as the authentication mechanism, and the LTPA password field is not set. To resolve this problem...
- Select...Security Authentication Mechanism | LTPA
- Complete the password and confirm password fields.
- Click OK.
- Try setting Global Security again.
"Validation failed for user userid. Please try again..." displayed in the Administrative Console after saving global security settings
This typically indicates that a setting in the User Registry configuration is not valid...
- If the user registry is LocalOS, it is likely that either the server user ID and password are invalid or the server user ID does not have "Act As Part of the Operating System" (for NT) or root authority (for UNIX). The server user ID needs this authority for authentication using the LocalOS user registry.
- If the user registry is LDAP...
- Any of the settings that enable WAS to communicate with LDAP might be invalid, such as the LDAP server's user ID, password, host, port, or LDAP filter. When you select Apply or OK on the Global Security panel, a validation routine connects to the registry just as it would during runtime when security is enabled. This is done in order to verify any configuration problems immediately, instead of waiting until the server restarts.
- Verify whether your LDAP server requires the Bind Distinguished Name (DN) to find the user in the LDAP directory. If the bind distinguished name is required, specify a DN instead of a short name. You can specify the bind distinguished name by clicking Security > User Registries > LDAP in the administrative console. For example, you might add cn=root.
- Sometimes the LDAP server might be down during configuration. The best way to check this is to issue a command line search using a utility such as ldapsearch to search for the server ID. This way you can determine if the server is running and if the server ID is a valid entry in the LDAP. The ldapsearch utility is installed during an LDAP or Lotus Notes installation.
- If the user registry is Custom, double check that your implementation is in the classpath. Also, check to see if your implementation is authenticating properly.
- Regardless of registry type, check the User Registries configuration panels to see if you can find a configuration error...
- Go back to the User Registries configuration panels and retype the password for the server ID.
- See if there is an obvious configuration error. Double check the attributes specified.
See AlsoTroubleshooting by component: What is not working?
Errors or access problems after enabling security Troubleshooting the security component.