Central User Configuration not working on IS


I see Null pointer exception related to Central user authentication on IS Server. when the IS Server is restarted, issue is temporarily resolved and the users can login via their LDAP credentials, but after sometime LDAP login doesn’t work and below error is observed on IS logs.

Can someone help on this please. Thanks.

[WEBMETHODS.DEFAULT.CommonLib.CDS] 2015-03-27 16:54:59,041 FATAL: Caught throwable:
at com.webmethods.portal.portlet.wm_xt_ldapdirsvc.service.connection.cookie.LdapPagingCookie.generateConstraints(LdapPagingCookie.java:71)
at com.webmethods.portal.portlet.wm_xt_ldapdirsvc.service.connection.cookie.ControlBased.generateConstraints(ControlBased.java:52)
at com.webmethods.portal.portlet.wm_xt_ldapdirsvc.service.LdapDirQueryProvider.search(LdapDirQueryProvider.java:388)
at com.webmethods.portal.portlet.wm_xt_ldapdirsvc.service.LdapDirQueryProvider.lookupByID(LdapDirQueryProvider.java:185)
at com.webmethods.portal.mech.dir.impl.DirSystemMechanics$1.visit(DirSystemMechanics.java:221)
at com.webmethods.portal.mech.dir.impl.DirSystemMechanics.visitDirServices(DirSystemMechanics.java:443)
at com.webmethods.portal.mech.dir.impl.DirSystemMechanics.lookupPrincipalByID(DirSystemMechanics.java:219)
at com.webmethods.portal.bizPolicy.command.dir.LookupPrincipalByID._lookupPrincipalByID(LookupPrincipalByID.java:119)
at com.webmethods.portal.bizPolicy.command.dir.LookupPrincipalByID.lookupPrincipalByID(LookupPrincipalByID.java:101)
at com.webmethods.portal.bizPolicy.biz.dir.impl.DirSystemBizPolicy.lookupPrincipalByID(DirSystemBizPolicy.java:112)
at com.webmethods.sc.directory.impl.DirectorySession.lookupPrincipalByName(DirectorySession.java:520)
at com.wm.app.b2b.server.cds.CDSUserManager.getGroup(CDSUserManager.java:86)
at com.wm.app.b2b.server.UserManager.getGroup(UserManager.java:293)
at com.wm.app.b2b.server.ACLGroup.matches(ACLGroup.java:245)
at com.wm.app.b2b.server.ACLGroup.allow(ACLGroup.java:186)
at com.wm.app.b2b.server.ACLManager.allow(ACLManager.java:399)
at com.wm.app.b2b.server.ACLManager.allow(ACLManager.java:386)
at com.wm.app.b2b.server.ACLManager.permitInvoke(ACLManager.java:1850)
at com.wm.app.b2b.server.ACLManager.process(ACLManager.java:205)
at com.wm.app.b2b.server.invoke.DispatchProcessor.process(DispatchProcessor.java:30)
at com.wm.app.b2b.server.AuditLogManager.process(AuditLogManager.java:399)
at com.wm.app.b2b.server.invoke.InvokeManager.invoke(InvokeManager.java:539)
at com.wm.app.b2b.server.invoke.InvokeManager.invoke(InvokeManager.java:384)
at com.wm.app.b2b.server.ServiceManager.invoke(ServiceManager.java:234)
at com.wm.app.b2b.server.ServiceManager.invoke(ServiceManager.java:109)
at com.wm.app.b2b.server.ServiceManager.invoke(ServiceManager.java:81)
at com.wm.app.b2b.server.SessionInvoke.run(Session.java:918)
at com.wm.util.pool.PooledThread.run(PooledThread.java:131)
at java.lang.Thread.run(Thread.java:619)

Hi Hema,

I would like to recommend you to sync the common library files from the MWS instance to the IS instance.

There after,I believe that issue can be resolved.

Please let us know your webMethods version and full log.

Thanks & Regards,
Bhanu Kumar

Hi Hema,

Please check your IS,MWS installation directories are same or not.

If installation folders are different,then check the common lib jar files in both installation directories are same.If not same please sync then the issue will be resolved.

If installation folder is same,then please share the complete log details and IS,MWS server version details

Please let us know you response.

Thanks & Regards,
Bhanu Kumar

Thanks for your reply Bhanu…Both IS and MWS are installed on seperate Mounts and the common libraries on IS server is different from that of MWS common libraries.

Once the server is restarted, login issue is not seen. I am wondering how server restart is resolving the issue. so is it something to do with any other stuff apart from common libraries ?

Hi Hema,

Good to hear that the issue got resolved.But,I don’t know which verison your are using if your are using 8.2 then there is fix for this kind of issue.For that,You can apply MWS_8.2_SP1_Fix12 to the MWS server and also make sure common library files should be match as because those common lib files must be same in both nodes.

I believe this can be helpful for you.

Still if you want to know more,Please share your IS,MWS version details and error log and server log.

Thank you.

Bhanu Kumar

Thanks Bhanu for your reply.

However the Issue is not completely resolved by the server restart. After sometime, I see the same error and ldap login fails again. IS version - 8.0.1, MWS version - 8.0.2

This is happening in PROD environment and I do not have logging enabled on MWS to capture directory services details.

Can you please let me know if there is anything else which is causing ldap login issue apart from common libraries.any other pointers to verify ?

Hi Hema,

Otherwise,This is something related CA certificate,
In order to configure MWS with LDAPs, first obtain the LDAP server CA certificate and then follow below steps:


  1. Check install_dir/MWS/server/default/bin/server.properties.sh to see what MWS used as truststore. By default, it is MWS/server/default/config/security/sagdemoca.jks

  2. Import the CA cert to sagdemoca.jks using keytool.
    $ keytool -import -keystore sagdemoca.jks -trustcacerts -file cacert.pem -alias ldapCAdemo

  3. Restart the MWS server.

  4. Configure the directory to connect using LDAPS.

On Integration Server:

  1. Import the LDAP CA Cert to the IS’s JVM truststore jre\lib\security\cacerts which uses MWS as the Central User repository.

Note: This is needed or you may encounter issues like LDAP services getting disabled and etc.

  1. Restart IS

and also as you have mentioned about version are different.So,Please verify the update fix using update manager and make sure both version common lib jar files should be same.

I believe this solution can be helpful for you.

Please let me know your response.

Thank you.

Bhanu Kumar

When using UpdateManager for applying Fixes with the same FixImage to both locations, the common libs are normally automatically synced to the correct versions.