31 oct 2014

NullPointerException on GET_SEARCH_RESULTS

I've just fixed a issue that was getting me crazy, this time we couln't search on our WebCenter Content with OracleTextSearch as indexer.

This is the stacktrace that appears on every search:

>services/3     10.31 13:15:07.970      IdcServer-7     !csUserEventMessage,admin.intranet,10.0.3.21:16200!$ intradoc.common.ServiceException: !csUnableToRetrieveSearchResults!csUnableToExecMethod,getSearchResults
 services/3     10.31 13:15:07.970      IdcServer-7     *ScriptStack GET_SEARCH_RESULTS
 services/3     10.31 13:15:07.970      IdcServer-7     3:getSearchResults,**no captured values**
 services/3     10.31 13:15:07.970      IdcServer-7             at intradoc.server.ServiceRequestImplementor.buildServiceException(ServiceRequestImplementor.java:2176)
 ...
 ...
 services/3     10.31 13:15:07.970      IdcServer-7             ... 36 more
 services/3     10.31 13:15:07.970      IdcServer-7     Caused by: java.lang.NullPointerException
 services/3     10.31 13:15:07.970      IdcServer-7             at java.util.Hashtable.put(Hashtable.java:396)
 ...
 ...
 services/3     10.31 13:15:07.970      IdcServer-7             at intradoc.common.ClassHelperUtils.executeMethod(ClassHelperUtils.java:295)


We think that the issue was regarding the data base or the indexer packages needed, but as trace shows, no communication is done between WCC and DB.

Before our surrender and reinstall all the system, I've decompiled some sources (Oracle don't read this) and found the problem.

The line that launches our NPE was this:

props.put("IntradocServerHostName", SharedObjects.getEnvironmentValue("HttpServerAddress"));

After checking my "config.cfg" file I've found that the HttpServerAddress was commented...

Solution now is simple, uncomment the variable and restart the system... et voila! my search works again.

3 ene 2014

Synchronizing users with ACL metadata boxes

Using WebCenter Content with Access Control List (ACL) enabled. Allow users to setup their custom security based on users and groups that they know.

This is how ACL's looks like under the new WCC UI.


The box of users have an "auto-complete" behavior that helps the search of the user that you want to share your content.

The main problem is that WCC only shows users that already have sign-in or "logged" under the product. This means, that only "active" users will be shown.

To solve this, we can perform a "preload" of all users from our LDAP to the internal DB of WCC. After this loading the auto-complete box will show all the available users of our company.

We need to perform this steps:

Configuring the jps-config.xml

This file has the information relative to our LDAP. In my case Im using ActiveDirectory from Microsoft, by default jps file is configured for Oracle LDAP (OID), that means that will search for "uid" attribute in the person objetc. As most of you know, ActiveDirectory uses the attribute "sAMAccountName" as user id.

You need to modify your WCC domain jps-config.xml file, in my case was under this path:
/opt/oracle/domains/domwc/config/fmwconfig/jps-config.xml

<serviceInstance name="idstore.ldap" provider="idstore.ldap.provider">
    <description>LDAP Identity Store Service Instance</description>
    <property name="idstore.config.provider" value="oracle.security.jps.wls.internal.idstore.WlsLdapIdStoreConfigProvider"/>
    <property name="CONNECTION_POOL_CLASS" value="oracle.security.idm.providers.stdldap.JNDIPool"/>
    <property name="username.attr" value="sAMAccountName"/>
    <property name="user.login.attr" value="sAMAccountName"/>
</serviceInstance>

I've included two properties username.attr and user.login.attr, this properties should be added only if your LDAP does not use the "uid" attribute.

Sync users from LDAP with WCC

For sync the users, I've created a small Java program that connects with LDAP to read all available users, and later performs a call to the service "CHECK_USER_CREDENTIALS" via RIDC. That service will force a connect with the LDAP within UCM, and all the information will be added to the local database of the content server.

The Java process needs the following parameters:
  • LDAP IP or Host
  • LDAP Admin user DN
  • LDAP Admin user password
  • Base DN for user search
The sample JDev project has a RIDC connection setup that points to the RIDC ip & port of your content server, be sure to setup this connection along with the parameters needed of the LDAP server.

After the execution of the program, you can search all your users under ACL boxes ;-)


Documentation

Downloads