Problem mapping user to admin role

Im having a weird problem.

I have written the smallest of script that map a User to a role in the admin console.

AdminTask.mapUsersToAdminRole('[-accessids [user:ldap.server.local:636/CN=username,OU=PEOPLE,DC=domainname,DC=local ] -userids [CN=username,OU=PEOPLE,DC=domainname,DC=local ] -roleName administrator]')

AdminConfig.save()

Thats it....

When I go back in the console, I DO see the user mapped as an Admin.
But if I try to use this user to log into the console I get this error message:

[2/14/11 9:35:20:352 EST] 00000015 WebCollaborat A   SECJ0129E: Authorization failed for user username:ldap.server.local:636 while invoking GET on admin_host:/ibm/console/, Authorization failed, Not granted any of the required roles: administrator operator configurator monitor nobody

If I delete the user and do it using the console it works... but when Using scripts.... it does not...

Anyone have an idea about that?
Groupe PromutuelAsked:
Who is Participating?
 
WebSphereGoddessConnect With a Mentor Commented:
your script is correct.  I just tested it on V7.0.0.11.  However I had to bounce the environment before it would take... (node agents, dmgr, everything).
If after you do that let me know if your still having the problem.
0
 
RishiBangCommented:
Hi promutuel,

Though you have mapped the user to the Admin Role using scripts the configuration will be updated
But the Admin Console as a web app may not be aware of this and you need to add the specific  user to the "console users"s section of the Admin Console.

Thanks,
Rishi.
0
 
Groupe PromutuelAuthor Commented:
If I go in the console, the users are listed as Administrator, in fact if I use a script to add two users and then go into the console and delete one of those two user, the second one starts to work...

I have opened a service call on IBM support regarding this issue.

btw: I also have restarted the WAS in between so it's not a restart to reload the config either.
0
The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

 
Groupe PromutuelAuthor Commented:
Also sometimes... something like 1/10 time.. it does work... and both the users work ... but most of the time it does not...
0
 
sunnysunnyCommented:
Do you have a federated repository ? If yes then users must be unique across the ldap and file realm.
0
 
WebSphereGoddessConnect With a Mentor Commented:
If your on WAS 7 ND, You may need to add a syncNode in there after you execute your save.  Are you running single server or cluster?  
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.