Solved

Problem mapping user to admin role

Posted on 2011-02-14
6
1,992 Views
Last Modified: 2013-12-11
Im having a weird problem.

I have written the smallest of script that map a User to a role in the admin console.

AdminTask.mapUsersToAdminRole('[-accessids [user:ldap.server.local:636/CN=username,OU=PEOPLE,DC=domainname,DC=local ] -userids [CN=username,OU=PEOPLE,DC=domainname,DC=local ] -roleName administrator]')

AdminConfig.save()

Thats it....

When I go back in the console, I DO see the user mapped as an Admin.
But if I try to use this user to log into the console I get this error message:

[2/14/11 9:35:20:352 EST] 00000015 WebCollaborat A   SECJ0129E: Authorization failed for user username:ldap.server.local:636 while invoking GET on admin_host:/ibm/console/, Authorization failed, Not granted any of the required roles: administrator operator configurator monitor nobody

If I delete the user and do it using the console it works... but when Using scripts.... it does not...

Anyone have an idea about that?
0
Comment
Question by:Groupe Promutuel
6 Comments
 

Expert Comment

by:RishiBang
ID: 34902709
Hi promutuel,

Though you have mapped the user to the Admin Role using scripts the configuration will be updated
But the Admin Console as a web app may not be aware of this and you need to add the specific  user to the "console users"s section of the Admin Console.

Thanks,
Rishi.
0
 

Author Comment

by:Groupe Promutuel
ID: 34906952
If I go in the console, the users are listed as Administrator, in fact if I use a script to add two users and then go into the console and delete one of those two user, the second one starts to work...

I have opened a service call on IBM support regarding this issue.

btw: I also have restarted the WAS in between so it's not a restart to reload the config either.
0
 

Author Comment

by:Groupe Promutuel
ID: 34906964
Also sometimes... something like 1/10 time.. it does work... and both the users work ... but most of the time it does not...
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 2

Expert Comment

by:sunnysunny
ID: 34956962
Do you have a federated repository ? If yes then users must be unique across the ldap and file realm.
0
 
LVL 1

Assisted Solution

by:WebSphereGoddess
WebSphereGoddess earned 500 total points
ID: 35159579
If your on WAS 7 ND, You may need to add a syncNode in there after you execute your save.  Are you running single server or cluster?  
0
 
LVL 1

Accepted Solution

by:
WebSphereGoddess earned 500 total points
ID: 35478666
your script is correct.  I just tested it on V7.0.0.11.  However I had to bounce the environment before it would take... (node agents, dmgr, everything).
If after you do that let me know if your still having the problem.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Upgrading Tomcat – There are a couple of methods to upgrade Tomcat is to use The Apache Installer is to download and unzip and run the services.bat remove|install Tomcat6 Because of the App that we are working with, we can only use Tomcat 6.…
There are numerous questions about how to setup an IBM HTTP Server to be administered from WebSphere Application Server administrative console. I do hope this article will wrap things up and become a reference for this task. You need three things…
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now