Solved

Problem mapping user to admin role

Posted on 2011-02-14
6
2,043 Views
Last Modified: 2013-12-11
Im having a weird problem.

I have written the smallest of script that map a User to a role in the admin console.

AdminTask.mapUsersToAdminRole('[-accessids [user:ldap.server.local:636/CN=username,OU=PEOPLE,DC=domainname,DC=local ] -userids [CN=username,OU=PEOPLE,DC=domainname,DC=local ] -roleName administrator]')

AdminConfig.save()

Thats it....

When I go back in the console, I DO see the user mapped as an Admin.
But if I try to use this user to log into the console I get this error message:

[2/14/11 9:35:20:352 EST] 00000015 WebCollaborat A   SECJ0129E: Authorization failed for user username:ldap.server.local:636 while invoking GET on admin_host:/ibm/console/, Authorization failed, Not granted any of the required roles: administrator operator configurator monitor nobody

If I delete the user and do it using the console it works... but when Using scripts.... it does not...

Anyone have an idea about that?
0
Comment
Question by:Groupe Promutuel
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 

Expert Comment

by:RishiBang
ID: 34902709
Hi promutuel,

Though you have mapped the user to the Admin Role using scripts the configuration will be updated
But the Admin Console as a web app may not be aware of this and you need to add the specific  user to the "console users"s section of the Admin Console.

Thanks,
Rishi.
0
 

Author Comment

by:Groupe Promutuel
ID: 34906952
If I go in the console, the users are listed as Administrator, in fact if I use a script to add two users and then go into the console and delete one of those two user, the second one starts to work...

I have opened a service call on IBM support regarding this issue.

btw: I also have restarted the WAS in between so it's not a restart to reload the config either.
0
 

Author Comment

by:Groupe Promutuel
ID: 34906964
Also sometimes... something like 1/10 time.. it does work... and both the users work ... but most of the time it does not...
0
Business Impact of IT Communications

What are the business impacts of how well businesses communicate during an IT incident? Targeting, speed, and transparency all matter. Find out more in this infographic.

 
LVL 2

Expert Comment

by:sunnysunny
ID: 34956962
Do you have a federated repository ? If yes then users must be unique across the ldap and file realm.
0
 
LVL 1

Assisted Solution

by:WebSphereGoddess
WebSphereGoddess earned 500 total points
ID: 35159579
If your on WAS 7 ND, You may need to add a syncNode in there after you execute your save.  Are you running single server or cluster?  
0
 
LVL 1

Accepted Solution

by:
WebSphereGoddess earned 500 total points
ID: 35478666
your script is correct.  I just tested it on V7.0.0.11.  However I had to bounce the environment before it would take... (node agents, dmgr, everything).
If after you do that let me know if your still having the problem.
0

Featured Post

Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Configure Web Service (server application) I. Configure security for Web Services methods First, we need to protect Session bean which implements the service: 1. Open EJB deployment descriptor (ejb-jar.xml) in the EJB project that contains you…
This exercise is about for the following scenario: Dmgr and One node with 2 application server. Each application server contains it owns application. Application server name as follows server1 contains app1 server2 contains app1 Prereq…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question