Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Problem mapping user to admin role

Posted on 2011-02-14
6
Medium Priority
?
2,113 Views
Last Modified: 2013-12-11
Im having a weird problem.

I have written the smallest of script that map a User to a role in the admin console.

AdminTask.mapUsersToAdminRole('[-accessids [user:ldap.server.local:636/CN=username,OU=PEOPLE,DC=domainname,DC=local ] -userids [CN=username,OU=PEOPLE,DC=domainname,DC=local ] -roleName administrator]')

AdminConfig.save()

Thats it....

When I go back in the console, I DO see the user mapped as an Admin.
But if I try to use this user to log into the console I get this error message:

[2/14/11 9:35:20:352 EST] 00000015 WebCollaborat A   SECJ0129E: Authorization failed for user username:ldap.server.local:636 while invoking GET on admin_host:/ibm/console/, Authorization failed, Not granted any of the required roles: administrator operator configurator monitor nobody

If I delete the user and do it using the console it works... but when Using scripts.... it does not...

Anyone have an idea about that?
0
Comment
Question by:Groupe Promutuel
6 Comments
 

Expert Comment

by:RishiBang
ID: 34902709
Hi promutuel,

Though you have mapped the user to the Admin Role using scripts the configuration will be updated
But the Admin Console as a web app may not be aware of this and you need to add the specific  user to the "console users"s section of the Admin Console.

Thanks,
Rishi.
0
 

Author Comment

by:Groupe Promutuel
ID: 34906952
If I go in the console, the users are listed as Administrator, in fact if I use a script to add two users and then go into the console and delete one of those two user, the second one starts to work...

I have opened a service call on IBM support regarding this issue.

btw: I also have restarted the WAS in between so it's not a restart to reload the config either.
0
 

Author Comment

by:Groupe Promutuel
ID: 34906964
Also sometimes... something like 1/10 time.. it does work... and both the users work ... but most of the time it does not...
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 2

Expert Comment

by:sunnysunny
ID: 34956962
Do you have a federated repository ? If yes then users must be unique across the ldap and file realm.
0
 
LVL 1

Assisted Solution

by:WebSphereGoddess
WebSphereGoddess earned 2000 total points
ID: 35159579
If your on WAS 7 ND, You may need to add a syncNode in there after you execute your save.  Are you running single server or cluster?  
0
 
LVL 1

Accepted Solution

by:
WebSphereGoddess earned 2000 total points
ID: 35478666
your script is correct.  I just tested it on V7.0.0.11.  However I had to bounce the environment before it would take... (node agents, dmgr, everything).
If after you do that let me know if your still having the problem.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Configure Web Service (server application) I. Configure security for Web Services methods First, we need to protect Session bean which implements the service: 1. Open EJB deployment descriptor (ejb-jar.xml) in the EJB project that contains you…
This exercise is about for the following scenario: Dmgr and One node with 2 application server. Each application server contains it owns application. Application server name as follows server1 contains app1 server2 contains app1 Prereq…
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?
The Relationships Diagram is a good way to get an overall view of what a database is keeping track of. It is also where relationships are defined. A relationship specifies how two tables connect to each other. As you build tables in Microsoft Ac…
Suggested Courses

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question