It's all about the answers!

Ask a question

JTS-LDAP-Setup: New user could not be created (ID CRJAZ1551E)

Fabian Rodriguez (3115) | asked Sep 26 '13, 8:27 a.m.
retagged Sep 30 '13, 9:57 a.m. by Ralph Earle (25739)

I'm currently trying to set up Jazz Team Server on WebSphere Application Server using a DB2-Database and an OpenLDAP-Directory. At the step "Setup User Registry" the Connection test results positive, giving me as details a cryptic "{'hint.findGroupsForUserQuery':'{USER-DN}'}", however when finishing the step I get the error-message "The new user could not be created. See the details for more information.ID CRJAZ1551E"

When I take the User ID which I entered at the "Validate LDAP User" Popup and search it at /admin, then the user is found and I can also add it to the "Active Users", but even then after logging to /admin with that User, still "ADMIN" is shown
in the upper right instead of the user name.

My LDAP-Parameters are taken from my working RTC2-Instance using the same LDAP-Server and environment.

My setup:
WebSphere Application Server
DB2 v9.7.0.7
Jazz Team Server 4.04

Any ideas what I'm doing wrong?

With Best Regards,

Fabian Rodriguez

Krzysztof Ka┼║mierczyk commented Sep 26 '13, 8:51 a.m.

Hi Fabian,
Please notice that the support for OpenLDAP is limited to best effort basis (

Anyway it could be good to look into jts.log file. in <WAS-INSTALL>/profiles/<your-profile>/logs directory. Please paste the output of that file here.

Fabian Rodriguez commented Sep 26 '13, 9:39 a.m.

You can find the jts.log here:

Karl Weinert commented Sep 26 '13, 1:51 p.m.

Who are you logged in as? Try logging in with the LDAP account and continuing with setup.

Bo Chulindra commented Sep 30 '13, 10:36 a.m.

Fyi, that "hint" is not meant to be shown in the web UI and you can ignore it. See {'hint.findGroupsForUserQuery':'{USER-DN}'} should not be surfaced to user (279010) for more information.

2 answers

permanent link
Fabian Rodriguez (3115) | answered Sep 30 '13, 3:13 a.m.
I've now found a workaround: After analyzing the LDAP-queries I found out that the setup was querying for the mailadress with the uid, so I changed the mailadress of that user to match his uid (removing the setup worked flawlessly.

Thank you for all your answers :)

permanent link
Ralph Schoon (63.3k33646) | answered Sep 26 '13, 8:58 a.m.
On the LDAP setup page, there is a link to a description that explains what you can do to test if your settings are correct. I would suggest to follow that link and do the testing. There are different settings in WAS as well as in The, if one of these does not work correctly, you see odd things happening. Another path you can go is to enable LDAP logging in the log4J settings in the various application folders in the server/conf/ folder. More logging might tell you what is going on. Also check the log files in general.

We provided some things we have seen with LDAP in . There are some troubleshooting appendices. It might be too specific for the LDAP we used back then and no match for you though.

Your answer

Register or to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.