It's all about the answers!

Ask a question

Unable to finalizew setup wizard for JTS 4.04


Claus Buch (5826) | asked Nov 18 '13, 10:16 a.m.

I've installed RTC 4.04 on WebSphere/aix and DB2. Directory server on AD.

When running the jts/setup wizard it works alright until the where it starts to configure the Dataware house.

Here I check the box indicating that I don't want to configure the datawarehouse, and the click Next.

Then it tells me "The userid you logged in with is not recognizable", allthough it just has been verified on the login-screen.

In the jts.log it throws this execption :

2013-11-18 16:08:14,312 [WebContainer : 6 @@ 16:08 RTC_infoman /jts/service/com.ibm.team.repository.service.internal.IAdminRestService/contributor] ERROR ce.jts.internal.userregistry.ldap.LDAPUserRegistry  - CRJAZ0740E Information for the following user could not be retrieved from the external user directory: RTC_infoman
javax.naming.CommunicationException: Connection reset [Root exception is java.net.SocketException: Connection reset]; Remaining name: 'dc=d101p,dc=bdpnet,dc=dk'
        at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1995)
        at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1839)
        at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1764)
        at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:380)                                                                    

Any hits to solve this issue will be much appriciated.

/Claus Buch


Comments
Manoj Panda commented Nov 18 '13, 10:22 a.m.
JAZZ DEVELOPER

Hi Claus,
 I am not sure about AIX, but i can tell you on windows. Just check the WAS Configuration.
can you please double check the following configuration.
The Java™ 2 Security option must be turned off. If this option is turned on in WebSphere Application Server, the web application will not start.

  1. In WebSphere Integrated Solutions Console, click Security > Global security.
  2. Under Java 2 security, clear the check box for Use Java 2 security to restrict application access to local resources.
  3. Ensure that the Enable administrative security and Enable application security check boxes are selected.


Claus Buch commented Nov 18 '13, 1:24 p.m.

No sorry, the java2 security has been turned off from the beginning

3 answers



permanent link
Claus Buch (5826) | answered Nov 21 '13, 4:41 a.m.

I have found the error and I am terrible sorry to have wasted your time, since the error is all due to myself.

The reason is that I haven't done the mapping of the various groups to the ccm application in the WebSphere setting, so that's why the user is refused when trying to connect. After having done the prober mapping, the setup worked as it should.

Thank you very much for your help, and once again - sorry to have wasted your time.

/Claus


Comments
Karl Weinert commented Nov 21 '13, 10:07 a.m.
JAZZ DEVELOPER

Definitely not a waste of time. I'm sure you are not the first one that has run into this issue and this post will should help the next person that does.


permanent link
Karl Weinert (2.0k42536) | answered Nov 18 '13, 11:48 a.m.
JAZZ DEVELOPER
It looks like you might be using Tomcat as the application server. Is that correct?
Did you save the Tomcat config files on the configure LDAP step, stop JTS, and copy the newly created config files to the correct location.
If so maybe you missed one?  There is one for each installed application (jtc, ccm etc) admin, and server.xml for Tomcat.
It sounds like you may have missed the jts one but that is just a guess.
Here's the documentation for 4.0.2. It should be the same for 4.0.4.

http://pic.dhe.ibm.com/infocenter/clmhelp/v4r0m2/index.jsp?topic=%2Fcom.ibm.jazz.install.doc%2Ftopics%2Ft_config_ldap_connection.html

Comments
Claus Buch commented Nov 18 '13, 1:26 p.m.

No, I'm not using Tomcat. Instead I'm using the imbedded http-server in the WebSphere, so I guess there's  nothing to copy.

/Claus


Karl Weinert commented Nov 18 '13, 5:23 p.m.
JAZZ DEVELOPER

Hi Claus,

I'm thinking it might be a mismatch between the LDAP settings in the teamserver.properties file and the LDAP settings in WebSphere.
If you want to paste them in you can find the websphere LDAP settings in the security.xml file under the jts profile


Claus Buch commented Nov 20 '13, 6:34 a.m.

I've made an answer on my own behalf, in order to have the settings pasted in


permanent link
Claus Buch (5826) | answered Nov 20 '13, 6:33 a.m.

Hi Karl.

I'm making an answer on my own, to be able to paste in the settings you asked for. Here they are :

Security.xml :
.
.
<userRegistries xmi:type="security:LocalOSUserRegistry" xmi:id="LocalOSUserRegistry" serverId="" serverPassword="{xor}" realm="aix167.bdunet.dk" useRegistryServerId="false" primaryAdminId=""/>
  <userRegistries xmi:type="security:CustomUserRegistry" xmi:id="CustomUserRegistry_1" useRegistryServerId="false" primaryAdminId="" customRegistryClassName="com.ibm.websphere.security.FileRegistrySample"/>
  <userRegistries xmi:type="security:LDAPUserRegistry" xmi:id="LDAPUserRegistry_1" serverId="" serverPassword="{xor}" realm="d101p.bdpnet.dk:389" ignoreCase="true" useRegistryServerId="false" primaryAdminId="
BD-RTCwasadm" useRegistryRealm="true" type="CUSTOM" sslEnabled="false" sslConfig="" baseDN="DC=d101p,DC=bdpnet,DC=dk" bindDN="CN=BD-RTCDomainAcc,OU=Users,OU=BDServiceAccounts,OU=MgmtResources,DC=d101p,DC=bdpn
et,DC=dk" bindPassword="??????" searchTimeout="120" reuseConnection="true">
    <searchFilter xmi:id="LDAPSearchFilter_1" userFilter="(&amp;(sAMAccountName=%v)(objectclass=person))" krbUserFilter="(&amp;(krbPrincipalName=%v)(objectclass=ePerson))" groupFilter="(&amp;(name=%v)(|(objec
tclass=group)))" userIdMap="*:sAMAccountName" groupIdMap="*:name" groupMemberIdMap="memberof:member" certificateMapMode="EXACT_DN" certificateFilter=""/>
    <hosts xmi:id="EndPoint_1384500757518" host="d101p.bdpnet.dk" port="389"/>
  </userRegistries>
  <userRegistries xmi:type="security:WIMUserRegistry" xmi:id="WIMUserRegistry_1" serverId="" serverPassword="{xor}" realm="" ignoreCase="true" useRegistryServerId="false" primaryAdminId="" registryClassName="
com.ibm.ws.wim.registry.WIMUserRegistry"/>
  <authConfig xmi:id="AuthorizationConfig_1" useJACCProvider="false">
    <authorizationProviders xmi:id="AuthorizationProvider_1" j2eePolicyImplClassName="com.tivoli.pd.as.jacc.TAMPolicy" name="Tivoli Access Manager" policyConfigurationFactoryImplClassName="com.tivoli.pd.as.ja
cc.TAMPolicyConfigurationFactory" roleConfigurationFactoryImplClassName="com.tivoli.pd.as.jacc.TAMRoleConfigurationFactory" initializeJACCProviderClassName="com.tivoli.pd.as.jacc.cfg.TAMConfigInitialize" requ
iresEJBArgumentsPolicyContextHandler="false" supportsDynamicModuleUpdates="true"/>
  </authConfig>                                                             
 .
 .
 
 teamserver.properties :
 
root@aix167:/usr/IBM/WebSphere/AppServer1/profiles/rtc-> more /usr/IBM/WebSphere/Jazz404/server/conf/jts/teamserver.properties
#This configuration update was requested by "RTC_infoman".  The old contents of this file were copied to "/usr/IBM/WebSphere/Jazz404/server/conf/jts/teamserver-1384938532403bakup.properties".
#Wed Nov 20 10:08:52 CET 2013
com.ibm.team.datawarehouse.auth.type=JTS
com.ibm.team.repository.ldap.membersOfGroup=member
com.ibm.team.repository.db.jdbc.location=//mep7db2s.bdunet.dk\:50000/jts\:user\=db2inst1;password\={password};
com.ibm.team.repository.ldap.groupMapping=JazzAdmins\=BD-JazzAdmins,JazzUsers\=BD-JazzUsers,JazzDWAdmins\=BD-JazzDWAdmins,JazzProjectAdmins\=BD-JazzProjectAdmins,JazzGuests\=BD-JazzGuests
com.ibm.team.datawarehouse.auth.userId=23a1e1399fe7449dacf4ca92ecd4c02f
com.ibm.team.repository.changeEvent.expirationByCategory=SystemLog\:259200
com.ibm.team.repository.ldap.baseUserDN=dc\=d101p,dc\=bdpnet,dc\=dk
com.ibm.team.datawarehouse.db.jdbc.location=conf/jts/derby/warehouseDB
com.ibm.team.repository.notification.mail.smtp.server=SMTP.BANKDATA.LAN
com.ibm.team.fulltext.indexLocation=conf/jts/indices/workitemindex
com.ibm.team.repository.web.helpuri=/clmhelp/index.jsp
com.ibm.team.repository.db.jdbc.password=??????????????
com.ibm.team.repository.ldap.userAttributesMapping=userId\=sAMAccountName,name\=displayName,emailAddress\=mail
com.ibm.team.repository.notification.mail.from_name=RTC@bankdata.dk
com.ibm.team.repository.notification.mail.from=bdmtak@bankdata.dk
com.ibm.team.repository.notification.mail.enabled=true
com.ibm.team.repository.db.repoLockId=_0wXBsE3rEeOaOPZ4ft7Duw
com.ibm.team.repository.user.registry.type=LDAP
com.ibm.team.repository.ws.allow.identity.assertion=false
com.ibm.team.repository.ldap.registryLocation=ldap\://d101p.bdpnet.dk\:389
com.ibm.team.datawarehouse.auth.password=????????????????
com.ibm.team.repository.ldap.baseGroupDN=dc\=d101p,dc\=bdpnet,dc\=dk
com.ibm.team.repository.notification.mail.reply=bdmtak@bankdata.dk
com.ibm.team.repository.changeEvent.expirationDefault=1209600
com.ibm.team.repository.ldap.findUsersByNameQuery=displayName\=?1*
com.ibm.team.repository.ldap.registryUserName=cn\=BD-RTCDomainAcc,OU\=Users,OU\=BDServiceAccounts,OU\=MgmtResources,DC\=d101p,DC\=bdpnet,DC\=dk
com.ibm.team.repository.web.suppressedPages={"com.ibm.team.repository.web.admin"\: ["com.ibm.team.repository.provision"]}
com.ibm.team.datawarehouse.datawarehouse.jobs.enabled=false
com.ibm.team.repository.ldap.registryPassword=?????????
com.ibm.team.repository.ldap.findGroupsForUserQuery=member\={USER-DN}
com.ibm.team.repository.server.webapp.url=https\://rtc-s.bdunet.dk\:15010/jts
com.ibm.team.datawarehouse.db.automatic.setup=true
com.ibm.team.repository.db.vendor=db2
com.ibm.team.repository.ldap.findUsersByUserIdQuery=sAMAccountName\=?1
com.ibm.team.jfs.index.root.directory=indices
com.ibm.team.datawarehouse.db.net.port=1527
com.ibm.team.repository.ws.allow.admin.access=false
com.ibm.team.repository.ldap.findUsersByAnyNameQuery=(| (displayName\=* ?1*) (displayName\=*_?1*))
com.ibm.team.datawarehouse.db.vendor=DERBY
 


Comments
Karl Weinert commented Nov 20 '13, 9:57 a.m. | edited Nov 20 '13, 10:00 a.m.
JAZZ DEVELOPER

I'm still looking this over and so far it looks ok but I notice in the security.xml there are a couple of odd entries
primaryAdminId value, bindDN value and groupFilter value all have special html encoding characters in them.
This is most likely just the way it was pasted in into the answer, but probably worth checking your LDAP settings in WAS just to make sure.
For example see DC=bdpn in the data above.

The special characters are: &lt;br&gt;

Lets see if they will show up correctly

Your answer


Register or to post your answer.