Unable to finalizew setup wizard for JTS 4.04
I've installed RTC 4.04 on WebSphere/aix and DB2. Directory server on AD.
When running the jts/setup wizard it works alright until the where it starts to configure the Dataware house.
Here I check the box indicating that I don't want to configure the datawarehouse, and the click Next.
Then it tells me "The userid you logged in with is not recognizable", allthough it just has been verified on the login-screen.
In the jts.log it throws this execption :
2013-11-18 16:08:14,312 [WebContainer : 6 @@ 16:08 RTC_infoman /jts/service/com.ibm.team.repository.service.internal.IAdminRestService/contributor] ERROR ce.jts.internal.userregistry.ldap.LDAPUserRegistry - CRJAZ0740E Information for the following user could not be retrieved from the external user directory: RTC_infoman
javax.naming.CommunicationException: Connection reset [Root exception is java.net.SocketException: Connection reset]; Remaining name: 'dc=d101p,dc=bdpnet,dc=dk'
at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1995)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1839)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1764)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:380)
Any hits to solve this issue will be much appriciated.
/Claus Buch
3 answers
I have found the error and I am terrible sorry to have wasted your time, since the error is all due to myself.
The reason is that I haven't done the mapping of the various groups to the ccm application in the WebSphere setting, so that's why the user is refused when trying to connect. After having done the prober mapping, the setup worked as it should.
Thank you very much for your help, and once again - sorry to have wasted your time.
/Claus
Did you save the Tomcat config files on the configure LDAP step, stop JTS, and copy the newly created config files to the correct location.
If so maybe you missed one? There is one for each installed application (jtc, ccm etc) admin, and server.xml for Tomcat.
It sounds like you may have missed the jts one but that is just a guess.
Here's the documentation for 4.0.2. It should be the same for 4.0.4.
http://pic.dhe.ibm.com/infocenter/clmhelp/v4r0m2/index.jsp?topic=%2Fcom.ibm.jazz.install.doc%2Ftopics%2Ft_config_ldap_connection.html
Comments
No, I'm not using Tomcat. Instead I'm using the imbedded http-server in the WebSphere, so I guess there's nothing to copy.
/Claus
Hi Claus,
I'm thinking it might be a mismatch between the LDAP settings in the teamserver.properties file and the LDAP settings in WebSphere.
If you want to paste them in you can find the websphere LDAP settings in the security.xml file under the jts profile
I've made an answer on my own behalf, in order to have the settings pasted in
Hi Karl.
I'm making an answer on my own, to be able to paste in the settings you asked for. Here they are :
Security.xml :
.
.
<userRegistries xmi:type="security:LocalOSUserRegistry" xmi:id="LocalOSUserRegistry" serverId="" serverPassword="{xor}" realm="aix167.bdunet.dk" useRegistryServerId="false" primaryAdminId=""/>
<userRegistries xmi:type="security:CustomUserRegistry" xmi:id="CustomUserRegistry_1" useRegistryServerId="false" primaryAdminId="" customRegistryClassName="com.ibm.websphere.security.FileRegistrySample"/>
<userRegistries xmi:type="security:LDAPUserRegistry" xmi:id="LDAPUserRegistry_1" serverId="" serverPassword="{xor}" realm="d101p.bdpnet.dk:389" ignoreCase="true" useRegistryServerId="false" primaryAdminId="
BD-RTCwasadm" useRegistryRealm="true" type="CUSTOM" sslEnabled="false" sslConfig="" baseDN="DC=d101p,DC=bdpnet,DC=dk" bindDN="CN=BD-RTCDomainAcc,OU=Users,OU=BDServiceAccounts,OU=MgmtResources,DC=d101p,DC=bdpn
et,DC=dk" bindPassword="??????" searchTimeout="120" reuseConnection="true">
<searchFilter xmi:id="LDAPSearchFilter_1" userFilter="(&(sAMAccountName=%v)(objectclass=person))" krbUserFilter="(&(krbPrincipalName=%v)(objectclass=ePerson))" groupFilter="(&(name=%v)(|(objec
tclass=group)))" userIdMap="*:sAMAccountName" groupIdMap="*:name" groupMemberIdMap="memberof:member" certificateMapMode="EXACT_DN" certificateFilter=""/>
<hosts xmi:id="EndPoint_1384500757518" host="d101p.bdpnet.dk" port="389"/>
</userRegistries>
<userRegistries xmi:type="security:WIMUserRegistry" xmi:id="WIMUserRegistry_1" serverId="" serverPassword="{xor}" realm="" ignoreCase="true" useRegistryServerId="false" primaryAdminId="" registryClassName="
com.ibm.ws.wim.registry.WIMUserRegistry"/>
<authConfig xmi:id="AuthorizationConfig_1" useJACCProvider="false">
<authorizationProviders xmi:id="AuthorizationProvider_1" j2eePolicyImplClassName="com.tivoli.pd.as.jacc.TAMPolicy" name="Tivoli Access Manager" policyConfigurationFactoryImplClassName="com.tivoli.pd.as.ja
cc.TAMPolicyConfigurationFactory" roleConfigurationFactoryImplClassName="com.tivoli.pd.as.jacc.TAMRoleConfigurationFactory" initializeJACCProviderClassName="com.tivoli.pd.as.jacc.cfg.TAMConfigInitialize" requ
iresEJBArgumentsPolicyContextHandler="false" supportsDynamicModuleUpdates="true"/>
</authConfig>
.
.
teamserver.properties :
root@aix167:/usr/IBM/WebSphere/AppServer1/profiles/rtc-> more /usr/IBM/WebSphere/Jazz404/server/conf/jts/teamserver.properties
#This configuration update was requested by "RTC_infoman". The old contents of this file were copied to "/usr/IBM/WebSphere/Jazz404/server/conf/jts/teamserver-1384938532403bakup.properties".
#Wed Nov 20 10:08:52 CET 2013
com.ibm.team.datawarehouse.auth.type=JTS
com.ibm.team.repository.ldap.membersOfGroup=member
com.ibm.team.repository.db.jdbc.location=//mep7db2s.bdunet.dk\:50000/jts\:user\=db2inst1;password\={password};
com.ibm.team.repository.ldap.groupMapping=JazzAdmins\=BD-JazzAdmins,JazzUsers\=BD-JazzUsers,JazzDWAdmins\=BD-JazzDWAdmins,JazzProjectAdmins\=BD-JazzProjectAdmins,JazzGuests\=BD-JazzGuests
com.ibm.team.datawarehouse.auth.userId=23a1e1399fe7449dacf4ca92ecd4c02f
com.ibm.team.repository.changeEvent.expirationByCategory=SystemLog\:259200
com.ibm.team.repository.ldap.baseUserDN=dc\=d101p,dc\=bdpnet,dc\=dk
com.ibm.team.datawarehouse.db.jdbc.location=conf/jts/derby/warehouseDB
com.ibm.team.repository.notification.mail.smtp.server=SMTP.BANKDATA.LAN
com.ibm.team.fulltext.indexLocation=conf/jts/indices/workitemindex
com.ibm.team.repository.web.helpuri=/clmhelp/index.jsp
com.ibm.team.repository.db.jdbc.password=??????????????
com.ibm.team.repository.ldap.userAttributesMapping=userId\=sAMAccountName,name\=displayName,emailAddress\=mail
com.ibm.team.repository.notification.mail.from_name=RTC@bankdata.dk
com.ibm.team.repository.notification.mail.from=bdmtak@bankdata.dk
com.ibm.team.repository.notification.mail.enabled=true
com.ibm.team.repository.db.repoLockId=_0wXBsE3rEeOaOPZ4ft7Duw
com.ibm.team.repository.user.registry.type=LDAP
com.ibm.team.repository.ws.allow.identity.assertion=false
com.ibm.team.repository.ldap.registryLocation=ldap\://d101p.bdpnet.dk\:389
com.ibm.team.datawarehouse.auth.password=????????????????
com.ibm.team.repository.ldap.baseGroupDN=dc\=d101p,dc\=bdpnet,dc\=dk
com.ibm.team.repository.notification.mail.reply=bdmtak@bankdata.dk
com.ibm.team.repository.changeEvent.expirationDefault=1209600
com.ibm.team.repository.ldap.findUsersByNameQuery=displayName\=?1*
com.ibm.team.repository.ldap.registryUserName=cn\=BD-RTCDomainAcc,OU\=Users,OU\=BDServiceAccounts,OU\=MgmtResources,DC\=d101p,DC\=bdpnet,DC\=dk
com.ibm.team.repository.web.suppressedPages={"com.ibm.team.repository.web.admin"\: ["com.ibm.team.repository.provision"]}
com.ibm.team.datawarehouse.datawarehouse.jobs.enabled=false
com.ibm.team.repository.ldap.registryPassword=?????????
com.ibm.team.repository.ldap.findGroupsForUserQuery=member\={USER-DN}
com.ibm.team.repository.server.webapp.url=https\://rtc-s.bdunet.dk\:15010/jts
com.ibm.team.datawarehouse.db.automatic.setup=true
com.ibm.team.repository.db.vendor=db2
com.ibm.team.repository.ldap.findUsersByUserIdQuery=sAMAccountName\=?1
com.ibm.team.jfs.index.root.directory=indices
com.ibm.team.datawarehouse.db.net.port=1527
com.ibm.team.repository.ws.allow.admin.access=false
com.ibm.team.repository.ldap.findUsersByAnyNameQuery=(| (displayName\=* ?1*) (displayName\=*_?1*))
com.ibm.team.datawarehouse.db.vendor=DERBY
Comments
I'm still looking this over and so far it looks ok but I notice in the security.xml there are a couple of odd entries
primaryAdminId value, bindDN value and groupFilter value all have special html encoding characters in them.
This is most likely just the way it was pasted in into the answer, but probably worth checking your LDAP settings in WAS just to make sure.
For example see DC=bdpn in the data above.
The special characters are: <br>
Lets see if they will show up correctly
Comments
Manoj Panda
JAZZ DEVELOPER Nov 18 '13, 10:22 a.m.Hi Claus,
I am not sure about AIX, but i can tell you on windows. Just check the WAS Configuration.
can you please double check the following configuration.
The Java™ 2 Security option must be turned off. If this option is turned on in WebSphere Application Server, the web application will not start.
Claus Buch
Nov 18 '13, 1:24 p.m.No sorry, the java2 security has been turned off from the beginning