Jazz Forum Welcome to the Jazz Community Forum Connect and collaborate with IBM Engineering experts and users

Unable to finalizew setup wizard for JTS 4.04

Questions
Tags
Users
Badges
Claus Buch
(5836) Nov 18 '13, 10:16 a.m.

I've installed RTC 4.04 on WebSphere/aix and DB2. Directory server on AD.

When running the jts/setup wizard it works alright until the where it starts to configure the Dataware house.

Here I check the box indicating that I don't want to configure the datawarehouse, and the click Next.

Then it tells me "The userid you logged in with is not recognizable", allthough it just has been verified on the login-screen.

In the jts.log it throws this execption :

2013-11-18 16:08:14,312 [WebContainer : 6 @@ 16:08 RTC_infoman /jts/service/com.ibm.team.repository.service.internal.IAdminRestService/contributor] ERROR ce.jts.internal.userregistry.ldap.LDAPUserRegistry  - CRJAZ0740E Information for the following user could not be retrieved from the external user directory: RTC_infoman
javax.naming.CommunicationException: Connection reset [Root exception is java.net.SocketException: Connection reset]; Remaining name: 'dc=d101p,dc=bdpnet,dc=dk'
        at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1995)
        at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1839)
        at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1764)
        at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:380)                                                                    

Any hits to solve this issue will be much appriciated.

/Claus Buch

1 vote

Comments
Manoj Panda
JAZZ DEVELOPER Nov 18 '13, 10:22 a.m.

Hi Claus,
 I am not sure about AIX, but i can tell you on windows. Just check the WAS Configuration.
can you please double check the following configuration.
The Java™ 2 Security option must be turned off. If this option is turned on in WebSphere Application Server, the web application will not start.

  1. In WebSphere Integrated Solutions Console, click Security > Global security.
  2. Under Java 2 security, clear the check box for Use Java 2 security to restrict application access to local resources.
  3. Ensure that the Enable administrative security and Enable application security check boxes are selected.

Claus Buch
Nov 18 '13, 1:24 p.m.

No sorry, the java2 security has been turned off from the beginning

3 answers
7,235 views
1 vote

3 answers

Permanent link
Claus Buch
(5836) Nov 21 '13, 4:41 a.m.

I have found the error and I am terrible sorry to have wasted your time, since the error is all due to myself.

The reason is that I haven't done the mapping of the various groups to the ccm application in the WebSphere setting, so that's why the user is refused when trying to connect. After having done the prober mapping, the setup worked as it should.

Thank you very much for your help, and once again - sorry to have wasted your time.

/Claus

3 votes

Comments
Karl Weinert
JAZZ DEVELOPER Nov 21 '13, 10:07 a.m.

Definitely not a waste of time. I'm sure you are not the first one that has run into this issue and this post will should help the next person that does.

Permanent link
Karl Weinert
JAZZ DEVELOPER (2.0k52736) Nov 18 '13, 11:48 a.m.
It looks like you might be using Tomcat as the application server. Is that correct?
Did you save the Tomcat config files on the configure LDAP step, stop JTS, and copy the newly created config files to the correct location.
If so maybe you missed one?  There is one for each installed application (jtc, ccm etc) admin, and server.xml for Tomcat.
It sounds like you may have missed the jts one but that is just a guess.
Here's the documentation for 4.0.2. It should be the same for 4.0.4.

http://pic.dhe.ibm.com/infocenter/clmhelp/v4r0m2/index.jsp?topic=%2Fcom.ibm.jazz.install.doc%2Ftopics%2Ft_config_ldap_connection.html

0 votes

Comments
Claus Buch
Nov 18 '13, 1:26 p.m.

No, I'm not using Tomcat. Instead I'm using the imbedded http-server in the WebSphere, so I guess there's  nothing to copy.

/Claus

Karl Weinert
JAZZ DEVELOPER Nov 18 '13, 5:23 p.m.

Hi Claus,

I'm thinking it might be a mismatch between the LDAP settings in the teamserver.properties file and the LDAP settings in WebSphere.
If you want to paste them in you can find the websphere LDAP settings in the security.xml file under the jts profile

Claus Buch
Nov 20 '13, 6:34 a.m.

I've made an answer on my own behalf, in order to have the settings pasted in

Permanent link
Claus Buch
(5836) Nov 20 '13, 6:33 a.m.

Hi Karl.

I'm making an answer on my own, to be able to paste in the settings you asked for. Here they are :

Security.xml :
.
.
<userRegistries xmi:type="security:LocalOSUserRegistry" xmi:id="LocalOSUserRegistry" serverId="" serverPassword="{xor}" realm="aix167.bdunet.dk" useRegistryServerId="false" primaryAdminId=""/>
  <userRegistries xmi:type="security:CustomUserRegistry" xmi:id="CustomUserRegistry_1" useRegistryServerId="false" primaryAdminId="" customRegistryClassName="com.ibm.websphere.security.FileRegistrySample"/>
  <userRegistries xmi:type="security:LDAPUserRegistry" xmi:id="LDAPUserRegistry_1" serverId="" serverPassword="{xor}" realm="d101p.bdpnet.dk:389" ignoreCase="true" useRegistryServerId="false" primaryAdminId="
BD-RTCwasadm" useRegistryRealm="true" type="CUSTOM" sslEnabled="false" sslConfig="" baseDN="DC=d101p,DC=bdpnet,DC=dk" bindDN="CN=BD-RTCDomainAcc,OU=Users,OU=BDServiceAccounts,OU=MgmtResources,DC=d101p,DC=bdpn
et,DC=dk" bindPassword="??????" searchTimeout="120" reuseConnection="true">
    <searchFilter xmi:id="LDAPSearchFilter_1" userFilter="(&amp;(sAMAccountName=%v)(objectclass=person))" krbUserFilter="(&amp;(krbPrincipalName=%v)(objectclass=ePerson))" groupFilter="(&amp;(name=%v)(|(objec
tclass=group)))" userIdMap="*:sAMAccountName" groupIdMap="*:name" groupMemberIdMap="memberof:member" certificateMapMode="EXACT_DN" certificateFilter=""/>
    <hosts xmi:id="EndPoint_1384500757518" host="d101p.bdpnet.dk" port="389"/>
  </userRegistries>
  <userRegistries xmi:type="security:WIMUserRegistry" xmi:id="WIMUserRegistry_1" serverId="" serverPassword="{xor}" realm="" ignoreCase="true" useRegistryServerId="false" primaryAdminId="" registryClassName="
com.ibm.ws.wim.registry.WIMUserRegistry"/>
  <authConfig xmi:id="AuthorizationConfig_1" useJACCProvider="false">
    <authorizationProviders xmi:id="AuthorizationProvider_1" j2eePolicyImplClassName="com.tivoli.pd.as.jacc.TAMPolicy" name="Tivoli Access Manager" policyConfigurationFactoryImplClassName="com.tivoli.pd.as.ja
cc.TAMPolicyConfigurationFactory" roleConfigurationFactoryImplClassName="com.tivoli.pd.as.jacc.TAMRoleConfigurationFactory" initializeJACCProviderClassName="com.tivoli.pd.as.jacc.cfg.TAMConfigInitialize" requ
iresEJBArgumentsPolicyContextHandler="false" supportsDynamicModuleUpdates="true"/>
  </authConfig>                                                             
 .
 .
 
 teamserver.properties :
 
root@aix167:/usr/IBM/WebSphere/AppServer1/profiles/rtc-> more /usr/IBM/WebSphere/Jazz404/server/conf/jts/teamserver.properties
#This configuration update was requested by "RTC_infoman".  The old contents of this file were copied to "/usr/IBM/WebSphere/Jazz404/server/conf/jts/teamserver-1384938532403bakup.properties".
#Wed Nov 20 10:08:52 CET 2013
com.ibm.team.datawarehouse.auth.type=JTS
com.ibm.team.repository.ldap.membersOfGroup=member
com.ibm.team.repository.db.jdbc.location=//mep7db2s.bdunet.dk\:50000/jts\:user\=db2inst1;password\={password};
com.ibm.team.repository.ldap.groupMapping=JazzAdmins\=BD-JazzAdmins,JazzUsers\=BD-JazzUsers,JazzDWAdmins\=BD-JazzDWAdmins,JazzProjectAdmins\=BD-JazzProjectAdmins,JazzGuests\=BD-JazzGuests
com.ibm.team.datawarehouse.auth.userId=23a1e1399fe7449dacf4ca92ecd4c02f
com.ibm.team.repository.changeEvent.expirationByCategory=SystemLog\:259200
com.ibm.team.repository.ldap.baseUserDN=dc\=d101p,dc\=bdpnet,dc\=dk
com.ibm.team.datawarehouse.db.jdbc.location=conf/jts/derby/warehouseDB
com.ibm.team.repository.notification.mail.smtp.server=SMTP.BANKDATA.LAN
com.ibm.team.fulltext.indexLocation=conf/jts/indices/workitemindex
com.ibm.team.repository.web.helpuri=/clmhelp/index.jsp
com.ibm.team.repository.db.jdbc.password=??????????????
com.ibm.team.repository.ldap.userAttributesMapping=userId\=sAMAccountName,name\=displayName,emailAddress\=mail
com.ibm.team.repository.notification.mail.from_name=RTC@bankdata.dk
com.ibm.team.repository.notification.mail.from=bdmtak@bankdata.dk
com.ibm.team.repository.notification.mail.enabled=true
com.ibm.team.repository.db.repoLockId=_0wXBsE3rEeOaOPZ4ft7Duw
com.ibm.team.repository.user.registry.type=LDAP
com.ibm.team.repository.ws.allow.identity.assertion=false
com.ibm.team.repository.ldap.registryLocation=ldap\://d101p.bdpnet.dk\:389
com.ibm.team.datawarehouse.auth.password=????????????????
com.ibm.team.repository.ldap.baseGroupDN=dc\=d101p,dc\=bdpnet,dc\=dk
com.ibm.team.repository.notification.mail.reply=bdmtak@bankdata.dk
com.ibm.team.repository.changeEvent.expirationDefault=1209600
com.ibm.team.repository.ldap.findUsersByNameQuery=displayName\=?1*
com.ibm.team.repository.ldap.registryUserName=cn\=BD-RTCDomainAcc,OU\=Users,OU\=BDServiceAccounts,OU\=MgmtResources,DC\=d101p,DC\=bdpnet,DC\=dk
com.ibm.team.repository.web.suppressedPages={"com.ibm.team.repository.web.admin"\: ["com.ibm.team.repository.provision"]}
com.ibm.team.datawarehouse.datawarehouse.jobs.enabled=false
com.ibm.team.repository.ldap.registryPassword=?????????
com.ibm.team.repository.ldap.findGroupsForUserQuery=member\={USER-DN}
com.ibm.team.repository.server.webapp.url=https\://rtc-s.bdunet.dk\:15010/jts
com.ibm.team.datawarehouse.db.automatic.setup=true
com.ibm.team.repository.db.vendor=db2
com.ibm.team.repository.ldap.findUsersByUserIdQuery=sAMAccountName\=?1
com.ibm.team.jfs.index.root.directory=indices
com.ibm.team.datawarehouse.db.net.port=1527
com.ibm.team.repository.ws.allow.admin.access=false
com.ibm.team.repository.ldap.findUsersByAnyNameQuery=(| (displayName\=* ?1*) (displayName\=*_?1*))
com.ibm.team.datawarehouse.db.vendor=DERBY
 

0 votes

Comments
Karl Weinert
JAZZ DEVELOPER Nov 20 '13, 10:00 a.m.

I'm still looking this over and so far it looks ok but I notice in the security.xml there are a couple of odd entries
primaryAdminId value, bindDN value and groupFilter value all have special html encoding characters in them.
This is most likely just the way it was pasted in into the answer, but probably worth checking your LDAP settings in WAS just to make sure.
For example see DC=bdpn in the data above.

The special characters are: &lt;br&gt;

Lets see if they will show up correctly

Your answer

Register or log in to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.

Ask a question
Guidelines
FAQ
Search context
Follow this question

By Email: 

Once you sign in you will be able to subscribe for any updates here.

By RSS:

Answers
Answers and Comments
Question details
× 2,358
× 37
× 4

Question asked: Nov 18 '13, 10:16 a.m.

Question was seen: 7,235 times

Last updated: Nov 21 '13, 10:07 a.m.

Confirmation Cancel Confirm