It's all about the answers!

Ask a question

Unable to login to JTS Setup in CLM 5.0.2


Narayanan Potti (27037279) | asked Mar 04 '15, 9:26 a.m.
I am getting error on JTS Setup URL:
Error!
We're Sorry...
The user <admin userId> is not authorized to access Jazz Team Server Admin UI.
 CRJAZ2612E <admin userId> is not a user in the repository. Check the spelling and capitalization of the user ID. The user might need to be imported into the repository.

Getting the same error on URLs /jts/admin, /ccm/admin and /qm/admin.

Environment details:
CLM 5.0.2 is installed on Windows Server 2008 R2 in distributed enterprise topology.
Application server is WebSphere Application Server (WAS) 8.5.5.4.
Database: Oracle 11.2.0.3.

I had configured each instance of WAS to use LDAP User Registry. In WAS Admin Console for each WAS I configured the WAR file under Applications, Application Types, WebSphere enterprise applications, Security role to user/group mapping. I ran the steps in JTS Setup upto LDAP configuration, disabled ADMIN user and activated temporary eval licenses.

Any help will be appreciated. I need to complete remaining steps in JTS Setup ASAP.

Thanks in advance
NP

2 answers



permanent link
Abraham Sweiss (2.4k1331) | answered Mar 05 '15, 10:23 a.m.
h Np,

My understanding is that AD by default does not have all the attributes set by default which are required for RTC.
For example in my teamserver.properties file for the jts server, I can see the mappings for the ldap server I use are.

com.ibm.team.repository.ldap.userAttributesMapping=userId\=preferredidentity,name\=cn,emailAddress\=mail

If your mappings all look good, then I would need to punt to the PMR process since we will  most likely need tracing.

Comments
Narayanan Potti commented Mar 10 '15, 11:26 a.m.

Hi Abraham

Error was resolved with help from tech support for the PMR I had opened and with help from from AD administrator.

Issue with was the admin user ID I used to login and run Custom JTS Setup was not in AD group JazzAdmins. When AD aministrator used AD Tools to look up admin user it showed user was member of AD group JazzAdmins. However when I used Softerra LDAP browser admin was not showing as member of JazzAdmins. It was bit confusing for all of us. AD administrator then deleted admin user and re-added to AD.  That fixed the issue and I was able to see admin as member in JazzAdmins.

Thanks
NP





permanent link
Abraham Sweiss (2.4k1331) | answered Mar 04 '15, 9:43 a.m.
Hello NP.
I would suggest opening a PMR.  

From the error message, it sounds like you are trying to log in with ADMIN/ADMIN user.  You need to log in with a user that is in the jazzAdmin group.


Comments
Narayanan Potti commented Mar 04 '15, 9:56 a.m.

Hi Abraham

Thanks for quick response. I opened PMR and waiting to get response. I wanted to know if there's a known issue with WAS 8.5.5.4 or with CLM 5.0.2. I am not trying to login as ADMIN. The user ID I am trying is in LDAP and user is added to the AD group JazzAdmins.  I had logged in with this userID and ran JTS Setup upto LDAP configuration. After entering LDAP  configuration the login gives error.

Thank You
NP


Abraham Sweiss commented Mar 04 '15, 10:06 a.m.

Hi Np,
I am not aware of any defecs which would cause this error.

However I had run into an issue where I had created users in Websphere which did not exist in LDAP that prevented me from completing the setup process.  I would check to ensure this is not the case.






Narayanan Potti commented Mar 04 '15, 10:12 a.m.

Hi Abraham

I don't recall creating user in WAS Admin console. Under Security, Global Security, Standalone LDAP registry I had entered:
1. Primary administrative user name,
2. Bind distinguished name (DN) and
3. Bind password.

Same userId in 1 & 2 above. Please let me know where else I need to check this.

Thank You
NP


Abraham Sweiss commented Mar 04 '15, 10:38 a.m.

Hi Np,
I would check under Security -> Users and groups (I think that is the path for WAS 8.55.)  and make sure no users were manually created in WAS.

The other thing I would check is to make sure all the users in the LDAP server have a uid, name and email attribute.  If any one of these are missing, there will be problems.  That is the users that will be logging into RTC.


Narayanan Potti commented Mar 04 '15, 2:27 p.m.

Hi Abraham

In WebSphere admin console I looked at Users and Groups > Manage Users and there are no users listed there for JTS, CCM and QM.

Using Softerra LDAP browser I looked at the admin user account in AD and the user has userPrincipalName set to sAMAccountName@<fully qualified domain name>. I checked a few user Ids and tend to think all user accounts are created in AD in consistent manner.

Thanks
 NP

Your answer


Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.