It's all about the answers!

Ask a question

BluePages/-Group LDAP Authentication does not work anymore a


Michael Haeberlen (81164) | asked Apr 08 '08, 3:51 a.m.
Hi,

with the aid of this forum (https://jazz.net/forums/viewtopic.php?t=987)
I had set up a WAS with bluepages LDAP which worked quite well with Jazz
M5a.

Now I moved to M6 and after migrating I get the following error:
SECJ0129E: Authorization failed for HAEBER@de.ibm.com while invoking GET
on default_host:/jazz/admin, Authorization failed, Not granted any of
the required roles: JazzUsers JazzAdmins JazzGuests JazzDWAdmins

I'd appreciate any hint how to analyse my problem a little bit deeper.

Thanks,
Michael

5 answers



permanent link
Michael Haeberlen (81164) | answered Apr 09 '08, 3:52 a.m.
Balaji Krish wrote:
Michael,

This is the path to custom properties.
Application servers > server1 > Process Definition > Java Virtual Machine
Custom Properties

Can you also list the ldap properties you are using to access bluepages ?

---- Balaji


"Michael Haeberlen" <haeber@de.ibm.com> wrote in message
news:ftfori$n0$1@localhost.localdomain...
Michael Haeberlen wrote:
Hi,

with the aid of this forum (https://jazz.net/forums/viewtopic.php?t=987)
I had set up a WAS with bluepages LDAP which worked quite well with Jazz
M5a.

Now I moved to M6 and after migrating I get the following error:
SECJ0129E: Authorization failed for HAEBER@de.ibm.com while invoking GET
on default_host:/jazz/admin, Authorization failed, Not granted any of the
required roles: JazzUsers JazzAdmins JazzGuests JazzDWAdmins

I'd appreciate any hint how to analyse my problem a little bit deeper.

Thanks,
Michael
I noticed that teamserver.properties did not get loaded.
https://jazz.net/jazz/web/projects/Jazz%20Project#action=com.ibm.team.workitem.viewWorkItem&id=50366

need to figure out how to set the custom properties


OK, finally I got it working.


One issue held me up quite some time:

I had setup log4j.configuration, com.ibm.team.server.configURL and
com.ibm.team repository.provision.profile as custum properties, but
specified ALL values as URLs. There was no hint about the error
condition in SystemOut.log but if had looked more carefully at
https://jazz.net/wiki/bin/view/Main/JazzProvisionerSetupInWAS
I would have realized that the value for com.ibm.team
repository.provision.profile MUST NOT be a URL but rather a normal file
path.

After I fixed that all remaining hurdles could easily be taken by
looking at SystemOut.log which now was verbose enough to complain about
the parameters that were missing (like Mail from address which is now
mandatory)

Thanks for your help!

permanent link
Balaji Krish (1.8k12) | answered Apr 08 '08, 1:56 p.m.
JAZZ DEVELOPER
Michael,

This is the path to custom properties.
Application servers > server1 > Process Definition > Java Virtual Machine >
Custom Properties

Can you also list the ldap properties you are using to access bluepages ?

---- Balaji


"Michael Haeberlen" <haeber@de.ibm.com> wrote in message
news:ftfori$n0$1@localhost.localdomain...
Michael Haeberlen wrote:
Hi,

with the aid of this forum (https://jazz.net/forums/viewtopic.php?t=987)
I had set up a WAS with bluepages LDAP which worked quite well with Jazz
M5a.

Now I moved to M6 and after migrating I get the following error:
SECJ0129E: Authorization failed for HAEBER@de.ibm.com while invoking GET
on default_host:/jazz/admin, Authorization failed, Not granted any of the
required roles: JazzUsers JazzAdmins JazzGuests JazzDWAdmins

I'd appreciate any hint how to analyse my problem a little bit deeper.

Thanks,
Michael
I noticed that teamserver.properties did not get loaded.
https://jazz.net/jazz/web/projects/Jazz%20Project#action=com.ibm.team.workitem.viewWorkItem&id=50366

need to figure out how to set the custom properties

permanent link
Michael Haeberlen (81164) | answered Apr 08 '08, 8:36 a.m.
Michael Haeberlen wrote:
Hi,

with the aid of this forum (https://jazz.net/forums/viewtopic.php?t=987)
I had set up a WAS with bluepages LDAP which worked quite well with Jazz
M5a.

Now I moved to M6 and after migrating I get the following error:
SECJ0129E: Authorization failed for HAEBER@de.ibm.com while invoking GET
on default_host:/jazz/admin, Authorization failed, Not granted any of
the required roles: JazzUsers JazzAdmins JazzGuests JazzDWAdmins

I'd appreciate any hint how to analyse my problem a little bit deeper.

Thanks,
Michael
I noticed that teamserver.properties did not get loaded.

https://jazz.net/jazz/web/projects/Jazz%20Project#action=com.ibm.team.workitem.viewWorkItem&id=50366

need to figure out how to set the custom properties

permanent link
Michael Haeberlen (81164) | answered Apr 08 '08, 7:37 a.m.
ehodel wrote:
Hello,
I had a similar problem after migrating to M6. I could not logon to a
secure connection with one of the jazz users I could logon in M5.

How I solved the problem:
Logged on with ADMIN
Opened the View Team Organisation and opened the user I could not log
on with. There was no Repository Groups selected. Selected JazzUsers
and JazzGuests.
Afterwards I could logon with that user.

It seems to me that the membership of those Repository Groups gets
lost when exporting and importing the db.

Can somebody else confirm or explain why this happens?

Elisabeth

Hi Elisabeth,

thanks for your reply. The problem for me, however, is that I cannot
use user ADMIN since this userid doesn't exist in the LDAP, so I can't
log in at all.

permanent link
Elisabeth Carbone (61698) | answered Apr 08 '08, 6:47 a.m.
JAZZ DEVELOPER
Hello,
I had a similar problem after migrating to M6. I could not logon to a secure connection with one of the jazz users I could logon in M5.

How I solved the problem:
Logged on with ADMIN
Opened the View Team Organisation and opened the user I could not log on with. There was no Repository Groups selected. Selected JazzUsers and JazzGuests.
Afterwards I could logon with that user.

It seems to me that the membership of those Repository Groups gets lost when exporting and importing the db.

Can somebody else confirm or explain why this happens?

Elisabeth

Your answer


Register or to post your answer.