RTC v2.0 LDAP Permission Error
I have a client struggling with the following issue. Any feedback/assistance would be greatly appreciated:
When we run setup in production, we get an error that RTCz is unable to
connect to the ldap server. We are using a secure connection on 636 and we retrieve the certificate through the WebSphere Admin console. We have a user that has the same permissions they have in test. Users can
authenticate to the RTCz web site, and it recognizes their authorization
based on AD group membership that we mapped in the WAS admin console, but the application itself cannot connect with AD.
We get this when we get to the "Setup User Registry" section of Jazz setup
"Cannot connect to LDAP directory "ldaps://doversdcr3.state.de.us:636"."
Then when we go into user management and click on "Import Users" and then search we get this message -
CRJAZ0742I Unable to connect to the LDAP directory server. Verify that the server application is configured properly and that the LDAP server is
reachable.
Our AD admins say the only difference between test and prod is that prod is using a new DC cert that support KDC authentication where test does not.
They are using Windows 2008 R2.
When we run setup in production, we get an error that RTCz is unable to
connect to the ldap server. We are using a secure connection on 636 and we retrieve the certificate through the WebSphere Admin console. We have a user that has the same permissions they have in test. Users can
authenticate to the RTCz web site, and it recognizes their authorization
based on AD group membership that we mapped in the WAS admin console, but the application itself cannot connect with AD.
We get this when we get to the "Setup User Registry" section of Jazz setup
"Cannot connect to LDAP directory "ldaps://doversdcr3.state.de.us:636"."
Then when we go into user management and click on "Import Users" and then search we get this message -
CRJAZ0742I Unable to connect to the LDAP directory server. Verify that the server application is configured properly and that the LDAP server is
reachable.
Our AD admins say the only difference between test and prod is that prod is using a new DC cert that support KDC authentication where test does not.
They are using Windows 2008 R2.
4 answers
I too got this same error message (CRJAZ0742I) when configuring RQM. For me it was as simple as re-entering the LDAP password. I suspect that when I did a cut-n-paste a CR/LF may have been accidentally appended, causing my troubles. So, the advise I would give, is to re-check the LDAP password before all the technical details of an LDAP configuration. Special thanks to my consultant : MH.
JM
JM
Just wanted to clarify why and what:
When I ran into the same scenario, I realized my network userid is associated with the teamserver.properties file, which in turn, I have configured when I setup Jazz Team server configuration for LDAP.
Last week my password had to be changed and this week I noticed this error. Just a guess, I dont think it hampers any functionality of any already added user to RQM, it's just that with this error, you cannot inport any user into RQM through LDAP.
So I went into the Jazz Team server configuration, replaced my changed password, saved and restarted WebSphere and everything is fine.
I followed the above suggestion and restarted WebSphere before I re-configured Jazz Team server and it did not work.
When I ran into the same scenario, I realized my network userid is associated with the teamserver.properties file, which in turn, I have configured when I setup Jazz Team server configuration for LDAP.
Last week my password had to be changed and this week I noticed this error. Just a guess, I dont think it hampers any functionality of any already added user to RQM, it's just that with this error, you cannot inport any user into RQM through LDAP.
So I went into the Jazz Team server configuration, replaced my changed password, saved and restarted WebSphere and everything is fine.
I followed the above suggestion and restarted WebSphere before I re-configured Jazz Team server and it did not work.