It's all about the answers!

Ask a question

RTC 3.0.1 LDAP User logged in and got ADMIN account


Aleksey Karlov (76108) | asked Jul 25 '11, 12:38 p.m.
I have very strange situation with RTC 3.0.1 where LDAP user logging in with his account login, once in application, it shows ADMIN account when user click on his profile. And behave in all tabs like an ADMIN. The ADMIN account is disabled and does not have any license assigned to it. So get the LDAP user. However if I look a that user LDAP profile he has license and projects, tasks, etc. But user can not see these.
At first I thought it is just a catch in the browser. We tried to clear the browser catch and tried it on several different computers. Same thing is happening. This is only for one user. I don't know what happened to his account and how it was assigned to admin account.

Keep in mind, I completely flashed out tomcat-users.xml file. It is empty.

Is anyone know why this is happening and resolution for that?

Thanks,

Alex K

9 answers



permanent link
Richard Hebron (6078) | answered Jul 25 '11, 4:02 p.m.
We experienced a similar problem. The user was defined as part of the JazzAdmin group in LDAP. But the LDAP was not synchronized with the Jazz Team Server so the user was not setup in RTC. Once the the LDAP was in sync with JTS, everything was okay.

Hope this helps.

I have very strange situation with RTC 3.0.1 where LDAP user logging in with his account login, once in application, it shows ADMIN account when user click on his profile. And behave in all tabs like an ADMIN. The ADMIN account is disabled and does not have any license assigned to it. So get the LDAP user. However if I look a that user LDAP profile he has license and projects, tasks, etc. But user can not see these.
At first I thought it is just a catch in the browser. We tried to clear the browser catch and tried it on several different computers. Same thing is happening. This is only for one user. I don't know what happened to his account and how it was assigned to admin account.

Keep in mind, I completely flashed out tomcat-users.xml file. It is empty.

Is anyone know why this is happening and resolution for that?

Thanks,

Alex K

permanent link
Lisa Davis (1621) | answered Jul 25 '11, 4:04 p.m.
I have very strange situation with RTC 3.0.1 where LDAP user logging in with his account login, once in application, it shows ADMIN account when user click on his profile. And behave in all tabs like an ADMIN. The ADMIN account is disabled and does not have any license assigned to it. So get the LDAP user. However if I look a that user LDAP profile he has license and projects, tasks, etc. But user can not see these.
At first I thought it is just a catch in the browser. We tried to clear the browser catch and tried it on several different computers. Same thing is happening. This is only for one user. I don't know what happened to his account and how it was assigned to admin account.

Keep in mind, I completely flashed out tomcat-users.xml file. It is empty.

Is anyone know why this is happening and resolution for that?

Thanks,

Alex K

I have encountered the same LDAP issue but I am using RTC 3.0.0 with WAS.

permanent link
Lisa Davis (1621) | answered Jul 25 '11, 4:26 p.m.
I have very strange situation with RTC 3.0.1 where LDAP user logging in with his account login, once in application, it shows ADMIN account when user click on his profile. And behave in all tabs like an ADMIN. The ADMIN account is disabled and does not have any license assigned to it. So get the LDAP user. However if I look a that user LDAP profile he has license and projects, tasks, etc. But user can not see these.
At first I thought it is just a catch in the browser. We tried to clear the browser catch and tried it on several different computers. Same thing is happening. This is only for one user. I don't know what happened to his account and how it was assigned to admin account.

Keep in mind, I completely flashed out tomcat-users.xml file. It is empty.

Is anyone know why this is happening and resolution for that?

Thanks,

Alex K

I have encountered the same LDAP issue but I am using RTC 3.0.0 with WAS.

permanent link
Aleksey Karlov (76108) | answered Jul 25 '11, 6:14 p.m.
I have very strange situation with RTC 3.0.1 where LDAP user logging in with his account login, once in application, it shows ADMIN account when user click on his profile. And behave in all tabs like an ADMIN. The ADMIN account is disabled and does not have any license assigned to it. So get the LDAP user. However if I look a that user LDAP profile he has license and projects, tasks, etc. But user can not see these.
At first I thought it is just a catch in the browser. We tried to clear the browser catch and tried it on several different computers. Same thing is happening. This is only for one user. I don't know what happened to his account and how it was assigned to admin account.

Keep in mind, I completely flashed out tomcat-users.xml file. It is empty.

Is anyone know why this is happening and resolution for that?

Thanks,

Alex K

I have encountered the same LDAP issue but I am using RTC 3.0.0 with WAS.

It is case sensitivity issue. Once user logged in with correct case User ID everything went ok. I changed teamserver.properties file by adding following line:
com.ibm.team.repository.caseInsensitiveUserIds=true
Now RTC 3.0.1 is case insensitive, but IBM Rational do not recommend it here: http://publib.boulder.ibm.com/infocenter/clmhelp/v3r0m1/index.jsp?topic=/com.ibm.jazz.install.doc/topics/c_plan_identity_management.html

permanent link
Geoffrey Clemm (30.1k33035) | answered Jul 25 '11, 9:25 p.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER
I'm hoping that is just an error in the user documentation, since I've
always understood that case-insensitive user-ID's is fully supported in
RTC when that property is set. I sent off some email to the repository
dev lead asking for clarification.

Cheers,
Geoff

On 7/25/2011 6:23 PM, mralexk wrote:
lisad1wrote:
I have very strange situation with RTC
3.0.1 where LDAP user logging in with his account login, once in
application, it shows ADMIN account when user click on his profile.
And behave in all tabs like an ADMIN. The ADMIN account is disabled
and does not have any license assigned to it. So get the LDAP user.
However if I look a that user LDAP profile he has license and
projects, tasks, etc. But user can not see these.
At first I thought it is just a catch in the browser. We tried to
clear the browser catch and tried it on several different computers.
Same thing is happening. This is only for one user. I don't know what
happened to his account and how it was assigned to admin account.

Keep in mind, I completely flashed out tomcat-users.xml file. It is
empty.

Is anyone know why this is happening and resolution for that?

Thanks,

Alex K
I have encountered the same LDAP issue but I am using RTC 3.0.0 with
WAS.


It is case sensitivity issue. Once user logged in with correct case
User ID everything went ok. I changed teamserver.properties file by
adding following line:
com.ibm.team.repository.caseInsensitiveUserIds=true
Now RTC 3.0.1 is case insensitive, but IBM Rational do not recommend
it here:
http://publib.boulder.ibm.com/infocenter/clmhelp/v3r0m1/index.jsp?topic=/com.ibm.jazz.install.doc/topics/c_plan_identity_management.html

permanent link
Geoffrey Clemm (30.1k33035) | answered Jul 26 '11, 9:21 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER
I have gotten confirmation from the repository dev lead that the
documentation is incorrect. I've submitted work item 172390 to get the
documentation fixed.

Cheers,
Geoff

On 7/25/2011 9:25 PM, Geoffrey Clemm wrote:
I'm hoping that is just an error in the user documentation, since I've
always understood that case-insensitive user-ID's is fully supported in
RTC when that property is set. I sent off some email to the repository
dev lead asking for clarification.

Cheers,
Geoff

On 7/25/2011 6:23 PM, mralexk wrote:
lisad1wrote:
I have very strange situation with RTC
3.0.1 where LDAP user logging in with his account login, once in
application, it shows ADMIN account when user click on his profile.
And behave in all tabs like an ADMIN. The ADMIN account is disabled
and does not have any license assigned to it. So get the LDAP user.
However if I look a that user LDAP profile he has license and
projects, tasks, etc. But user can not see these.
At first I thought it is just a catch in the browser. We tried to
clear the browser catch and tried it on several different computers.
Same thing is happening. This is only for one user. I don't know what
happened to his account and how it was assigned to admin account.

Keep in mind, I completely flashed out tomcat-users.xml file. It is
empty.

Is anyone know why this is happening and resolution for that?

Thanks,

Alex K
I have encountered the same LDAP issue but I am using RTC 3.0.0 with
WAS.


It is case sensitivity issue. Once user logged in with correct case
User ID everything went ok. I changed teamserver.properties file by
adding following line:
com.ibm.team.repository.caseInsensitiveUserIds=true
Now RTC 3.0.1 is case insensitive, but IBM Rational do not recommend
it here:
http://publib.boulder.ibm.com/infocenter/clmhelp/v3r0m1/index.jsp?topic=/com.ibm.jazz.install.doc/topics/c_plan_identity_management.html



permanent link
Aleksey Karlov (76108) | answered Jul 26 '11, 7:30 p.m.
I have gotten confirmation from the repository dev lead that the
documentation is incorrect. I've submitted work item 172390 to get the
documentation fixed.

Cheers,
Geoff

On 7/25/2011 9:25 PM, Geoffrey Clemm wrote:
I'm hoping that is just an error in the user documentation, since I've
always understood that case-insensitive user-ID's is fully supported in
RTC when that property is set. I sent off some email to the repository
dev lead asking for clarification.

Cheers,
Geoff

On 7/25/2011 6:23 PM, mralexk wrote:
lisad1wrote:
I have very strange situation with RTC
3.0.1 where LDAP user logging in with his account login, once in
application, it shows ADMIN account when user click on his profile.
And behave in all tabs like an ADMIN. The ADMIN account is disabled
and does not have any license assigned to it. So get the LDAP user.
However if I look a that user LDAP profile he has license and
projects, tasks, etc. But user can not see these.
At first I thought it is just a catch in the browser. We tried to
clear the browser catch and tried it on several different computers.
Same thing is happening. This is only for one user. I don't know what
happened to his account and how it was assigned to admin account.

Keep in mind, I completely flashed out tomcat-users.xml file. It is
empty.

Is anyone know why this is happening and resolution for that?

Thanks,

Alex K
I have encountered the same LDAP issue but I am using RTC 3.0.0 with
WAS.


It is case sensitivity issue. Once user logged in with correct case
User ID everything went ok. I changed teamserver.properties file by
adding following line:
com.ibm.team.repository.caseInsensitiveUserIds=true
Now RTC 3.0.1 is case insensitive, but IBM Rational do not recommend
it here:
http://publib.boulder.ibm.com/infocenter/clmhelp/v3r0m1/index.jsp?topic=/com.ibm.jazz.install.doc/topics/c_plan_identity_management.html




Thank you Geoffrey,

Alex K

permanent link
Vivek Iyer (15212527) | answered Oct 12 '11, 5:07 p.m.
I had this same problem today, and was able to resolve it thanks to this thread.

I do wonder what this means from a security standpoint. If a user gets switched to the ADMIN account, will he/she get a level of access that they are not supposed to have? If yes, that is a cause for concern. Thanks.

permanent link
Aleksey Karlov (76108) | answered Oct 12 '11, 6:46 p.m.
I had this same problem today, and was able to resolve it thanks to this thread.

I do wonder what this means from a security standpoint. If a user gets switched to the ADMIN account, will he/she get a level of access that they are not supposed to have? If yes, that is a cause for concern. Thanks.


Hello Vivekiyer,

When you set LDAP for your RTC login, the ADMIN user is usually should be disabled. What it meant in our case is user can't actually do anything as ADMIN is disabled.

Your answer


Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.