Error login in from client though user has UI access
I try to create a connection from the eclipse client using my admin user abcd@dk.ibm.com
I get the error CRJAZ0062I The user "abcd@dk.ibm.com" is unknown. after 3 atempts Strange thing is that the user work very well when logging in to the server UI system is configured to use LDAP Problem is that while the web ui login is not :wink: |
4 answers
kims@dk.ibm-dot-com.no-spam.invalid (dk11419) wrote in news:g4vk5g$6ob$1
@localhost.localdomain: Problem is that while the web ui login is not case we had an issue with ldap case sensitivity a couple months ago... and it was painful :) Check work item 45640, How different is your issue ? -- Christophe Elek Serviceability Architect IBM Software Group - Rational |
schacher@us.ibm-dot-com.no-spam.invalid (schacher) wrote in news:g4vthf$asp
$1@localhost.localdomain: If that record does not exist or the db is inaccessible and the So.. if I have a user that is part of the jazzadmin group and does nto exist in the ldap, I get an error BUT i suddenly become ADMIN for the web ? Meaning I can change settings ? So the only thing I need to know is the userid right ? I understand the purpose.. allow an admin to configyre Jazz even if the ldap or db is down right ? SO the question is... should we plug the jazz admin into the appserver admin console and follow the same principles ? Here is what I do...let's say my webSphere LDAP SSL cert if expired. When I try to start webSphere I get an error. So what I do is that I disable WebSphere security, but then I remove the machine from the network So I am local and then I can do whatever I want Maybe we could do the same (allow a removal of security from the command line) or we plug into the authentication/authorization of the appserver admin consoles ? Thoughts ? -- Christophe Elek Serviceability Architect IBM Software Group - Rational |
This is almost certainly a result of the fact that login is case-sensitive. You can confirm this by looking at the server logs (see https://jazz.net/wiki/bin/view/Main/CrashKitFAQ).
The fact that it logs you in to the WEB UI is a feature, because you logged in as a user with the JazzAdmins role. If you look in the upper-right corner of the page however you'll notice that you were logged in as "ADMIN". This allows you to login and administer the server if the repository database is unavailable. When the server receives a request, it looks for a user record in the repository that matches the authenticated user. If that record does not exist or the db is inaccessible and the authenticated user has the JazzAdmins role, the web UI fails over to ADMIN. Suggestions on how this can be improved are welcome via enhancement requests. I've also updated our troubleshooting WIKI at https://jazz.net/wiki/bin/view/Main/LoginFailuresFAQ. |
So.. if I have a user that is part of the jazzadmin group and does nto No. If the user does not exist in LDAP, you'll fail to authenticate to the server at all and Jazz Team Server will never see the request. See the first section of https://jazz.net/learn/LearnItem.jsp?href=content/tech-notes/jazz-team-server-0_6-authentication-explained/index.html. I understand the purpose.. allow an admin to configyre Jazz even if the Actually if LDAP is down you won't be able to authenticate. This scenario is that you've authenticated but Jazz can't find a user record that matches the LDAP user. |
Your answer
Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.