It's all about the answers!

Ask a question

LDAP - There was an error attempting to create the new user


Harry Koehnemann (30125238) | asked Feb 03 '12, 5:45 p.m.
We are configuring RTC 3.0.1 w/ DB2 and Tomcat to connect to Active Directory. LDAP Test Connection responds with a warning that it cannot find the "email" attribute, but another forum topic mentioned someone had continued past that warning successfully. And we don't mind fixing it later.

After configuring LDAP, RTC setup prompts us to log back into JTS/setup. We login sucessfully with the LDAP user, try to select next and receive the error:
There was an error attempting to create the new user - ID CRJAZ1551E

This tech article mentions the error is (can be?) caused by the user being found as a JazzAdmin, but not in the user search.
https://www-304.ibm.com/support/docview.wss?uid=swg21424134

To eliminate that problem, we walked through this article and tested both the groups and users and they appear OK. One difference is that Active Directory puts the groups in a single attribute entry so in step 6, we have a single "members" attribute with a list of members instead of a "members" attribute for each member of the group. We tried removing all but one member from the group so the attribute would have the same structure, but no luck.
http://www-01.ibm.com/support/docview.wss?uid=swg21445366

Questions:
If we are authenticating back in with our admin account, does that confirm we are connecting to LDAP's user search properly? If so, are we past the problem described in the tech article? And then does that mean Tomcat's Realm is correct, JTS's LDAP's is correct, or both are correct?

Is there a problem with Active Directory's grouping members in a single "members" attribute? We seem to authenticate fine.

We put the group entries in the same location as the member entries (the Base User DN and the Base Group DN are the same). Could that be an issue?

What can we try that we have not yet? We've had two LDAP browsers looking at it and other than their being a single "members" attibutes on the group everything check out.

Many thanks.

5 answers



permanent link
Dinesh Kumar B (4.1k413) | answered Jan 06 '14, 6:16 a.m.
JAZZ DEVELOPER
The error ID CRJAZ1551E on my setup occurred due to a difference in 
   the way I was attempting to configure LDAP during JTS Setup 
and 
   the parameters set in my WAS instance Global Security : LDAP 

here is more details, I see the error with : 

In WAS : User ID map was set to *:uid
(reachable through Global security > Standalone LDAP registry > Advanced Lightweight Directory Access Protocol (LDAP) user registry settings)

and 

JTS Setup / Step 6 : User Property Names Mapping set with userId=preferredIdentity,name=cn,emailAddress=preferredIdentity

once i revised the WAS User ID map to use *:preferredIdentity, the error was resolved.

So, one thing to check when you are stuck at CRJAZ1551E would be the user id mappings in the JTS and compare that to what is set up in Application Server security.

Hope this helps.

permanent link
Ralph Schoon (63.1k33645) | answered Feb 06 '12, 8:41 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER
Hi Harry,

If you run on LDAP it is impossible to create users in the tools. You need to have the users created in LDAP before. Make sure to log into the tool using a user that follows the required conditions mentioned in https://www-304.ibm.com/support/docview.wss?uid=swg21424134

To setup LDAP properly and to find out the settings work, the LDAP configuration page in the setup provides some text with links that lead to a procedure description helping with testing the LDAP setup. I have used that in the past and it works. If your settings work there, they should work with the tools. I would suspect you have a problem with mapping the repository permissions (JazzAdmin). If so the procedure mentioned should show that.

permanent link
Harry Koehnemann (30125238) | answered Feb 06 '12, 9:18 a.m.
Thanks for the reply Ralph. We are not trying to create a user. RTC is giving that error when we click Next off the LDAP page during setup (next step is the DW I believe).

This link is the only article I found with this error, which implies RTC is having an issue finding the initial LDAP user we had to re-authenticate with (RTC requires re-authentication after configuring the LDAP setup page) so that it (RTC) can create the user.
https://www-304.ibm.com/support/docview.wss?uid=swg21424134

And there is nothing in the log files. Are there options for verbose LDAP logging? Any ideas why RTC would give this error message or why it wants to create a user?

permanent link
Georg Kellner (840378108) | answered Feb 15 '12, 11:25 a.m.
I'm facing the same problem.

One question:
Which OS are you using?

I've configured a JTS with QM some weeks ago, it is fine, and now I try to setup a test environment, it fails at the same time, just before configuring the warehouse.

I've compared all the settings within WebSphere and JTS, they are identical.

The only difference is the OS.
Our productive QM system is a w2k8 server, my testenvironment is WinXP.

greetings georg.

permanent link
Harry Koehnemann (30125238) | answered Feb 15 '12, 1:40 p.m.
The OS was Windows/DB2 with Active Directory for LDAP. We had IBM support help out and the issue was resolved. The solutions was to wait a day for RTC to sync users. Or the IT person did not have the install user in the proper Jazz Admin group in LDAP. I am not sure how the problem was resolved frankly, but these are the two stories I heard. Hope this helps.

Your answer


Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.