|
Problem |
An attempt to login to the administration console with a
user id that is part of a group in the LDAP server results in an error.
The user is shown this message, "Unable to process login, Please check
User ID and password and try again."
In the <WASROOT>\logs\dmgr\SystemOut.log file, this error is found:
"Authorization failed for <id> while invoking GET on
admin_host:/admin/secure/login.jsp, Authorization failed, Not granted any
of the required roles: administrator operator configurator monitor"
Where <id> is the id that is a member of the LDAP group.
This problem occurs when using WebSphere Application Server 5.0 and IBM
Directory Server 4.1. It does not occur in versions of WebSphere
Application Server after 5.0 and does not occur when using previous
version of IBM Directory Server (SecureWay). |
|
Cause |
This is caused by having a space in the Base Distinguished
Name field for the configuration of the LDAP registry. i.e. 'o=ibm, c=us'.
There is a space between the comma and "c". |
|
Solution |
Open the administration console and navigate to
Security > User Registries > LDAP
Remove the space in the Base Distinguished Name field for the
configuration of the LDAP registry.
i.e. 'o=ibm,c=us'
Then, restart the deployment manager or base server.
|
|
|
|
Cross Reference information |
Segment |
Product |
Component |
Platform |
Version |
Edition |
Application Servers |
Runtimes for Java Technology |
Java SDK |
|
|
|
|
|
|
|