Authorization failure for user id that is part of a group.
 Technote (FAQ)
 
Problem
An attempt to login to the administration console with a user id that is part of a group in the LDAP server results in an error. The user is shown this message, "Unable to process login, Please check User ID and password and try again."

In the <WASROOT>\logs\dmgr\SystemOut.log file, this error is found:
"Authorization failed for <id> while invoking GET on admin_host:/admin/secure/login.jsp, Authorization failed, Not granted any of the required roles: administrator operator configurator monitor"
Where <id> is the id that is a member of the LDAP group.

This problem occurs when using WebSphere Application Server 5.0 and IBM Directory Server 4.1. It does not occur in versions of WebSphere Application Server after 5.0 and does not occur when using previous version of IBM Directory Server (SecureWay).
 
Cause
This is caused by having a space in the Base Distinguished Name field for the configuration of the LDAP registry. i.e. 'o=ibm, c=us'. There is a space between the comma and "c".
 
Solution
Open the administration console and navigate to Security > User Registries > LDAP

Remove the space in the Base Distinguished Name field for the configuration of the LDAP registry.

i.e. 'o=ibm,c=us'

Then, restart the deployment manager or base server.

 
 
Cross Reference information
Segment Product Component Platform Version Edition
Application Servers Runtimes for Java Technology Java SDK
 
 


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > Security
Operating system(s): Windows
Software version: 5.0
Software edition:
Reference #: 1108398
IBM Group: Software Group
Modified date: Oct 26, 2005