IDM 4.0.2 Reporting Module - Unable to log in


Hello,

So, I just installed the reporting module on my IDM 4.0.2 - but I'm not
able to log into the reporting module. The strange thing is, that I was
able to just after I finished the installation. But as soon as I logged
out, and attemped to log back in, I got this error in my log:

WARN [RPT] [com.novell.idm.rpt.core.server.j2ee.AuthFilter:chec
kPermission] User CN=uaadmin,OU=sa,OU=entities,OU=idv,O=top has no
access rights.

I've found the other posts on the forum about the same error, and I've
tried all of the solutions suggested. Patching, reassigning the roles,
etc, but nothing works. The strange this is that it worked, and now it
doesn't.

The Data Collection Service Driver gives this error:

Subscriber Error: (Error 401) Could not connect to the URL
'10.50.0.11:8180/.../idvs'. Unauthorized User Account
error</description>

I guess that is related to the same problem. It is as if the uaadmin
user has had it's rights revoked somehow, yet it has all of the roles
that it needs.

Thanks in advance.

Jacob.


--
jacmarpet
------------------------------------------------------------------------
jacmarpet's Profile: https://forums.netiq.com/member.php?userid=415
View this thread: https://forums.netiq.com/showthread.php?t=46624

Parents
  • Look at your RRSD driver, and ensure when you hit the User App WAR the
    very first time, and User App generated all the nrfRequests for admin
    roles in UA'land that it did not error on them.

    I.e. UA thinks you have the roles assigned, but the nrfRequest failed to
    be implemented by the RRSD driver.

    Very common error. There is a configupdate.sh button somewhere that
    requests a re-do of that step on the next UA WAR unpack. (Or so I am
    told).

    Often this will happen because RRSD says the user is out of scope and
    refuses to implement the Role assignment. Like you defined
    ou=Users,ou=Acme,dc=com, but your UAadmin is in ou=Servers,ou=acme,dc=com.



    > So, I just installed the reporting module on my IDM 4.0.2 - but I'm not
    > able to log into the reporting module. The strange thing is, that I was
    > able to just after I finished the installation. But as soon as I logged
    > out, and attemped to log back in, I got this error in my log:
    >
    > WARN [RPT] [com.novell.idm.rpt.core.server.j2ee.AuthFilter:chec
    > kPermission] User CN=uaadmin,OU=sa,OU=entities,OU=idv,O=top has no
    > access rights.
    >
    > I've found the other posts on the forum about the same error, and I've
    > tried all of the solutions suggested. Patching, reassigning the roles,
    > etc, but nothing works. The strange this is that it worked, and now it
    > doesn't.
    >
    > The Data Collection Service Driver gives this error:
    >
    > Subscriber Error: (Error 401) Could not connect to the URL
    > '10.50.0.11:8180/.../idvs'. Unauthorized User Account
    > error</description>
    >
    > I guess that is related to the same problem. It is as if the uaadmin
    > user has had it's rights revoked somehow, yet it has all of the roles
    > that it needs.
    >
    > Thanks in advance.
    >
    > Jacob.
    >
    >



  • I have checked on the user. He does have the nrfAssignedRoles and
    nrfMemberOf set for all of the administrative roles. The reportAdmin
    object does have the user in it's Eqivalent To Me attribute list, and so
    does the rest of the admin roles. You say that there is some sort
    configupdate.sh button? Do you mean a button in the UA? I have run the
    configupdate.sh command multiple times, and reassigned the roles to the
    user. I followed a guide presented in another forum post, where you also
    remove a XML entity, to make the system think the administrative roles
    hasn't been assigned yet. He did get them, but that did not solve the
    problem. I'm not sure what to do. I've done the complete installation
    twice now with no luck.


    --
    jacmarpet
    ------------------------------------------------------------------------
    jacmarpet's Profile: https://forums.netiq.com/member.php?userid=415
    View this thread: https://forums.netiq.com/showthread.php?t=46624

  • On 1/25/2013 2:54 AM, jacmarpet wrote:
    >
    > I have checked on the user. He does have the nrfAssignedRoles and
    > nrfMemberOf set for all of the administrative roles. The reportAdmin
    > object does have the user in it's Eqivalent To Me attribute list, and so
    > does the rest of the admin roles. You say that there is some sort
    > configupdate.sh button? Do you mean a button in the UA? I have run the
    > configupdate.sh command multiple times, and reassigned the roles to the
    > user. I followed a guide presented in another forum post, where you also
    > remove a XML entity, to make the system think the administrative roles
    > hasn't been assigned yet. He did get them, but that did not solve the
    > problem. I'm not sure what to do. I've done the complete installation
    > twice now with no luck.


    as a vague memory, Reporting needed two admin roles? Reporting and
    something else... Or am I remembering wrong?

Reply
  • On 1/25/2013 2:54 AM, jacmarpet wrote:
    >
    > I have checked on the user. He does have the nrfAssignedRoles and
    > nrfMemberOf set for all of the administrative roles. The reportAdmin
    > object does have the user in it's Eqivalent To Me attribute list, and so
    > does the rest of the admin roles. You say that there is some sort
    > configupdate.sh button? Do you mean a button in the UA? I have run the
    > configupdate.sh command multiple times, and reassigned the roles to the
    > user. I followed a guide presented in another forum post, where you also
    > remove a XML entity, to make the system think the administrative roles
    > hasn't been assigned yet. He did get them, but that did not solve the
    > problem. I'm not sure what to do. I've done the complete installation
    > twice now with no luck.


    as a vague memory, Reporting needed two admin roles? Reporting and
    something else... Or am I remembering wrong?

Children