• State Not Answered
  • Replies replies
    7
  • Subscribers subscribers
    25
  • Views views
    204
  • Users 0 members are here
  • Locked Locked
Related
Options
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IDM 4.0.2 Reporting Module - Unable to log in

MigrationDeletedUser

Hello,

So, I just installed the reporting module on my IDM 4.0.2 - but I'm not
able to log into the reporting module. The strange thing is, that I was
able to just after I finished the installation. But as soon as I logged
out, and attemped to log back in, I got this error in my log:

WARN [RPT] [com.novell.idm.rpt.core.server.j2ee.AuthFilter:chec
kPermission] User CN=uaadmin,OU=sa,OU=entities,OU=idv,O=top has no
access rights.

I've found the other posts on the forum about the same error, and I've
tried all of the solutions suggested. Patching, reassigning the roles,
etc, but nothing works. The strange this is that it worked, and now it
doesn't.

The Data Collection Service Driver gives this error:

Subscriber Error: (Error 401) Could not connect to the URL
'10.50.0.11:8180/.../idvs'. Unauthorized User Account
error</description>

I guess that is related to the same problem. It is as if the uaadmin
user has had it's rights revoked somehow, yet it has all of the roles
that it needs.

Thanks in advance.

Jacob.


--
jacmarpet
------------------------------------------------------------------------
jacmarpet's Profile: https://forums.netiq.com/member.php?userid=415
View this thread: https://forums.netiq.com/showthread.php?t=46624

Parents
  • 0
    Look at your RRSD driver, and ensure when you hit the User App WAR the
    very first time, and User App generated all the nrfRequests for admin
    roles in UA'land that it did not error on them.

    I.e. UA thinks you have the roles assigned, but the nrfRequest failed to
    be implemented by the RRSD driver.

    Very common error. There is a configupdate.sh button somewhere that
    requests a re-do of that step on the next UA WAR unpack. (Or so I am
    told).

    Often this will happen because RRSD says the user is out of scope and
    refuses to implement the Role assignment. Like you defined
    ou=Users,ou=Acme,dc=com, but your UAadmin is in ou=Servers,ou=acme,dc=com.



    > So, I just installed the reporting module on my IDM 4.0.2 - but I'm not
    > able to log into the reporting module. The strange thing is, that I was
    > able to just after I finished the installation. But as soon as I logged
    > out, and attemped to log back in, I got this error in my log:
    >
    > WARN [RPT] [com.novell.idm.rpt.core.server.j2ee.AuthFilter:chec
    > kPermission] User CN=uaadmin,OU=sa,OU=entities,OU=idv,O=top has no
    > access rights.
    >
    > I've found the other posts on the forum about the same error, and I've
    > tried all of the solutions suggested. Patching, reassigning the roles,
    > etc, but nothing works. The strange this is that it worked, and now it
    > doesn't.
    >
    > The Data Collection Service Driver gives this error:
    >
    > Subscriber Error: (Error 401) Could not connect to the URL
    > '10.50.0.11:8180/.../idvs'. Unauthorized User Account
    > error</description>
    >
    > I guess that is related to the same problem. It is as if the uaadmin
    > user has had it's rights revoked somehow, yet it has all of the roles
    > that it needs.
    >
    > Thanks in advance.
    >
    > Jacob.
    >
    >

  • 0 in reply to Geoffrey Carman

    I have checked on the user. He does have the nrfAssignedRoles and
    nrfMemberOf set for all of the administrative roles. The reportAdmin
    object does have the user in it's Eqivalent To Me attribute list, and so
    does the rest of the admin roles. You say that there is some sort
    configupdate.sh button? Do you mean a button in the UA? I have run the
    configupdate.sh command multiple times, and reassigned the roles to the
    user. I followed a guide presented in another forum post, where you also
    remove a XML entity, to make the system think the administrative roles
    hasn't been assigned yet. He did get them, but that did not solve the
    problem. I'm not sure what to do. I've done the complete installation
    twice now with no luck.


    --
    jacmarpet
    ------------------------------------------------------------------------
    jacmarpet's Profile: https://forums.netiq.com/member.php?userid=415
    View this thread: https://forums.netiq.com/showthread.php?t=46624

  • 0 in reply to MigrationDeletedUser
    On 1/25/2013 2:54 AM, jacmarpet wrote:
    >
    > I have checked on the user. He does have the nrfAssignedRoles and
    > nrfMemberOf set for all of the administrative roles. The reportAdmin
    > object does have the user in it's Eqivalent To Me attribute list, and so
    > does the rest of the admin roles. You say that there is some sort
    > configupdate.sh button? Do you mean a button in the UA? I have run the
    > configupdate.sh command multiple times, and reassigned the roles to the
    > user. I followed a guide presented in another forum post, where you also
    > remove a XML entity, to make the system think the administrative roles
    > hasn't been assigned yet. He did get them, but that did not solve the
    > problem. I'm not sure what to do. I've done the complete installation
    > twice now with no luck.

    as a vague memory, Reporting needed two admin roles? Reporting and
    something else... Or am I remembering wrong?

  • 0 in reply to Geoffrey Carman

    I am not sure, but the user has all of them.


    --
    jacmarpet
    ------------------------------------------------------------------------
    jacmarpet's Profile: https://forums.netiq.com/member.php?userid=415
    View this thread: https://forums.netiq.com/showthread.php?t=46624

  • 0 in reply to MigrationDeletedUser
    On 01/25/2013 07:34 AM, jacmarpet wrote:
    >
    > I am not sure, but the user has all of them.
    >
    >
    Greetings,

    1) To access the Reporting Module, the user only has to have the Report
    Admin Role

    2) What port is JBoss running on?

    3) Did I understand your post correctly:
    a) Installation completed without error
    b) Logged into UserApp and all 9 Admin Roles were assigned
    c) Logged into Reporting
    d) Logged out of Reporting
    e) Tried to login into Reporting again and received the error



    --

    Sincerely,
    Steven Williams
    Lead Software Engineer
    NetIQ
  • 0 in reply to MigrationDeletedUser

    Hello Steven,

    JBoss is running on port 8180.

    Installation had no errors.
    uaadmin has all 9 admin roles.
    And yes, I was able to log into Reporting, just after the installation.
    I then logged out and attempted to log back in, and then the user did
    not have the sufficient rights to log in.

    Jacob.


    --
    jacmarpet
    ------------------------------------------------------------------------
    jacmarpet's Profile: https://forums.netiq.com/member.php?userid=415
    View this thread: https://forums.netiq.com/showthread.php?t=46624

  • 0 in reply to MigrationDeletedUser
    On 01/28/2013 02:44 AM, jacmarpet wrote:
    >
    > Hello Steven,
    >
    > JBoss is running on port 8180.
    >
    > Installation had no errors.
    > uaadmin has all 9 admin roles.
    > And yes, I was able to log into Reporting, just after the installation.
    > I then logged out and attempted to log back in, and then the user did
    > not have the sufficient rights to log in.
    >
    > Jacob.
    >
    >
    Greetings Jacob,
    If you have not already, please open a Service Request because I
    will need to get more information to help resolve this issue.

    --

    Sincerely,
    Steven Williams
    Lead Software Engineer
    NetIQ
Reply
  • 0 in reply to MigrationDeletedUser
    On 01/28/2013 02:44 AM, jacmarpet wrote:
    >
    > Hello Steven,
    >
    > JBoss is running on port 8180.
    >
    > Installation had no errors.
    > uaadmin has all 9 admin roles.
    > And yes, I was able to log into Reporting, just after the installation.
    > I then logged out and attempted to log back in, and then the user did
    > not have the sufficient rights to log in.
    >
    > Jacob.
    >
    >
    Greetings Jacob,
    If you have not already, please open a Service Request because I
    will need to get more information to help resolve this issue.

    --

    Sincerely,
    Steven Williams
    Lead Software Engineer
    NetIQ
Children
No Data

Resources

Support
Documentation
Learning Services
Partner Programs
Privacy
Compliance
Help
Company
Privacy Policy
Terms of Use
Accessibility
Anti-Slavery Statement
Support
Contact Us
Careers
Code of Business Conduct and Ethics
The opinions expressed above are the personal opinions of the authors, not of OpenText. By using this site, you accept the Terms of Use. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.), Hewlett Packard Enterprise Company, or Micro Focus. As of January 31, 2023, the Material is now offered by OpenText, a separately owned and operated company. Any reference to the HP, Hewlett Packard Enterprise/HPE, and Micro Focus marks is historical in nature and the HP, Hewlett Packard Enterprise/HPE, and Micro Focus marks are the property of their respective owners.