mjuricek1 Absent Member.
Absent Member.
683 views

Effective right for uaadmin are not set


Hi all,

I have a very interesting issue. I installed IDM 4.5 (standalone
installation) but uaadmin has no effective rights in the UA. I tried to
reinstall UA, also I removed DB before and install it, I double checked
UA and Resource drivers (seems to be OK) and I cannot find where the
problem is. I see the following errors in the tomcat log files but I do
not know how to solve it.
Please, may you help me?

The part of Tomcat Log is here:

2015-05-07 17:04:07,647 [localhost-startStop-1] INFO
com.novell.idm.security.authorization.service.AuthorizationManagerService-
[RBPM] [Create_Authorization] Initiated by
com.novell.idm.security.authorization.service.AuthorizationManagerService;
Auth Object ID: cn=UserR
eportsMenu,cn=NavItems,cn=UIConfig,cn=AppConfig,cn=UserApplication,cn=driverset,ou=idm,ou=services,o=system;
Message: Authorization created successfully

2015-05-07 17:04:07,657 [localhost-startStop-1] ERROR
com.novell.idm.security.authorization.service.AuthorizationManagerService-
[RBPM] Error upon setting effective rights for attribute:
nrfAccessListNavItem on object:
cn=SelfService,cn=NavItems,cn=UIConfig,cn=AppConfig,
cn=UserApplication,cn=driverset,ou=idm,ou=services,o=system for trustee:
t=ZDS.
com.novell.srvprv.spi.security.IDMAuthorizationException: Error upon
setting effective rights for attribute: nrfAccessListNavItem on object:
cn=SelfService,cn=NavItems,cn=UIConfig,cn=AppConfig,cn=UserApplication,cn=driverset,ou=idm,ou=services,o=system
for trustee: t=ZDS
..
at
com.novell.idm.security.authorization.ldap.LdapRightsUtil.setACL(LdapRightsUtil.java:245)
at
com.novell.idm.security.authorization.service.AuthorizationManagerService.addAuthorization(AuthorizationManagerService.java:362)
at
com.novell.idm.security.authorization.service.AuthorizationManagerService.populateDefaultACLs(AuthorizationManagerService.java:1503)
....
....
at java.lang.Thread.run(Unknown Source)
Caused by: com.novell.srvprv.spi.security.IDMAuthorizationException:
Error occured calculating effective rights for attribute: [Entry Rights]
on object:
cn=SelfService,cn=NavItems,cn=UIConfig,cn=AppConfig,cn=UserApplication,cn=driverset,ou=idm,ou=services,o=system
for trustee: t=ZDS.
at
com.novell.idm.security.authorization.ldap.LdapRightsUtil.getPropertyRights(LdapRightsUtil.java:149)
at
com.novell.idm.security.authorization.ldap.LdapRightsUtil.setACL(LdapRightsUtil.java:210)
.... 33 more
Caused by: javax.naming.NameNotFoundException: [LDAP: error code 32 -
NDS error: no such entry (-601)]; remaining name ''
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)


....

....

2015-05-07 17:04:07,659 [localhost-startStop-1] INFO
com.novell.idm.security.authorization.service.AuthorizationManagerService-
[RBPM] [Create_Authorization] Initiated by
com.novell.idm.security.authorization.service.AuthorizationManagerService;
Auth Object ID:
cn=SelfService,cn=NavItems,cn=UIConfig,cn=AppConfig,cn=UserApplication,cn=driverset,ou=idm,ou=services,o=system;
Message: Error occurred on creating authorization

2015-05-07 17:04:07,678 [localhost-startStop-1] ERROR
com.novell.idm.security.authorization.service.AuthorizationManagerService-
[RBPM] Error upon setting effective rights for attribute:
nrfAccessListNavItem on object:
cn=WorkDashBoard,cn=NavItems,cn=UIConfig,cn=AppConfig,cn=UserApplication,cn=driverset,ou=idm,ou=services,o=system
for trustee: t=ZDS.
com.novell.srvprv.spi.security.IDMAuthorizationException: Error upon
setting effective rights for attribute: nrfAccessListNavItem on object:
cn=WorkDashBoard,cn=NavItems,cn=UIConfig,cn=AppConfig,cn=UserApplication,cn=driverset,ou=idm,ou=services,o=system
for trustee: t=ZDS.
at
com.novell.idm.security.authorization.ldap.LdapRightsUtil.setACL(LdapRightsUtil.java:245)

....


Thank you for your help!
Milan


--
mjuricek
------------------------------------------------------------------------
mjuricek's Profile: https://forums.netiq.com/member.php?userid=1616
View this thread: https://forums.netiq.com/showthread.php?t=53449

Labels (1)
0 Likes
1 Reply
mjuricek1 Absent Member.
Absent Member.

Re: Effective right for uaadmin are not set


Hi,

so I found out a solution 🙂 The error, which I posted here, does not
cause the problem with effective rights. I double checked the Role and
Resource driver and UA driver configuration (and traces) and I set bad
DN. UAADMIN user was out of scope. Now, it is working.

M.


--
mjuricek
------------------------------------------------------------------------
mjuricek's Profile: https://forums.netiq.com/member.php?userid=1616
View this thread: https://forums.netiq.com/showthread.php?t=53449

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.