Highlighted
Absent Member.
Absent Member.
418 views

IDM 4.0.2 Reporting Module - Unable to log in


Hello,

So, I just installed the reporting module on my IDM 4.0.2 - but I'm not
able to log into the reporting module. The strange thing is, that I was
able to just after I finished the installation. But as soon as I logged
out, and attemped to log back in, I got this error in my log:

WARN [RPT] [com.novell.idm.rpt.core.server.j2ee.AuthFilter:chec
kPermission] User CN=uaadmin,OU=sa,OU=entities,OU=idv,O=top has no
access rights.

I've found the other posts on the forum about the same error, and I've
tried all of the solutions suggested. Patching, reassigning the roles,
etc, but nothing works. The strange this is that it worked, and now it
doesn't.

The Data Collection Service Driver gives this error:

Subscriber Error: (Error 401) Could not connect to the URL
'http://10.50.0.11:8180/IDMRPT-CORE/rpt/idvs'. Unauthorized User Account
error</description>

I guess that is related to the same problem. It is as if the uaadmin
user has had it's rights revoked somehow, yet it has all of the roles
that it needs.

Thanks in advance.

Jacob.


--
jacmarpet
------------------------------------------------------------------------
jacmarpet's Profile: https://forums.netiq.com/member.php?userid=415
View this thread: https://forums.netiq.com/showthread.php?t=46624

Labels (1)
0 Likes
7 Replies
Highlighted
Knowledge Partner
Knowledge Partner

Re: IDM 4.0.2 Reporting Module - Unable to log in

Look at your RRSD driver, and ensure when you hit the User App WAR the
very first time, and User App generated all the nrfRequests for admin
roles in UA'land that it did not error on them.

I.e. UA thinks you have the roles assigned, but the nrfRequest failed to
be implemented by the RRSD driver.

Very common error. There is a configupdate.sh button somewhere that
requests a re-do of that step on the next UA WAR unpack. (Or so I am
told).

Often this will happen because RRSD says the user is out of scope and
refuses to implement the Role assignment. Like you defined
ou=Users,ou=Acme,dc=com, but your UAadmin is in ou=Servers,ou=acme,dc=com.



> So, I just installed the reporting module on my IDM 4.0.2 - but I'm not
> able to log into the reporting module. The strange thing is, that I was
> able to just after I finished the installation. But as soon as I logged
> out, and attemped to log back in, I got this error in my log:
>
> WARN [RPT] [com.novell.idm.rpt.core.server.j2ee.AuthFilter:chec
> kPermission] User CN=uaadmin,OU=sa,OU=entities,OU=idv,O=top has no
> access rights.
>
> I've found the other posts on the forum about the same error, and I've
> tried all of the solutions suggested. Patching, reassigning the roles,
> etc, but nothing works. The strange this is that it worked, and now it
> doesn't.
>
> The Data Collection Service Driver gives this error:
>
> Subscriber Error: (Error 401) Could not connect to the URL
> 'http://10.50.0.11:8180/IDMRPT-CORE/rpt/idvs'. Unauthorized User Account
> error</description>
>
> I guess that is related to the same problem. It is as if the uaadmin
> user has had it's rights revoked somehow, yet it has all of the roles
> that it needs.
>
> Thanks in advance.
>
> Jacob.
>
>


0 Likes
Highlighted
Absent Member.
Absent Member.

Re: IDM 4.0.2 Reporting Module - Unable to log in


I have checked on the user. He does have the nrfAssignedRoles and
nrfMemberOf set for all of the administrative roles. The reportAdmin
object does have the user in it's Eqivalent To Me attribute list, and so
does the rest of the admin roles. You say that there is some sort
configupdate.sh button? Do you mean a button in the UA? I have run the
configupdate.sh command multiple times, and reassigned the roles to the
user. I followed a guide presented in another forum post, where you also
remove a XML entity, to make the system think the administrative roles
hasn't been assigned yet. He did get them, but that did not solve the
problem. I'm not sure what to do. I've done the complete installation
twice now with no luck.


--
jacmarpet
------------------------------------------------------------------------
jacmarpet's Profile: https://forums.netiq.com/member.php?userid=415
View this thread: https://forums.netiq.com/showthread.php?t=46624

0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

Re: IDM 4.0.2 Reporting Module - Unable to log in

On 1/25/2013 2:54 AM, jacmarpet wrote:
>
> I have checked on the user. He does have the nrfAssignedRoles and
> nrfMemberOf set for all of the administrative roles. The reportAdmin
> object does have the user in it's Eqivalent To Me attribute list, and so
> does the rest of the admin roles. You say that there is some sort
> configupdate.sh button? Do you mean a button in the UA? I have run the
> configupdate.sh command multiple times, and reassigned the roles to the
> user. I followed a guide presented in another forum post, where you also
> remove a XML entity, to make the system think the administrative roles
> hasn't been assigned yet. He did get them, but that did not solve the
> problem. I'm not sure what to do. I've done the complete installation
> twice now with no luck.


as a vague memory, Reporting needed two admin roles? Reporting and
something else... Or am I remembering wrong?

0 Likes
Highlighted
Absent Member.
Absent Member.

Re: IDM 4.0.2 Reporting Module - Unable to log in


I am not sure, but the user has all of them.


--
jacmarpet
------------------------------------------------------------------------
jacmarpet's Profile: https://forums.netiq.com/member.php?userid=415
View this thread: https://forums.netiq.com/showthread.php?t=46624

0 Likes
Highlighted
Absent Member.
Absent Member.

Re: IDM 4.0.2 Reporting Module - Unable to log in

On 01/25/2013 07:34 AM, jacmarpet wrote:
>
> I am not sure, but the user has all of them.
>
>

Greetings,

1) To access the Reporting Module, the user only has to have the Report
Admin Role

2) What port is JBoss running on?

3) Did I understand your post correctly:
a) Installation completed without error
b) Logged into UserApp and all 9 Admin Roles were assigned
c) Logged into Reporting
d) Logged out of Reporting
e) Tried to login into Reporting again and received the error



--

Sincerely,
Steven Williams
Lead Software Engineer
NetIQ
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: IDM 4.0.2 Reporting Module - Unable to log in


Hello Steven,

JBoss is running on port 8180.

Installation had no errors.
uaadmin has all 9 admin roles.
And yes, I was able to log into Reporting, just after the installation.
I then logged out and attempted to log back in, and then the user did
not have the sufficient rights to log in.

Jacob.


--
jacmarpet
------------------------------------------------------------------------
jacmarpet's Profile: https://forums.netiq.com/member.php?userid=415
View this thread: https://forums.netiq.com/showthread.php?t=46624

0 Likes
Highlighted
Absent Member.
Absent Member.

Re: IDM 4.0.2 Reporting Module - Unable to log in

On 01/28/2013 02:44 AM, jacmarpet wrote:
>
> Hello Steven,
>
> JBoss is running on port 8180.
>
> Installation had no errors.
> uaadmin has all 9 admin roles.
> And yes, I was able to log into Reporting, just after the installation.
> I then logged out and attempted to log back in, and then the user did
> not have the sufficient rights to log in.
>
> Jacob.
>
>

Greetings Jacob,
If you have not already, please open a Service Request because I
will need to get more information to help resolve this issue.

--

Sincerely,
Steven Williams
Lead Software Engineer
NetIQ
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.