Upon logging in the users are getting generic login errors
search cancel

Upon logging in the users are getting generic login errors

book

Article ID: 270164

calendar_today

Updated On:

Products

CA Application Performance Management (APM / Wily / Introscope)

Issue/Introduction

I have added some AD security groups to specific Universes but upon logging in the users are getting generic login errors

You will see the following type of message in the IntroscopeWebView.log

User has no read permissions in any domain

Environment

  • Release: 10.8

Resolution

When you login, APM will try to find the name of the user. For that user, it will check the memberOf attribute. If the user is a member of wilygroup, it will run the groupObjectQuery to locate the wilygroup object, then run the groupMemberQuery to check that the user is a member of the group.

APM is using the groupMemberQuery in the relams.xml file to determine if the user belongs to that group.  If the query can not find the group, it will return that error.

You will see the following type of message in the IntroscopeWebView.log

User has no read permissions in any domain

How to determine and setup the value for the <property name="groupObjectQuery"> and <property name="groupMemberQuery"> in the realms.xml for LDAP authentication:

Use LDAP Admin tool which is free to download

Connect to your LDAP and select the group to which the users belong to.

Example: I have a user belonging to a group called xxxuser

I use the LDAP Admin to get the info for the above properties

 

Here are the entries for the <property name="groupObjectQuery"> and <property name="groupMemberQuery">

<property name="groupMemberQuery">

            <value>(&amp;(objectClass=group)(member={0}))</value>

</property>

 

<property name="groupObjectQuery">

            <value>(&amp;(objectClass=group)(cn={0}))</value>

</property>

 

Here is the domains.xml content

<?xml version="1.0" encoding="UTF-8"?>

<domains xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

         xsi:noNamespaceSchemaLocation="domains0.3.xsd"

         version="0.3">

    <SuperDomain>

        <agent mapping="(.*)"/>

        <grant group="<user>" permission="full"/>

        <grant user="<username>" permission="read"/>

                                <grant group="<xxxuser>" permission="read"/>

    </SuperDomain>

</domains>

Here is the server.xml content

<?xml version="1.0" encoding="UTF-8"?>

<server xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

        xsi:noNamespaceSchemaLocation="server0.2.xsd"

        version="0.2">

    <grant group="Admin" permission="full"/>

</server>

Attachments

1689881071557__How to determine and setup LDAP Group authentication.docx get_app
Powered by Wolken Software