The Spectrum OneClick tomcat log file shows findUserGroup : javax.naming.NameNotFoundException

Products

Network Observability Spectrum

Issue/Introduction

When using the LDAP group mappings functionality you will see the following error in the tomcat log if you have a non LDAP user in Spectrum:

2025-07-11 00:25:04,707 [https-jsse-nio-8443-exec-23] WARN com.aprisma.errorlog - Exception occcured in findUserGroup : javax.naming.NameNotFoundException

at com.aprisma.spectrum.app.web.servlet.container.SpectrumJNDIRealm.getUserBySearch(SpectrumJNDIRealm.java:1490)

at com.aprisma.spectrum.app.web.servlet.container.SpectrumJNDIRealm.getUser(SpectrumJNDIRealm.java:1317)

at com.aprisma.spectrum.app.web.servlet.container.SpectrumJNDIRealm.verifyUser(SpectrumJNDIRealm.java:1240)

at com.aprisma.spectrum.app.web.servlet.container.SpectrumJNDIRealm.findUserGroup(SpectrumJNDIRealm.java:1675)

at com.aprisma.spectrum.app.web.servlet.container.SecuritySpSSORB.initModelDomains(SecuritySpSSORB.java:1338)

at com.aprisma.spectrum.app.web.servlet.container.SecuritySpSSORB.getUserRoles(SecuritySpSSORB.java:1755)

at com.aprisma.tomcat.realm.SecurityRealm.authenticate(SecurityRealm.java:206)

at org.apache.catalina.realm.CombinedRealm.authenticate(CombinedRealm.java:154)

at com.aprisma.tomcat.authenticator.SpectrumLockOutRealm.authenticate(SpectrumLockOutRealm.java:108)

at com.aprisma.tomcat.authenticator.SpectrumAuthenticator.doBasicAuthentication(SpectrumAuthenticator.java:174)

at com.aprisma.tomcat.authenticator.SpectrumAuthenticator.doAuthenticate(SpectrumAuthenticator.java:78)

at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:563)

at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:130)

at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93)

at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:656)

at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)

at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:346)

at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:397)

at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63)

at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:935)

at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1792)

at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52)

at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1189)

at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:658)

at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:63)

at java.base/java.lang.Thread.run(Thread.java:840)

Cause

Since the user does not exist in LDAP the group mapping search fails which generates the exception.

Resolution

In NetOps 24.3.12 and above the WARN part of the message will show however the exception will no longer print. The log will show:

2025-07-11 00:25:04,707 [https-jsse-nio-8443-exec-23] WARN com.aprisma.errorlog - Exception occcured in findUserGroup : javax.naming.NameNotFoundException

Additional Information

https://techdocs.broadcom.com/us/en/ca-enterprise-software/it-operations-management/dx-netops/24-3/Fault-Monitoring-with-DX-Spectrum/administrating/oneclick-administration/oneclick-administration-pages.html#concept.dita_99bd4cd8af497f4501d74d0457df4a5fc66ed4b4_LDAPConfigurationPage

LDAP User Group Authentication
A user can log in to Spectrum when it is integrated with LDAP, even if the user is not present in Spectrum. The user is automatically created in Spectrum during the first login. However, only those users who are part of the configured LDAP user groups in Spectrum can log in automatically.
In Spectrum, the administrator must manually create a user group in all the landscapes with the same group name and required privileges as present in LDAP.