LDAP Connectivity: " Workstation does not have permission to connect to the Registry"
search cancel

LDAP Connectivity: " Workstation does not have permission to connect to the Registry"


Article ID: 7933


Updated On:


CA Application Test CA Continuous Application Insight (PathFinder) Service Virtualization


Customer configured the  authentication-providers.xml file to connect to LDAP through DevTest.  When they tried to login to the workstation they are getting the pop-up message: " Workstation does not have permission to connect to the Registry". When they login through the portal,  they are able to login but all the tabs are greyed out. 

 The LDAP credentials were validated against JXplorer on the same machine where DevTest is running and everything is working fine.  The issue is happening only when user tries to login to DevTest workstation and the portal.  

 The ACL logs in lisa_tmp.x.x  folder  shows the following.  


INFO  com.ca.dts.security.authentication.internal.DevTestLdapAuthenticationProvider - Authentication successful for user 'QA-CALISA' with the 'ABC. LDAP Server' authentication provider.


2017-08-23 20:23:16,083Z (16:23) [ServerRequestResponder 5] DEBUG com.ca.dts.security.authentication.internal.DevTestLdapAuthenticationProvider - Loading group/member info for 'QA-CALISA'
2017-08-23 20:23:16,083Z (16:23) [ServerRequestResponder 5] DEBUG com.ca.dts.security.authentication.internal.DevTestLdapAuthenticationProvider - No values for 'memberOf' attribute.
2017-08-23 20:23:16,083Z (16:23) [ServerRequestResponder 5] DEBUG com.ca.dts.security.authentication.internal.utils.LdapHelper - Automatically adding users enabled: true
2017-08-23 20:23:16,192Z (16:23) [ServerRequestResponder 5] DEBUG org.springframework.security.ldap.userdetails.LdapUserDetailsMapper - Mapping user details from context with DN: cn=QA-CALISA,ou=Service Accounts,dc=devs,dc=COM...


All supported DevTest releases and platforms.


The LDAP connectivity strings and the parameters used in the authentication-providers.xml file are valid.  

But in the acl.log we noticed the below message:

2017-08-23 20:23:16,083Z (16:23) [ServerRequestResponder 5] DEBUG com.ca.dts.security.authentication.internal.DevTestLdapAuthenticationProvider - No values for 'memberOf' attribute.

 We verified this message with the customer and we came to know that the LDAP user or service-account user was not a member ANY group in LDAP and this caused the issue. 


An LDAP user or service-account user MUST be a member of at-least one LDAP group for authentication to work within DevTest.  After adding the user to a group, customer was able to login to the Workstation and the Portal fine.