APAR status
Closed as program error.
Error description
Apache Tomcat LDAPLocalGroup realm authentication configuration causes HTTP Status 403 - CRJAZ1394E errors in CLM 4.x CLM 4.x Any OS Description of the problem: Once the Apache Tomcat LDAPLocalGroup realm authentication configuration has been set and the application server restarted., the jtsadmin could not login to the jts/admin console without having a backing JazzAdmins group within the Active Directory.? Once the JazzAdmins group in Active Directory was added to the jtsadmin account, the jtsadmin could login and review the rest of the user's groups for all of the entries within the mapping.csv file.? Checking the users to the groups specified within the mapping.csv file showed that the entries were being parsed and applied correctly:? HOWEVER, when a user (who has correct permissions to access a Project Area and their dashboard) tries to login to ccm, the following error is seen: ?? HTTP Status 403 - CRJAZ1394E The user 'xxxxxxx' is not a member of any Jazz J2EE roles but must be a member of one to access the repository. Given the above behavior., the problem is that the group information does not get applied unless there are backing groups in the Active Directory: The groups show up in the user editor, but the user cannot perform restricted operations. Workaround: None https://jazz.net/jazz/resource/itemName/com.ibm.team.workitem.Wo rkItem/267700
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: * **************************************************************** * PROBLEM DESCRIPTION: * **************************************************************** * RECOMMENDATION: * **************************************************************** The group information from Tomcat 7 does not get applied unless there are backing groups in the Active Directory: The groups show up in the user editor, but the user cannot perform restricted operations.
Problem conclusion
Fixes Local Role Mapping in product
Temporary fix
Comments
APAR Information
APAR number
PM90333
Reported component name
RATL TEAM CONCE
Reported component ID
5724V0400
Reported release
401
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2013-06-03
Closed date
2013-09-07
Last modified date
2013-09-07
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
RATL TEAM CONCE
Fixed component ID
5724V0400
Applicable component levels
R401 PSN
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSCP65","label":"Rational Team Concert"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"4.0.1","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}}]
Document Information
Modified date:
07 September 2013