PM90333: [wi 267700] Apache Tomcat LDAPLocalGroup realm authentication causes HTTP Status 403 - CRJAZ1394E errors in CLM 4.x

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

APAR status

  • Closed as program error.

Error description

  • Apache Tomcat LDAPLocalGroup realm authentication configuration
    causes HTTP Status 403 - CRJAZ1394E errors in CLM 4.x
    
    
    
    CLM 4.x
    Any OS
    
    
    
    Description of the problem:
    
    Once the Apache Tomcat LDAPLocalGroup realm authentication
    configuration has been set and the application server
    restarted., the jtsadmin could not login to the jts/admin
    console without having a backing JazzAdmins group within the
    Active Directory.? Once the JazzAdmins group in Active Directory
    was added to the jtsadmin account, the jtsadmin could login and
    review the rest of the user's groups for all of the entries
    within the mapping.csv file.? Checking the users to the groups
    specified within the mapping.csv file showed that the entries
    were being parsed and applied correctly:? HOWEVER, when a user
    (who has correct permissions to access a Project Area and their
    dashboard) tries to login to ccm, the following error is seen:
    
    ?? HTTP Status 403 - CRJAZ1394E The user 'xxxxxxx' is not a
    member of any Jazz J2EE roles but must be a member of one to
    access the repository.
    
    Given the above behavior., the problem is that the group
    information does not get applied unless there are backing groups
    in the Active Directory:  The groups show up in the user editor,
    but the user cannot perform restricted operations.
    
    
    Workaround:  None
    
    https://jazz.net/jazz/resource/itemName/com.ibm.team.workitem.Wo
    rkItem/267700
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:                                              *
    ****************************************************************
    * PROBLEM DESCRIPTION:                                         *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    The group information from Tomcat 7 does not get applied
    unless there are backing groups in the Active Directory:
    The groups show up in the user editor, but the user cannot
    perform restricted operations.
    

Problem conclusion

  • Fixes Local Role Mapping in product
    

Temporary fix

Comments

APAR Information

  • APAR number

    PM90333

  • Reported component name

    RATL TEAM CONCE

  • Reported component ID

    5724V0400

  • Reported release

    401

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2013-06-03

  • Closed date

    2013-09-07

  • Last modified date

    2013-09-07

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    RATL TEAM CONCE

  • Fixed component ID

    5724V0400

Applicable component levels

  • R401 PSN

       UP



Rate this page:

(0 users)Average rating

Document information


More support for:

Rational Team Concert

Software version:

4.0.1

Reference #:

PM90333

Modified date:

2013-09-07

Translate my page

Machine Translation

Content navigation