PM90333: [wi 267700] Apache Tomcat LDAPLocalGroup realm authentication causes HTTP Status 403

APAR status

Closed as program error.

Error description

Apache Tomcat LDAPLocalGroup realm authentication configuration
causes HTTP Status 403 - CRJAZ1394E errors in CLM 4.x



CLM 4.x
Any OS



Description of the problem:

Once the Apache Tomcat LDAPLocalGroup realm authentication
configuration has been set and the application server
restarted., the jtsadmin could not login to the jts/admin
console without having a backing JazzAdmins group within the
Active Directory.? Once the JazzAdmins group in Active Directory
was added to the jtsadmin account, the jtsadmin could login and
review the rest of the user's groups for all of the entries
within the mapping.csv file.? Checking the users to the groups
specified within the mapping.csv file showed that the entries
were being parsed and applied correctly:? HOWEVER, when a user
(who has correct permissions to access a Project Area and their
dashboard) tries to login to ccm, the following error is seen:

?? HTTP Status 403 - CRJAZ1394E The user 'xxxxxxx' is not a
member of any Jazz J2EE roles but must be a member of one to
access the repository.

Given the above behavior., the problem is that the group
information does not get applied unless there are backing groups
in the Active Directory:  The groups show up in the user editor,
but the user cannot perform restricted operations.


Workaround:  None

https://jazz.net/jazz/resource/itemName/com.ibm.team.workitem.Wo
rkItem/267700

Local fix

Problem summary

****************************************************************
* USERS AFFECTED:                                              *
****************************************************************
* PROBLEM DESCRIPTION:                                         *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
The group information from Tomcat 7 does not get applied
unless there are backing groups in the Active Directory:
The groups show up in the user editor, but the user cannot
perform restricted operations.

Problem conclusion

```
Fixes Local Role Mapping in product
```

Temporary fix

Comments

APAR Information

APAR number
PM90333
Reported component name
RATL TEAM CONCE
Reported component ID
5724V0400
Reported release
401
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2013-06-03
Closed date
2013-09-07
Last modified date
2013-09-07

APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name
RATL TEAM CONCE
Fixed component ID
5724V0400

Applicable component levels

R401 PSN
UP

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSCP65","label":"Rational Team Concert"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"4.0.1","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}}]

Document Information

Modified date:
07 September 2013

Tips

PM90333: [wi 267700] Apache Tomcat LDAPLocalGroup realm authentication causes HTTP Status 403 - CRJAZ1394E errors in CLM 4.x

Subscribe

APAR status

Closed as program error.

Error description

Local fix

Problem summary

Problem conclusion

Temporary fix

Comments

APAR Information

APAR number

Reported component name

Reported component ID

Reported release

Status

PE

HIPER

Special Attention

Submitted date

Closed date

Last modified date

APAR is sysrouted FROM one or more of the following:

APAR is sysrouted TO one or more of the following:

Fix information

Fixed component name

Fixed component ID

Applicable component levels

R401 PSN

Document Information

Share your feedback

Need support?