Attempts to login fails with "unknown user" error when using IBM WebSphere ILOG Rule Team Server for .NET.
Although all wizard tests were validated, any attempt to login returns an "unknown user" error.
One possible cause is that your Active Directory group policy restricts query on group membership.
Microsoft Active Directory
Diagnosing the problem
From the LDAP Viewer in WASCE Admin console, connect to your AD and search from the Role base (as set in the wizard), then in the filter set (member=DistinguishedName). If no group DN is returned, your Active Directory is likely subject to the aforementioned restriction.
If this is not the case, refer to the documents AD configuration for RTS.NET and Configure multiple realm binding for RTS.NET for detailed instructions on RTS.NET security configuration.
Resolving the problem
In order to workaround the restriction you can set the following in the Administration Console under Security Realms/ldap-realm :
Change in Configuration Options:
- roleName=cn to roleName=
- userRoleName= to userRoleName=memberOf
This will force the LDAP to retrieve the group information from your account instead of browsing groups. The field indicates group name. Check from a LDAP Viewer under which name your membership is listed (AD default is memberOf).
Once this changes are saved, you must restart the LDAP services (console.realm/ldap-realm/1.0/car) in Applications/System Modules, and teamserver in Applications/Web App WARs .
For further information see Retrieving LDAP User Roles.
|Business Integration||WebSphere ILOG Rule Team Server||Windows||7.1|