We have successfully integrated LDAP with Introscope and able to authenticate at User(username) level.
Now, I am trying to implement authentication at Group Level. Below are the issues that I have came across:
1) Permission -"read" stated invalid in logs - em.log
Introscope Enterprise Manager failed to start because:
Invalid permission "read" for user "MNOP1-ABC-XYZ-Support-Team" in resource "Server Resource".
./EMCtrl.sh status: Enterprise Manager stopped
2) Permission - "full" is working but still Group members/users are unable to login. - em.log
INFO: Application context successfully refreshed -(OsgiBundleXmlApplicationContext(bundle=com.wily.apm.em.monitor.config, config=osgibundle:/META-INF/spring/*.xml))
8/16/16 02:19:49.059 PM CEST [ERROR] [main] [Manager] The EM failed to start. Local Users and Groups realm is misconfigured. Error using new settings for Realm: Non existent user "123456789" referenced in "MNOP1-ABC-XYZ-Support-Team" group.
8/16/16 02:19:49.082 PM CEST [INFO] [main] [Manager] Shutting down the Isengard server
8/16/16 02:19:49.285 PM CEST [INFO] [main] [Manager] Orderly shutdown complete.
Regarding, 2nd issue I have searched in communities and got that realms.xml is misconfigured and needs to be corrected.
Can you please suggest what all modifications would be require.I have attached the realm sample file for your reference.
Appreciate your earliest response !
Thanks & Regards,
What product and release are you using as a LDAP Server?
Check this thread, it might be able to help,
For configuring LDAP Groups, I have mentioned a group id in domains.xml and server.xml. When I am trying to logon using my userid, its showing :
8/24/16 11:44:47.852 AM CEST [WARN] [WebView] User has no read permissions in any domain: 310196378 in logs.
Do I need to mention user id separately in domains.xml
Several responses were given including one that had some good leads on this topic. Since we have heard nothing further from you, this thread is being marked as answered. You are welcome to follow up with additional questions or opening up a case as needed