I installed USS pointing to EEM local database and admin access is OK.
Now I configured EEM to point to AD directory, and I created the same logins in AD.
After change I was able to log to USS but the user is no longer USS admin.
How can I put the user as USS admin again?
There is a long approach for this from the backend...
No longer have admin rights in Unified Self Service
There was a discussion internally about another approach too, I have not tested this but it might work, it talks about a broken LDAP integration, in your case its EEM integration. Basically the auth schema is forcing it to lose admin privileges. userids are the userids from USS_MDB.user_ table for whichever user who needs to get admin privileges in USS>
Omniadmin users are allowed to log in even if the integration with LDAP is broken. This allows to use this administrator accounts to fix the problem. The default user created with liferay (firstname.lastname@example.org) is an example of an omniadmin users. Others can be configured in portal.properties (or portal-ext.properties) indicating a comma separated list of user ids:
4.2.X and before
Restart of USS is needed
Another way : how to disable NTLM/EEM authentication without using the Control Panel?
change some of these settings is via the OSOP_Install_Dir/PortalExt.Properties file
company.security.auth.type=screenName## Allowed case sensitive values: screenName userId emailAddress<tenant-web-id>.eem.ntlm.authentication.enabled=false## Allowed case sensitive values: true or false
Restart USS after making the change
Please let us know if the information provided by Raghu worked for you so we can mark it as the right answer. Otherwise, you could be opening a new case in support so we can assist you if needed.
An article with the information above was created and can be viewed below:
How can I log into Unified Self Service (USS) if t - CA Knowledge
Putting this omniadmin.users in config file worked.
Baymetrics | Alameda Mamoré, 503 CJ33 - Alphaville -Barueri - SP - Brasil
E email@example.com<mailto:firstname.lastname@example.org> | T +55 (11) 3181-8444 | M +55 (11) 95082-8573
This email is sent on behalf of Baymetrics Technology or one of its group companies in the territory from where this email has been sent. The email and any files transmitted with it are confidential and solely for the use of the intended recipient. If you have received this email in error please delete this email immediately and notify the sender.
De: RobertoBenatti <email@example.com>
Enviada em: segunda-feira, 21 de janeiro de 2019 11:51
Para: Paulo Freire <firstname.lastname@example.org>
Assunto: Re: - Re: USS Admin User
CA Communities <https://communities.ca.com/?et=watches.email.thread>
Re: USS Admin User
reply from Roberto Porto Benatti<https://communities.ca.com/people/RobertoBenatti?et=watches.email.thread> in CA Service Management - View the full discussion<https://communities.ca.com/message/242162103-re-uss-admin-user?commentID=242162103&et=watches.email.thread#comment-242162103>