DX Application Performance Management

Expand all | Collapse all

Error when using external LDAP group with EEM

Jump to Best Answer
  • 1.  Error when using external LDAP group with EEM

    Posted 04-07-2016 07:28 PM

    Has anyone seen this when you used external LDAP directory with EEM to autheticate users for CA APM. So I added the LDAP group for but users in that group get this errrors when they try to log in "[DEBUG] [PO:main Mailman 7] [Manager.EemRealm] EEM failed .



  • 2.  Re: Error when using external LDAP group with EEM
    Best Answer

    Posted 04-07-2016 08:09 PM

    Hi Tes,

    If you have Multiple Domains (Forest) option enabled in EEM that could be a possible root cause. See this KB for details:

    http://www.ca.com/us/support/ca-support-online/product-content/knowledgebase-articles/tec1870648.aspx

     

    If not applicable then probably best to raise a case with Support so an APM engineer can diagnose the logs in more detail & involve an EEM Engineer if required.

     

    Hope this helps

     

    Lynn



  • 3.  Re: Error when using external LDAP group with EEM

    Posted 04-08-2016 03:45 AM

    Hi Tesleem,


    I agree with Lynn, many customers have been affected by the Multiple Domains (Forest) feature being enabled. If that is your case, you should disable it.

    http://www.ca.com/us/support/ca-support-online/product-content/knowledgebase-articles/tec1870648.aspx

     

    Make sure to restart the EEM and APM EM services

    To restart EEM In Windows:

    net stop igateway

    start: net start igateway

     

    In Linux:

    from the iTechnology folder...

    ./S99igateway stop

    ./S99igateway start

     

    You can also try to login directly to the EEM UI with your ID/user account. This will help you confirm if the problem is related to EEM only.

     

    If the problem persists,

     

    1) Go to the EEM Server:

     

    Enabling TRACE logging for ipoz:

    a) Go to $EIAM_HOME/config/logger

    b) In the sever.xml file replace info or error with trace as shown below:

    <logger name="eiam.server.ipoz" additivity="false">

    <level value="trace"/>

    <appender-ref ref="ipoz" />

    </logger>

    <logger name="eiam.server.ldap" additivity="false">

    <level value="trace"/>

    <appender-ref ref="ldap" />

    </logger>

    <logger name="eiam.server.performance" additivity="false">

    <level value="trace"/>

    <appender-ref ref="performance" />

    </logger>

    c) Save the changes.

     

    2) Go to the Introscope EM server,

     

    Add the below lines to the IntroscopeEntrerpriseManager.properties file:

     

    log4j.logger.Manager.EemRealm=DEBUG

    log4j.logger.additivity.Manager.EemRealm=false

     

    Save and close the file

     

    3) Reproduce the issue

    -login to the EEM UI with your ID . Note the time

    -login to the APM Client (Workstation, Webview or CEM console) with your ID. Note the time

     

    4) Once this is done, reverse the above steps in order to set the logging back to their defaults.

     

    5) Open a support case and attach:

    - *.logs and *.conf under %EIAM_HOME% folder from the EEM server

    - <EM_HOME>\logs , <EM_HOME>\config\realms and <EM_HOME>\config\domains.xml from the APM EM server.

     

    Regards,

    Sergio



  • 4.  Re: Error when using external LDAP group with EEM

    Posted 04-08-2016 04:17 AM

    H I Tesleem:

    Let us know if the answers provided answer the question. Else as suggested, please open up a case.



  • 5.  Re: Error when using external LDAP group with EEM

    Posted 04-11-2016 01:35 PM

    Thanks Lynn, Sergio and Hallet. Switching to Basic LDAP Directory fixed the issue. Members of external LDAP group are now able to log in as once they are added to the right domain policy.

     

    Thanks guys