Has anyone seen this when you used external LDAP directory with EEM to autheticate users for CA APM. So I added the LDAP group for but users in that group get this errrors when they try to log in "[DEBUG] [PO:main Mailman 7] [Manager.EemRealm] EEM failed .
If you have Multiple Domains (Forest) option enabled in EEM that could be a possible root cause. See this KB for details:
If not applicable then probably best to raise a case with Support so an APM engineer can diagnose the logs in more detail & involve an EEM Engineer if required.
Hope this helps
I agree with Lynn, many customers have been affected by the Multiple Domains (Forest) feature being enabled. If that is your case, you should disable it.
Make sure to restart the EEM and APM EM services
To restart EEM In Windows:
net stop igateway
start: net start igateway
from the iTechnology folder...
You can also try to login directly to the EEM UI with your ID/user account. This will help you confirm if the problem is related to EEM only.
If the problem persists,
1) Go to the EEM Server:
Enabling TRACE logging for ipoz:
a) Go to $EIAM_HOME/config/logger
b) In the sever.xml file replace info or error with trace as shown below:
<logger name="eiam.server.ipoz" additivity="false">
<appender-ref ref="ipoz" />
<logger name="eiam.server.ldap" additivity="false">
<appender-ref ref="ldap" />
<logger name="eiam.server.performance" additivity="false">
<appender-ref ref="performance" />
c) Save the changes.
2) Go to the Introscope EM server,
Add the below lines to the IntroscopeEntrerpriseManager.properties file:
Save and close the file
3) Reproduce the issue
-login to the EEM UI with your ID . Note the time
-login to the APM Client (Workstation, Webview or CEM console) with your ID. Note the time
4) Once this is done, reverse the above steps in order to set the logging back to their defaults.
5) Open a support case and attach:
- *.logs and *.conf under %EIAM_HOME% folder from the EEM server
- <EM_HOME>\logs , <EM_HOME>\config\realms and <EM_HOME>\config\domains.xml from the APM EM server.
H I Tesleem:
Let us know if the answers provided answer the question. Else as suggested, please open up a case.
Thanks Lynn, Sergio and Hallet. Switching to Basic LDAP Directory fixed the issue. Members of external LDAP group are now able to log in as once they are added to the right domain policy.