Super user gets lost after successfully changing realm from Database to LDAP
Article ID: KB0084543
Updated On:
| Products | Versions |
|---|---|
| TIBCO ActiveMatrix Service Grid | - |
| TIBCO BPM Enterprise (formerly TIBCO ActiveMatrix BPM) | - |
| TIBCO ActiveMatrix BusinessWorks Service Engine | - |
Description
Description:
We successfully changed ActiveMatrix (AMX) Administrator realm from Database to LDAP by running "ant -v -f bootstrap-edit-build.xml edit-authrealm-ldap". There is no super user available after logging in to Administrator.
Symptoms:
We successfully changed the ActiveMatrix Administrator realm from Database to LDAP by running "ant -v -f bootstrap-edit-build.xml edit-authrealm-ldap". There is no super user available after logging in to Administrator.
Cause:
Just like configuring the LDAP realm through the TIBCO Configuration Tool (TCT), the original bootstrap user needs to be available in LDAP before changing the realm from Database to LDAP.
We successfully changed ActiveMatrix (AMX) Administrator realm from Database to LDAP by running "ant -v -f bootstrap-edit-build.xml edit-authrealm-ldap". There is no super user available after logging in to Administrator.
Symptoms:
We successfully changed the ActiveMatrix Administrator realm from Database to LDAP by running "ant -v -f bootstrap-edit-build.xml edit-authrealm-ldap". There is no super user available after logging in to Administrator.
Cause:
Just like configuring the LDAP realm through the TIBCO Configuration Tool (TCT), the original bootstrap user needs to be available in LDAP before changing the realm from Database to LDAP.
Issue/Introduction
Super user gets lost after successfully changing realm from Database to LDAP
Resolution
This article only applies to applicable products with TIBCO ActiveMatrix 3.1.x. For TIBCO ActiveMatrix 3.2 and later, a new TCT wizard was introduced to edit the AMX Administrator realm. The prerequisites discussed in this article are also available in the product documentation.
Here is the resolution
==================
Given that AMX user may not have LDAP Administrator privileges to create new entries, the following prerequisite steps need to be performed. In this scenario, we assume original bootstrap user as ‘root’ and the new super user in LDAPas ‘zTibcoAdm’.
1). Before executing bootstrap-edit-build.xml, login to AMX admin with bootstrap ‘root’ and create a new user ‘zTibcoAdm’ (with any password).
2). Add ‘zTibcoAdm’ to Superusers.
3). Execute bootstrap-edit-build.xml as documented.
4). Login to AMX Admin with ‘zTibcoAdm’ and the password specified in LDAP.
5). Delete ‘root’ from Superusers.
Here is the resolution
==================
Given that AMX user may not have LDAP Administrator privileges to create new entries, the following prerequisite steps need to be performed. In this scenario, we assume original bootstrap user as ‘root’ and the new super user in LDAPas ‘zTibcoAdm’.
1). Before executing bootstrap-edit-build.xml, login to AMX admin with bootstrap ‘root’ and create a new user ‘zTibcoAdm’ (with any password).
2). Add ‘zTibcoAdm’ to Superusers.
3). Execute bootstrap-edit-build.xml as documented.
4). Login to AMX Admin with ‘zTibcoAdm’ and the password specified in LDAP.
5). Delete ‘root’ from Superusers.
Feedback
Yes
No
Powered by
