Incorrectly setup LDAP Authentication in AMX Administrator and need to re-apply after reverting back changes.
Article ID: KB0089864
Updated On:
| Products | Versions |
|---|---|
| TIBCO ActiveMatrix Service Grid | - |
| TIBCO BPM Enterprise (formerly TIBCO ActiveMatrix BPM) | - |
| TIBCO ActiveMatrix BusinessWorks Service Engine | - |
Description
Resolution:
Problem Description
************************
Executed the CLI (Command Line Interface) scripts to switch the authentication realm from DB to LDAP without having the bootstrap user created in LDAP. Neither the LDAP user is added as the superuser in admin before executing the scripts. In this case the user will not be able to login to admin either using the previous superuser (initial bootstrap user) or the LDAP user.
Solution
**********
In version 3.2 and forward, the TCT tools should allow you to do most of the modification. For version 3.1.5, use the following solution.
You need to revert back the changes by executing the CLI scripts to switch the authentication realm from LDAP to DB (Database) and then switch to LDAP by re-apply the scripts in the correct manner. Here are the steps to revert back the authentication realm to DB and then switch back to LDAP :
Revert back to DB Auth:
1). Edit the file TIBCO_HOME/administrator/3.1/scripts/bootstrap-edit-build.properties. Specify the appropriate values for the following properties:
-instance.properties.file - the location of the remote_props.properties
[Note: Make sure the remote_props.properties file has the previous superuser credentials. For a safer approach, you can copy the username and password from <CONFIG-HOME>\tct\admin\<date-time>\scripts\admin-instance.properties and update the remote_props.properties accordingly].
tibco.config.mgmt.home - This is the same as CONFIG_HOME.
admin.enterprise.name - The enterprise name. (wrong name could corrupt the environment).
admin.instance.name - The name of the instance.(wrong name could corrupt the environment).
2). Edit the file TIBCO_HOME/administrator/3.1/scripts/edit-authrealm-external-database-data.xml to provide DB server connection settings under the tag <DbRealmDetails>. Make sure the dbUrl, InlineCredentials username and password are updated accordingly in this section.
Copy the AppDatabaseDetails tag from the original TCT scripts (<CONFIG-HOME>\tct\admin\<datetime>\scripts\integration_create_admin_data.xml) to edit-authrealm-external-database-data.xml. Paste it under the AdminConfigFolders tag as shown in the following example.
Example:
<AdminConfigFolders
instanceWorkFolder="${admin.enterprise.dir}/private/${admin.instance.name}"
sharedWorkFolder="${admin.enterprise.dir}/shared"
productStagingFolder="${TIBCO_HOME}" />
<!--Copied below AppDatabaseDetails section from <CONFIG-HOME>\tct\admin\<datetime>\scripts\integration_create_admin_data.xml
to edit-authrealm-external-database-data.xml-->
<AppDatabaseDetails schemaGeneration="update" name="tibco.admin.appdb" jndiName="AdminTeneoResource" dialect="com.tibco.amf.sharedresource.runtime.core.hibernate.dialects.Oracle10gDialect">
<TeneoResource xsi:type="amxdata_bootstrap:TeneoResource">
<advancedProperties xsi:type="amxdata_bootstrap:Properties">
<Property value="30" name="maximumSqlNameLength" xsi:type="amxdata_bootstrap:Property"/>
<Property value="uppercase" name="sqlCaseStratrgy" xsi:type="amxdata_bootstrap:Property"/>
<Property value="thread" name="currentSessionContextProvider" xsi:type="amxdata_bootstrap:Property"/>
<Property value="false" name="emapAsTrueMap" xsi:type="amxdata_bootstrap:Property"/>
<Property value="true" name="addIndexForForeignKey" xsi:type="amxdata_bootstrap:Property"/>
</advancedProperties>
</TeneoResource>
<JdbcResourceTemplate description="Database for AMX Application" name="ApplicationDB" xsi:type="amxdata_bootstrap:JdbcResourceTemplate" maxConnections="10">
<Direct loginTimeOut="30000" isTransactional="false" xsi:type="amxdata_bootstrap:Direct" dbUrl="${admin.db.url}" jdbcDriver="oracle.jdbc.OracleDriver"/>
<InlineCredentials username="testadmin" password="#!04rIfxmU4SvZQyt+PvqWyeyvt67/fNpm1pcX80J6r4c="/>
</JdbcResourceTemplate>
</AppDatabaseDetails>]
Note: Modify the ${admin.db.url} under the AppDatabaseDetails section with the actual dburl (jdbc:oracle:thin:@<hostname>:<port>:<SID>).
3). Once the files have been updated with the appropriate information, in the command prompt navigate to the folder "<tibco_home>/administrator/3.1/scripts" and run the following command to change the auth realm from LDAP to the DB server:
ant -f bootstrap-edit-build.xml edit-authrealm-external-database
[AdminBootstrapTask] DEBUG - *** instantiating action stopAdminNode of type AdminConfiguration *** [AdminBootstrapTask] TRACE - ActionFactory.createAction() returning in 4 milliseconds [AdminBootstrapTask] ERROR - Please see the cause for more details [AdminBootstrapTask] ERROR - com.tibco.amf.admin.api.core.exception.AdminException
********************
Ignore this exception and restart the systemnode from the tibcohost command using the following commands.
Navigate to tibcohost bin (CONFIG-HOME/tibcohost/<admin-instance>/host/bin)
./tibcohost stopNodes -nodeName SystemNode
./tibcohost startNodes -nodeName SystemNode
4). Log-in as root (previous superuser).
5). Add a new user with the same name as the one that exists in LDAP. Make this user a superuser.
6). Login to admin with the new superuser. Be sure the UI is accessible.
7). Modify the remote-props.properties file with the new superuser and switch to the LDAP realm by running the following command from the "<tibco_home>/administrator/<version>/scripts" folder.
ant -f bootstrap-edit-build.xml edit-authrealm-ldap
./tibcohost startNodes -nodeName SystemNode
Exception
****************
[AdminBootstrapTask] DEBUG - *** instantiating action stopAdminNode of type AdminConfiguration *** [AdminBootstrapTask] TRACE - ActionFactory.createAction() returning in 4 milliseconds [AdminBootstrapTask] ERROR - Please see the cause for more details [AdminBootstrapTask] ERROR - com.tibco.amf.admin.api.core.exception.AdminException
***************
Problem Description
************************
Executed the CLI (Command Line Interface) scripts to switch the authentication realm from DB to LDAP without having the bootstrap user created in LDAP. Neither the LDAP user is added as the superuser in admin before executing the scripts. In this case the user will not be able to login to admin either using the previous superuser (initial bootstrap user) or the LDAP user.
Solution
**********
In version 3.2 and forward, the TCT tools should allow you to do most of the modification. For version 3.1.5, use the following solution.
You need to revert back the changes by executing the CLI scripts to switch the authentication realm from LDAP to DB (Database) and then switch to LDAP by re-apply the scripts in the correct manner. Here are the steps to revert back the authentication realm to DB and then switch back to LDAP :
Revert back to DB Auth:
1). Edit the file TIBCO_HOME/administrator/3.1/scripts/bootstrap-edit-build.properties. Specify the appropriate values for the following properties:
-instance.properties.file - the location of the remote_props.properties
[Note: Make sure the remote_props.properties file has the previous superuser credentials. For a safer approach, you can copy the username and password from <CONFIG-HOME>\tct\admin\<date-time>\scripts\admin-instance.properties and update the remote_props.properties accordingly].
tibco.config.mgmt.home - This is the same as CONFIG_HOME.
admin.enterprise.name - The enterprise name. (wrong name could corrupt the environment).
admin.instance.name - The name of the instance.(wrong name could corrupt the environment).
2). Edit the file TIBCO_HOME/administrator/3.1/scripts/edit-authrealm-external-database-data.xml to provide DB server connection settings under the tag <DbRealmDetails>. Make sure the dbUrl, InlineCredentials username and password are updated accordingly in this section.
Copy the AppDatabaseDetails tag from the original TCT scripts (<CONFIG-HOME>\tct\admin\<datetime>\scripts\integration_create_admin_data.xml) to edit-authrealm-external-database-data.xml. Paste it under the AdminConfigFolders tag as shown in the following example.
Example:
<AdminConfigFolders
instanceWorkFolder="${admin.enterprise.dir}/private/${admin.instance.name}"
sharedWorkFolder="${admin.enterprise.dir}/shared"
productStagingFolder="${TIBCO_HOME}" />
<!--Copied below AppDatabaseDetails section from <CONFIG-HOME>\tct\admin\<datetime>\scripts\integration_create_admin_data.xml
to edit-authrealm-external-database-data.xml-->
<AppDatabaseDetails schemaGeneration="update" name="tibco.admin.appdb" jndiName="AdminTeneoResource" dialect="com.tibco.amf.sharedresource.runtime.core.hibernate.dialects.Oracle10gDialect">
<TeneoResource xsi:type="amxdata_bootstrap:TeneoResource">
<advancedProperties xsi:type="amxdata_bootstrap:Properties">
<Property value="30" name="maximumSqlNameLength" xsi:type="amxdata_bootstrap:Property"/>
<Property value="uppercase" name="sqlCaseStratrgy" xsi:type="amxdata_bootstrap:Property"/>
<Property value="thread" name="currentSessionContextProvider" xsi:type="amxdata_bootstrap:Property"/>
<Property value="false" name="emapAsTrueMap" xsi:type="amxdata_bootstrap:Property"/>
<Property value="true" name="addIndexForForeignKey" xsi:type="amxdata_bootstrap:Property"/>
</advancedProperties>
</TeneoResource>
<JdbcResourceTemplate description="Database for AMX Application" name="ApplicationDB" xsi:type="amxdata_bootstrap:JdbcResourceTemplate" maxConnections="10">
<Direct loginTimeOut="30000" isTransactional="false" xsi:type="amxdata_bootstrap:Direct" dbUrl="${admin.db.url}" jdbcDriver="oracle.jdbc.OracleDriver"/>
<InlineCredentials username="testadmin" password="#!04rIfxmU4SvZQyt+PvqWyeyvt67/fNpm1pcX80J6r4c="/>
</JdbcResourceTemplate>
</AppDatabaseDetails>]
Note: Modify the ${admin.db.url} under the AppDatabaseDetails section with the actual dburl (jdbc:oracle:thin:@<hostname>:<port>:<SID>).
3). Once the files have been updated with the appropriate information, in the command prompt navigate to the folder "<tibco_home>/administrator/3.1/scripts" and run the following command to change the auth realm from LDAP to the DB server:
ant -f bootstrap-edit-build.xml edit-authrealm-external-database
You may see an exception while stopping the SystemNode.
[AdminBootstrapTask] DEBUG - *** instantiating action stopAdminNode of type AdminConfiguration *** [AdminBootstrapTask] TRACE - ActionFactory.createAction() returning in 4 milliseconds [AdminBootstrapTask] ERROR - Please see the cause for more details [AdminBootstrapTask] ERROR - com.tibco.amf.admin.api.core.exception.AdminException
********************
Ignore this exception and restart the systemnode from the tibcohost command using the following commands.
Navigate to tibcohost bin (CONFIG-HOME/tibcohost/<admin-instance>/host/bin)
./tibcohost stopNodes -nodeName SystemNode
./tibcohost startNodes -nodeName SystemNode
4). Log-in as root (previous superuser).
5). Add a new user with the same name as the one that exists in LDAP. Make this user a superuser.
6). Login to admin with the new superuser. Be sure the UI is accessible.
7). Modify the remote-props.properties file with the new superuser and switch to the LDAP realm by running the following command from the "<tibco_home>/administrator/<version>/scripts" folder.
ant -f bootstrap-edit-build.xml edit-authrealm-ldap
If you see the following exception while stopping the SystemNode, stop and start the SystemNode using the following commands:
./tibcohost startNodes -nodeName SystemNode
Exception
****************
[AdminBootstrapTask] DEBUG - *** instantiating action stopAdminNode of type AdminConfiguration *** [AdminBootstrapTask] TRACE - ActionFactory.createAction() returning in 4 milliseconds [AdminBootstrapTask] ERROR - Please see the cause for more details [AdminBootstrapTask] ERROR - com.tibco.amf.admin.api.core.exception.AdminException
***************
Issue/Introduction
Incorrectly setup LDAP Authentication in AMX Administrator and need to re-apply after reverting back changes.
Feedback
Yes
No
Powered by
