I have downloaded for WAS8.5 for evaluation and face an issue with AD integration.
AD integration is functional for users but i face an issue when using Groups.
Would someone be able to propose an action plan. Details below.
WAS8.5 integrated with AD
I have created a Federated repository with both File and AD.
If i assign Administrator role to AD user, it works i.e AD user can connect to WAS console.
If i assign Administrator role to an AD group, same user is denied access to WAS console.
Within WAS when i check Groups, Group information confirms AD user is part of AD group.
Any idea how to troubleshoot this issue ?
NOTICE: developerWorks Community will be offline May 29-30, 2015 while we upgrade to the latest version of IBM Connections. For more information, read our upgrade FAQ.
This topic has been locked.
3 replies Latest Post - 2013-01-25T11:26:41Z by bpaskin
Pinned topic WAS 8.5 - Active Directory integration issue with Groups. Works with users
Answered question This question has been answered.
Unanswered question This question has not been answered yet.
Updated on 2013-01-25T11:26:41Z at 2013-01-25T11:26:41Z by bpaskin
gas 110000E92M888 PostsACCEPTED ANSWER
Re: WAS 8.5 - Active Directory integration issue with Groups. Works with users2013-01-22T09:11:05Z in response to lorlorHi,
Check if you are able to see correct groups via Manage Groups in WAS admin console. Also check, if you can see user in the group via members and group in the user details via Group membership.
Also restart the server after changes in role assignement.
If it wont help try the following trace:
lorlor 270002554J2 PostsACCEPTED ANSWER
Re: WAS 8.5 - Active Directory integration issue with Groups. Works with users2013-01-24T21:16:59Z in response to gasThanks Gas for looking into this. Sorry for delay.
Yes, AD Groups are listed through "Manage Groups"
Yes, users are listed in Group membership.
As a consequence, my understanding is WAS reads information from AD without any problem
As I was enabling trace with flags you proposed, i have bounced server and Group configuration is now .... functional.
I am new to WebSphere. For my understanding, can you confirm which log files i should look at now that your flags are activated.
This will help me next time i face a similar issue :-)
Thanks again for your help and time
bpaskin 110000EJCN3898 PostsACCEPTED ANSWER
Re: WAS 8.5 - Active Directory integration issue with Groups. Works with users2013-01-25T11:26:41Z in response to lorlorHi, Please make sure the group name does not exist in both the File Repository and Active Directory. Also make sure that the group name is unique within the Active Directory.