Impact login fails after MS Active Directory connection

After connecting to the Microsoft Active Directory external LDAP proxy, login to the UI is unsuccessful. To log in, enable contextPool on the Impact pods.

Cause

After installation and connection to MS Active Directory, the pods start successfully. However, after a period of approximately one hour, it is not possible to log in to any of the UIs, for example Netcool®/Impact.

Resolution

Enable contextPool on the Impact pods.
  1. Ensure that the webgui statefulset is updated. For more information, see Configuring Netcool Operations Insight on Red Hat OpenShift with LDAP MS Active Directory.
  2. Edit the <releasename>-impactgui-startup-scripts and <releasename>-nciserver-startup-scripts config maps. Add the following sed command to the pre-server startup script:
      #
    # Pre server startup script
    #
    echo "Running pre-server startup custom scripts"
    sed -i "s/<\/ldapRegistry>/<contextPool enabled=\"false\"\/> <\/ldapRegistry>/g" /opt/IBM/tivoli/impact/wlp/usr/shared/config/ldapRegistry.xml
  3. Delete the <releasename>-nciserver-0 and <releasename>-impactgui-0 pods for these changes to take effect.
    oc delete <releasename>-nciserver-0
    oc delete <releasename>-impactgui-0 
For more information, see LDAP MS Active Directory settings.