If you cannot log into the Cloud APM console after changing the primary role
administrator, follow the steps to troubleshoot the configuration.
Before you begin
After you change the primary role administrator user, if you still receive the following
error:
You do not have permission to view this application. If you require access to the application, please send
the URL that you are attempting to access to your monitoring system administrator
you need to troubleshoot the configuration.
Procedure
-
Check the messages.log file in the
install_dir/wlp/usr/servers/apmui/logs/ directory for any
LDAP related errors. A search for the word 'RBAC2' should return several entries with the expected
Distinguished Name, for example:
[3/8/16 12:40:17:976 CET] 000028c5 com.ibm.tivoli.ccm.rbac.RBACPermissions E **
RBAC2: user:LdapRealm/cn=John Smith,dc=ibm,dc=com, /ui/tasks/information, task, view,
false
In
this example the expected Distinguished Name is user:
LdapRealm/cn=John
Smith,dc=ibm,dc=com
-
Verify the user and Distinguished Name that are specified in the
cscsRoleAdmin.conf match exactly with your LDAP server entry. If updates are
necessary, create a cscsRoleAdmin.new file with the correct entry, and run
apm restart_all.
-
Verify the realm that is specified in the cscsRoleAdmin.conf file matches
exactly with the realm in the ldapRegistry.xml file. If updates are necessary,
create a cscsRoleAdmin.new file with the correct entry, and run apm
restart_all command.
-
Verify that you have completed all the steps outlined in these sections, Adding LDAP server certificate
Updating the LDAP registry file.
-
If you need to revert to having apmadmin as the default user, you must also revert to using
customRealm and basicRegistry. Complete the steps in Switching from LDAP back to basicRegistry.