AnsweredAssumed Answered

CEM login failure using EEM Release: 12.0.0.33

Question asked by richardsgreen on May 1, 2013
Latest reply on Dec 19, 2013 by Hiko_Davis
We are using the following application releases:
EEM Release: 12.0.0.33
APM Release 9.1.5.0
When attempting to log in to CEM using EEM realm the CEM console login screen reports the following:
Error: Your login attempt was not successful, try again.
Reason: com.wily.introscope.spec.server.beans.usermgmt.UserMgmtException:
EEM failed to find global group "AD_DOMAIN_NAME\AD_GUG_NAME"

The following is logged by the MOM (Enterprise Manager)
5/01/13 09:29:13.865 AM EDT [DEBUG] [btpool0-829] [Manager.EemRealm] EEM found permissions "[read]" for resource "SuperDomain" of type "Domain" for user "AD_GLOBAL_USER"
5/01/13 09:29:13.865 AM EDT [DEBUG] [btpool0-829] [Manager.EemRealm] EEM found permissions "[read]" for resource "SuperDomain" of type "Domain" for user "AD_GLOBAL_USER"
5/01/13 09:29:13.925 AM EDT [DEBUG] [btpool0-829] [Manager.EemRealm] EEM failed to find global group "AD_DOMAIN_NAME\AD_GUG_NAME": [Exception retrieving AD_DOMAIN_NAME\AD_GUG_NAME] com.ca.eiam.SafeException: EE_BADOBJECT Bad Object
5/01/13 09:29:13.926 AM EDT [ERROR] [btpool0-829] [Manager.com.timestock.tess.services.security.APMAuthenticationProvider] Authenticate - ConnectionExceptioncom.wily.isengard.messageprimitives.ConnectionException: com.wily.introscope.spec.server.beans.usermgmt.UserMgmtException: EEM failed to find global group "AD_DOMAIN_NAME\AD_GUG_NAME"

What is the correct EEM policy setting to allow pre-existing Active Directory group access to CEM?
We have APM configured to use EEM authorization as follows:
We have EEM integrated with Active Directory (LDAP) as follows: User Store -> Reference from an external LDAP Directory

Note:
User successfully logs in to Introscope Workstation with the same "AD_DOMAIN_NAME\AD_GUG_NAME " included in the “Domain” access policy for resource “SuperDomain” in EEM.
We tried adding the same "AD_DOMAIN_NAME\AD_GUG_NAME " to all the “standard” CEM access policies created in EEM after running the provided “eem.register.app.xml” Safex script from the EM_HOME/examples/authentication directory.

Outcomes