CA Service Management

  • 1.  USS Admin User

    Posted Jan 18, 2019 01:07 PM

    I installed USS pointing to EEM local database and admin access is OK.

    Now I configured EEM to point to AD directory, and I created the same logins in AD.

    After change I was able to log to USS but the user is no longer USS admin.

    How can I put the user as USS admin again?



  • 2.  Re: USS Admin User
    Best Answer

    Broadcom Employee
    Posted Jan 18, 2019 06:23 PM

    There is a long approach for this from the backend...

     

    No longer have admin rights in Unified Self Service 

     

    There was a discussion internally about another approach too, I have not tested this but it might work, it talks about a broken LDAP integration, in your case its EEM integration.  Basically the auth schema is forcing it to lose admin privileges.  userids are the userids from USS_MDB.user_   table for whichever user who needs to get admin privileges in USS>

    Omniadmin users are allowed to log in even if the integration with LDAP is broken. This allows to use this administrator accounts to fix the problem. The default user created with liferay (test@liferay.com) is an example of an omniadmin users. Others can be configured in portal.properties (or portal-ext.properties) indicating a comma separated list of user ids:

    4.2.X and before

     omniadmin.users=liferay.com.1,liferay.com.1001

    4.3.X

     omniadmin.users=2,12345,98765

     

     

    Restart of USS is needed

     

    Another way :  how to disable NTLM/EEM authentication without using the Control Panel?

     

    change some of these settings is via the OSOP_Install_Dir/PortalExt.Properties file

    company.security.auth.type=screenName
    ## Allowed case sensitive values: screenName userId emailAddress
    <tenant-web-id>.eem.ntlm.authentication.enabled=false
    ## Allowed case sensitive values: true or false

    Restart USS after making the change

     

     

    _R



  • 3.  Re: USS Admin User

    Broadcom Employee
    Posted Jan 21, 2019 08:50 AM

    Hi Paulo,

     

    Please let us know if the information provided by Raghu worked for you so we can mark it as the right answer. Otherwise, you could be opening a new case in support so we can assist you if needed.

     

    Note:

    An article with the information above was created and can be viewed below:

     

    How can I log into Unified Self Service (USS) if t - CA Knowledge 

     

    Kind regards,

    Roberto



  • 4.  Re: USS Admin User

    Posted Jan 21, 2019 09:30 AM

    Roberto

     

    Putting this omniadmin.users in config file worked.

     

    Thanks

     

    Paulo Freire

    Consultant

     

    Baymetrics | Alameda Mamoré, 503 CJ33 - Alphaville -Barueri - SP - Brasil

    E paulo.freire@baymetrics.com.br<mailto:paulo.freire@baymetrics.com.br> | T +55 (11) 3181-8444  | M +55 (11) 95082-8573

     

     

                    www.baymetrics.com.br<http://www.baymetrics.com.br/>

             

     

    This email is sent on behalf of Baymetrics Technology or one of its group companies in the territory from where this email has been sent. The email and any files transmitted with it are confidential and solely for the use of the intended recipient. If you have received this email in error please delete this email immediately and notify the sender.

     

    De: RobertoBenatti <communityadmin@communities-mail.ca.com>

    Enviada em: segunda-feira, 21 de janeiro de 2019 11:51

    Para: Paulo Freire <paulo.freire@baymetrics.com.br>

    Assunto: Re:  - Re: USS Admin User

     

    CA Communities <https://communities.ca.com/?et=watches.email.thread>

     

     

    Re: USS Admin User

     

    reply from Roberto Porto Benatti<https://communities.ca.com/people/RobertoBenatti?et=watches.email.thread> in CA Service Management - View the full discussion<https://communities.ca.com/message/242162103-re-uss-admin-user?commentID=242162103&et=watches.email.thread#comment-242162103>