Error CentraSite and Active Directory integration

Hello friends,
Performing the integration of CentraSite 8.2 with Active Directory as authentication repository, I have an error:
java.lang.SecurityException: access not granted for user DOMAIN\USER1
at com.centrasite.smh.AdminUserCreator.isAccessGranted(AdminUserCreator.java:233)
at com.centrasite.smh.AdminUserCreator.createAdminUser(AdminUserCreator.java:117)
at com.centrasite.smh.AuthAddAdminAgent.createAdminUser(AuthAddAdminAgent.java:279)
at com.centrasite.smh.AuthAddAdminAgent.run(AuthAddAdminAgent.java:256)
at com.centrasite.smh.Agent.doAgentTask(Agent.java:205)
at com.centrasite.smh.AuthAddAdminAgent.AgentMain(AuthAddAdminAgent.java:333)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.softwareag.arg.cockpit.agent.impl.AgentJava.main(AgentJava.java:498)
Caused by: com.softwareag.tamino.db.API.accessor.TXQueryException( message: Authorization failed. Invalid userId and password!, version: 8.2.1.0.4, java: 1.6.0_24, os: Windows 2003 5.2 ):

at com.softwareag.tamino.db.API.accessor.TStreamAccessorImpl.xquery(Unknown Source)
at com.softwareag.tamino.db.API.accessor.TXMLObjectAccessorImpl.xquery(Unknown Source)
at com.centrasite.smh.AdminUserCreator.isAccessGranted(AdminUserCreator.java:203)
… 10 more
Caused by: com.softwareag.tamino.db.API.invocation.TInvocationRetryHandlerException( message: Retry after invoke failed., version: 8.2.1.0.4, java: 1.6.0_24, os: Windows 2003 5.2 ):

at com.softwareag.tamino.db.API.invocation.TAbstractInvocation.retryAfterInvoke(Unknown Source)
at com.softwareag.tamino.db.API.invocation.TAbstractInvocation.doTemplateInvoke(Unknown Source)
at com.softwareag.tamino.db.API.invocation.TAbstractInvocation.invoke(Unknown Source)
at com.softwareag.tamino.db.API.accessor.TAbstractAccessor.invoke(Unknown Source)
… 13 more
Caused by: com.softwareag.tamino.db.API.invocation.TAuthorizationException( message: Authorization failed. Invalid userId and password!, version: 8.2.1.0.4, java: 1.6.0_24, os: Windows 2003 5.2 ):

at com.softwareag.tamino.db.API.invocation.http.THTTPInvocation.verifyAuthorizationResult(Unknown Source)
at com.softwareag.tamino.db.API.invocation.http.THTTPInvocation.doInvokeReal(Unknown Source)
at com.softwareag.tamino.db.API.invocation.http.THTTPInvocation.doInvoke(Unknown Source)
… 16 more

Any recommendations to fix the problem.
Thank you.

this isn’t enough information to give a response…

Have you used the SSXLDAPValidator? It’s available from Empower (https://empower.softwareag.com/Products/DownloadComponents/default.asp) - Products > Download Components > CentraSite. It’s helpful for figuring out your LDAP (including AD) configuration and once its verified, it can update your LDAP configuration in SMH for you.

If you are still having problems, you’ll need to describe your LDAP configuration - you might want to open a support request.

One item: is your AD domain called “DOMAIN”? The domain you put in your LDAP configuration under SMH has to match the AD domain…

Friend,
Here attached a picture of the setting in the SMH (System Management in the tab) for integration with Active Directory

We in Global Support handle such cases, some times with R&D help.

We use as mentioned LdapSsxValidator and LDAP Browser during such session between Customer and Global Support.

The session to solve these kinds is details intensive. We may even decide to access Active Directory as OpenLDAP repository.

Please open Support Ticket,

Shmuel Coller
webMethods Global Support EMEA

Hi
Please consider in any case to use the LDAP interface to MS AD, as the native
AD support is deprecated and will be removed in 9.0

Thanks
Daniel

Ok, thanks for the suggestions.
Make the change to the configuration of LDAP and now this is the result. See attached image.

My question is: how I can authorize or assign the relevant user groups Administrator is taken from Active Directory

Of course, thanks for your support

As which user are you logged into SMH?
Are you using Adminstrator or INTERNAL/Administrator for logging into SMH or some other user?
To me it seems you are using a non admin user.

Daniel

After changing the settings on the Authentication Configurations for LDAP, the admin user can log in the SMH as follows:
Administrator@domain.com