000025623 - Upgrade to Access Manager loses Group Entitlement visibility in the Admin GUI

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000025623
Applies ToClearTrust Authorization Server 5.5.3
Authentication Manager Server 6.0
Authentication Manager Server 6.1
IssueUpgrade to Access Manager loses Group Entitlement visibility in the Admin GUI
A ClearTrust 5.5.3 installation running against an Active Directory datastore that is upgraded to Access Manager 6.0.1, as per the upgrade documentation, loses the ability to view group entitlements through the Admin GUI.
If the 5.5.3 CT Server is run it is possible to access and list all the details that should be seen with a group entitlement of RSA with either the 5.5.3 or 6.01 GUI's.
With the 6.0.1 AxM server version running with either the 5.5.3 or 6.0.1 GUI it is not possible to see or edit the Group Entitlements for RSA.
When an attempt is made to add a new Entitlement in the Adminstration Console, the following error is returned:
Transport error (RC_TRANSPORT_ERROR): 00000057: LdapErr: DSID-0C090B38, comment: Error in attribute conversion operation, data 0, vece [16 - No such attribute] during LDAP add
The data in the AD repository must be OK because the entitlements are visible when running 5.5.3.
Group entitlements fail after upgrade.
CauseAccess Manager 6.0 uses a new default value (ctscMember) for the cleartrust.data.ldap.entitlement.member parameter in ldap.conf when Active Directory is used as a data store. If performing an upgrade installation and this parameter value was not explicitly set previously, you need to set it to the old default value (member) in order to find existing user or group entitlements.
ResolutionExplicitly set the cleartrust.data.ldap.entitlement.member parameter value to member.
NotesThis was stated in the release notes of AxM 6.0 but not iin the release notes of AxM 6.1
Legacy Article IDa33648

Attachments

    Outcomes