|Applies To||ClearTrust Authorization Server 5.5.3|
Authentication Manager Server 6.0
Authentication Manager Server 6.1
|Issue||Upgrade to Access Manager loses Group Entitlement visibility in the Admin GUI|
A ClearTrust 5.5.3 installation running against an Active Directory datastore that is upgraded to Access Manager 6.0.1, as per the upgrade documentation, loses the ability to view group entitlements through the Admin GUI.
If the 5.5.3 CT Server is run it is possible to access and list all the details that should be seen with a group entitlement of RSA with either the 5.5.3 or 6.01 GUI's.
With the 6.0.1 AxM server version running with either the 5.5.3 or 6.0.1 GUI it is not possible to see or edit the Group Entitlements for RSA.
When an attempt is made to add a new Entitlement in the Adminstration Console, the following error is returned:
Transport error (RC_TRANSPORT_ERROR): 00000057: LdapErr: DSID-0C090B38, comment: Error in attribute conversion operation, data 0, vece [16 - No such attribute] during LDAP add
The data in the AD repository must be OK because the entitlements are visible when running 5.5.3.
Group entitlements fail after upgrade.
|Cause||Access Manager 6.0 uses a new default value (ctscMember) for the cleartrust.data.ldap.entitlement.member parameter in ldap.conf when Active Directory is used as a data store. If performing an upgrade installation and this parameter value was not explicitly set previously, you need to set it to the old default value (member) in order to find existing user or group entitlements.|
|Resolution||Explicitly set the cleartrust.data.ldap.entitlement.member parameter value to member.|
|Notes||This was stated in the release notes of AxM 6.0 but not iin the release notes of AxM 6.1|
|Legacy Article ID||a33648|