Maximo

 View Only
Expand all | Collapse all

Maximo LDAP authentication error. You cannot login at this time

  • 1.  Maximo LDAP authentication error. You cannot login at this time

    Posted Thu December 21, 2023 09:08 PM

    Hi Everyone,

    We have enabled Microsoft AD Authentication in Maximo and Websphere but we are not able to login to Maximo. The login error says " You cannot login at this time"

    We are able to see the AD Users and Groups in Websphere.

    If we provide a wrong password the error does change to Username and Password combination are not valid. So seems like AD authentication is working but it's now allowing to login.

    We have imported all the Signer Certificates for our organisation AD server.

    Problem is nothing is being reported in the Maximo or AD server logs that could help us investigate further.

    Appreciate your help.



    ------------------------------
    Gagan Deep Bansal
    ------------------------------


  • 2.  RE: Maximo LDAP authentication error. You cannot login at this time

    Posted Fri December 22, 2023 02:31 AM

    Hi,

    could you please check whether you have properly configured Security role to user/group mapping for your application deployment?

    There is several ways how you can do that - the simplest one, perhaps not the best practice though, is just to map special subject All Authenticated in Application's Realm so that (slightly simplifying) whoever is properly authenticated gets authorized to access Maximo (see example below). The other options are to grant access to specific users explicitly or perhaps one of the user groups (including AD ones) which contains users who should be able to access Maximo. 

     

    The other reason for your problem might be that the values of the Federated repository properties for login property of your user accounts in AD don't match MAXUSER.LOGINID values in Maximo. In that case even if user gets authenticated and authorized then Maximo cannot find a match between authenticated user context and Maximo users collection, or matched user is not active. 

    Finally the simplest answer might be that the user account is blocked in Maximo (MAXUSER.STATUS) or user IP is blocked etc.



    ------------------------------
    Andrzej Więcław
    Maximo Technical Consultant
    Trivalo AB
    Gothenburg, Sweden
    ------------------------------

    Original Message


  • 3.  RE: Maximo LDAP authentication error. You cannot login at this time

    Posted Sat December 23, 2023 08:15 PM

    Hi Andrzej,

    Thank you very much for responding with all the probable solutions and it did help resolve the issue.

    Found out the login ID in Maximo was all lower case whereas in AD its in camel case thus causing the problem. 

    The frustrating part is that neither Maximo nor AD presented any errors in the server logs.

    Truely appreciate your help! Saved us a lot of investigation hours.



    ------------------------------
    Gagan Deep Bansal
    ------------------------------

    Original Message