If i understand it correctly..

• Initially you did not set up a administrative user ... so security is not enabled?


• Then, you configured LDAP as user repository and set it as current.

1. Login with the Primary administrative user account you supplied while configuring LDAP. [you must entered this while configuring LDAP as user repository] . This is the primary administrative user ID now.


2. You can add a new user and then give him administrator role and adminsecuritymanager role [with this he can do user management] and iscadmin role [for user management when using federated repositories]

Your understanding is perfectly right, however

1. From this post, jazz.net/forums/viewtopic.php?t=18796&hi..., I used "admin" in this Primary Administrative user name while configuring LDAP. This is not in AD/LDAP so now I can't login with "admin" (I was using my own id and later got confused).

2. I don't understand this. How can I add more users? I see no menu can click in Users and Groups --> Manage User (not enough privilege with my current login?)

I added my id into the administrative role while configuring LDAP. But now when I login with my id, I can't see the "Aministrative Role" menu beside the "Enable administrative security" anymore. So I can't add more users into this role, and I am afraid if I can' t do all the admin work.

I am not an expereince WAS admin, just my RTC using it.

Thanks

Jirong

primary administrative user specified while configuring LDAP is not available in LDAP.

The users who doesn't have security admin role assigned cannot manage users [add/remove/assign role]

You may follow these steps

• Disable the security by editing security.xml


• Then restart the servers


• Configure the LDAP again with correct configuration and with a user available in LDAP.

Steps to disable and enable passowrd, when administrator not able to login :

josephamrithraj.wordpress.com/2011/03/01...

I want to follow your process to get back the primary admin user. However, I've already deployed some applications and inside the application, created some Security roles to group mapping.

If I disable the security, will I:

1. lose all LDAP info in the Global Security --> Standalone LDAP registry? This is ok, I can redo.

2. lose the Security roles to group mapping inside each application, more important, will it demage the application?

Thanks for your time to help.

Jirong

1. Yes

2. You need to re-do the role mappings

OK, i am done, works perfect.

The good news is all the old LDAP info and setting are still there, application role mapping are also there.

Thanks a lot for helping.

Jirong

Good to hear that the issue was RESOLVED.

I though role mapping [not applications but administrative roles] will disappear.