Error when configuring Configuring the IBMConnectionsMetricsAdmin role on Cognos
I was trying to configure the IBMConnectionsMetricsAdmin role on a Connections 4 deployment when I got this error when I tried to open http://connections.org:9082/cognos/servlet/dispatch/
AAA-SYS-0001java.lang.RuntimeException:
Expected a single account objectjava.lang.RuntimeException: Expected a
single account object at
com.ibm.cognos.camaaa.internal.admin.handler.QueryUserInfo.handleInbound
Request(QueryUserInfo.java:268) at
com.ibm.cognos.camaaa.internal.common.handler.DefaultHandler.handleMessa
ge(DefaultHandler.java:72) at
com.ibm.cognos.camaaa.internal.auth.handler.AuthHandler.handleMessage(Au
thHandler.java:150) at
com.ibm.cognos.camaaa.internal.auth.ha.................
This deployment is using Domino as LDAP server and this is where the issue originated.
My Cognos LDAP configuration had an error in the Folder mapping object class. I set it to dominoOrganization but the folder mapping was referring to “ou=adm,o=company“. That one has an extra ou in that has an objectclass of dominoOrganizationalUnit.
Setting the Folder mapping object class to dominoOrganizationalUnit and restarting Cognos solved the issue
Setting the Folder mapping object class to dominoOrganizationalUnit and restarting Cognos solved the issue
You can see this from the following items in AAAclient.log:
Cognos does a lookup for the objectclasses of ou=adm,o=company:
127.0.0.1:9082 8108 2013-03-13 14:06:04.096 +01 null
92Cv2jl2G82wGsl9Mj44yy98s94h8Gy9C92GqCGd 1 15312
AAA.Provider.LDAP 6235 5
Audit.RTUsage.CAM.AAA.Provider.LDAP CallStart <function
name="ldap_search_s"><parameters><item
name="ld"><![CDATA[0000000001A3B7D0]]></item><item
name="base"><![CDATA[ou=adm,o=company]]></item><item
name="scope"><![CDATA[0]]></item><item
name="filter"><![CDATA[(objectclass=*)]]></item><item
name="timeout"><![CDATA[0]]></item><item
name="attrs"><![CDATA[objectclass]]></item><item
name="attrs"><![CDATA[ou]]></item><item
name="attrs"><![CDATA[mail]]></item><item
name="attrs"><![CDATA[uid]]></item><item
name="attrsonly"><![CDATA[0]]></item></parameters></function>
The returned objectclasses from LDAP for ou=adm,o=company are
dominoOrganizationalUnit, organizationalUnit, and top:
127.0.0.1:9082 8108 2013-03-13 14:06:04.097 +01 null
92Cv2jl2G82wGsl9Mj44yy98s94h8Gy9C92GqCGd 1 15312
AAA.Provider.LDAP 6235 5
Audit.RTUsage.CAM.AAA.Provider.LDAP CallEnd <function
name="ldap_get_values"><parameters><item
name="retval=ldap_get_values()"><![CDATA[<span style="text-decoration:underline;"><em><strong>dominoOrganizationalUnit</strong></em></span>]]></it
em><item
name="retval=ldap_get_values()"><![CDATA[organizationalUnit]]></item><it
em
name="retval=ldap_get_values()"><![CDATA[top]]></item></parameters></fun
ction>
<span style=”text-decoration:underline;”><em><strong>None of these objectclasses match dominoOrganization</strong></em></span>, so the error
“CAM-AAA-0031 Unable to determine the objectClass of
ou=adm,o=company. Please update your namespace configuration
127.0.0.1:9082 8108 2013-03-13 14:06:04.097 +01 null
92Cv2jl2G82wGsl9Mj44yy98s94h8Gy9C92GqCGd 1 15312
AAA 6235 5 Audit.RTUsage.CAM.AAA CallEnd <function
name="LegacyServerEngine::search"><parameters><item
name="response"><![CDATA[<searchResponse><status>-19</status><exception
xsi:type="bus:CAMException"
xmlns:bus="http://developer.cognos.com/schemas/bibus/3/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/"><severity
xsi:type="bus:severityEnum">error</severity><errorCodeString
xsi:type="xsd:string"
xml:space="preserve">-19</errorCodeString><messages
xsi:type="SOAP-ENC:Array" SOAP-ENC:arrayType="bus:message[1]"><item
xsi:type="bus:message"><messageString xsi:type="xsd:string"
xml:space="preserve">CAM-AAA-0031 Unable to determine the objectClass
of &apos;ou=adm,o=company&apos;
Please update your namespace
configuration to recognize this entry as a
folder.</messageString></item></messages></exception></searchResponse>]]
></item></parameters></function>