Creating a role by using an LDAP group membership attribute is unavailable after upgrading to 4.0 HF1

  • 7015142
  • 06-Jun-2014
  • 18-Dec-2014


NetIQ Access Manager 4.0 Hot Fix 1 applied
NetIQ Access Manager 4.0 Admin Console creating roles based on LDAP groups


NAM administrator trying to create role policy on Identity Server based on the user group as per the document at

It says that we can browse user group and select it when creating the policy. This was possible with NAM 4.0 but after applying 4.0 HF1, the option to "Select LDAP Group" does not show the user group in the user store and it can't be selected. This issue does not disappear even though admin console has restarted.

The workaround of adding the groups manually using the 'Data Entry Field' but this is more cumbersome and opens up the possibility of human error.


Apply 4.0.1 HF2.

A workaround exists for older build. Depending on whether it's a NAM appliance or single box Admin Console, the following steps willw orkaround the issue:


a) execute the following copy commands:

cp /opt/novell/activemq/lib/optional/commons-collections-3.1.jar /var/opt/novell/tomcat7/webapps/roma/WEB-INF/lib/

cp /opt/novell/nids/lib/webapp/WEB-INF/lib/commons-configuration-1.6.jar /var/opt/novell/tomcat7/webapps/roma/WEB-INF/lib/

b) restart the Admin Console service using

/etc/init.d/novell-ac restart


In the non NAM appliance setups:

a) Copy the following  two missing JARs to the Admin Console:

- Copy From AG:   /opt/novell/activemq/lib/optional/commons-collections-3.1.jar

To Adminconsole:  /var/opt/novell/tomcat7/webapps/roma/WEB-INF/lib/

- Copy from IDP:   /opt/novell/nids/lib/webapp/WEB-INF/lib/commons-configuration-1.6.jar 

To Adminconsole:  /var/opt/novell/tomcat7/webapps/roma/WEB-INF/lib/

b) restart the Admin Console service using /etc/init.d/novell-ac restart

The Windows location where the files must be copied to is c:\windows\program files (x86)\novell\tomcat\webapps\roma\WEB-INF\lib\.