Environment
NetIQ Access Manager 4.0 Admin Console creating roles based on LDAP groups
Situation
https://www.netiq.com/documentation/netiqaccessmanager4/policyhelp/data/b6xdzhe.html#b6xflv1
It says that we can browse user group and select it when creating the policy. This was possible with NAM 4.0 but after applying 4.0 HF1, the option to "Select LDAP Group" does not show the user group in the user store and it can't be selected. This issue does not disappear even though admin console has restarted.
The workaround of adding the groups manually using the 'Data Entry Field' but this is more cumbersome and opens up the possibility of human error.
Resolution
A workaround exists for older build. Depending on whether it's a NAM appliance or single box Admin Console, the following steps willw orkaround the issue:
SingleBox:
a) execute the following copy commands:
cp /opt/novell/activemq/lib/optional/commons-collections-3.1.jar /var/opt/novell/tomcat7/webapps/roma/WEB-INF/lib/
cp /opt/novell/nids/lib/webapp/WEB-INF/lib/commons-configuration-1.6.jar /var/opt/novell/tomcat7/webapps/roma/WEB-INF/lib/
b) restart the Admin Console service using
/etc/init.d/novell-ac restart
In the non NAM appliance setups:
a) Copy the following two missing JARs to the Admin Console:
- Copy From AG: /opt/novell/activemq/lib/optional/commons-collections-3.1.jar
To Adminconsole: /var/opt/novell/tomcat7/webapps/roma/WEB-INF/lib/
- Copy from IDP: /opt/novell/nids/lib/webapp/WEB-INF/lib/commons-configuration-1.6.jar
To Adminconsole: /var/opt/novell/tomcat7/webapps/roma/WEB-INF/lib/
b) restart the Admin Console service using /etc/init.d/novell-ac restart
The Windows location where the files must be copied to is c:\windows\program files (x86)\novell\tomcat\webapps\roma\WEB-INF\lib\.