Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Issue Indexing AD User Group

Created: 11 Jul 2013 | 2 comments

There was a previous thread entitled Issue Indexing AD User Group.  Several solutions were suggested including changing permissions in the manager.policy file and verifying permissions in Active Directory.

I had the same issue, and worked with Symantec Support.  Our issue was 2 jar files left over from an 11.0 to 11.1.x upgrade.

If you have access to the Syantec Knowledge Base, see KB 55365.

Access denied on LDAP user group lookups after upgrading to 11.1

Errors look like:

SEVERE [com.vontu.manager.endpointgroup.configure.UpdateTreeview] Error during action: search, dn: null
Cause:
java.security.AccessControlException: access denied (java.lang.RuntimePermission accessDeclaredMembers)

Solution:

In some cases it has been observed that the upgrade doesn't properly remove outdated LDAP jar files:

Go into the following directory: \Protect\tomcat\webapps\ProtectManager\WEB-INF\lib  or /opt/Vontu/Protect/tomcat/webapps/ProtectManager/WEB-INF/lib on Linux
There should be only two ldap jars:

Spring-ldap.jar
Spring-ldap-sandbox.jar

If the following two jar files exist as well, delete them and restart the Vontu Manager service:

Spring-ldap-core.jar
Spring-ldap-core-tiger.jar

Operating Systems:

Comments 2 CommentsJump to latest comment

yang_zhang's picture

A good finding!

If a forum post solves your problem, please flag it as a solution. If you like an article, blog post or download vote it up.
kishorilal1986's picture

Nice to know, Thnaks for sharing