02-28-2003 11:55 AM - edited 03-12-2019 10:52 PM
I am taking over a project for an engineer who left our company (CCM 3.2.2c spF; CAR 3.2.0.12). CCM is integrated with AD and works great.
They have a need to use CAR, but it appears after installing and configuring CAR for specific admin users, the changes are saved but none of the users have Admin access.
I went searching and found this link:
But #1 there is no "CiscoAdminRepToolAdminGroupUsers" security group in the AD.
#2, when I added it to the correct OU (at the point in the procedure where I would have "moved" it) I then got an LDAP error when trying to login as my new Admin user.
Any ideas on a fix?
02-28-2003 12:17 PM
Here's the error message:
The following Error(s) occurred while processing your request. You can:
* click on the 'Back' Button, to go back, fix the errors and try again.
* click on the 'Close' Button, to abort the processing and go to Main Screen.
Error Code Error Description
10013 LDAP Access Error. Contact System Administrator
03-03-2003 08:23 PM
You may want to try the workarounds to the follwoing three DDTS:
a) CScdv55021: This happens when the node, user base, is not under Cisco base. i.e. the user base
and Cisco base are either at same level or in different tree. Use the work around as mentioned in
the release note. This defect is fixed in 3.2(2a).
Workaround: Following steps have to be preformed in order.
1. Grant Admin Rights to the users by using "admin" account.
2. Open Netscape or Active Directory. Go to UserBase.
3. Copy the group "CiscoAdminRepToolAdminGroupUsers" from UserBase to CiscoBase. The UserBase was
set during installation. The default UserBase for Netscape is Poeple. The default UserBase for AD is
Users. Check C:\dcdsrvr\logs\netscape_cfg.log or ad_cfg.log. In the CFG file, look for
ciscoCCNatUserBase. The value right below this is the UserBase specified during installation. The
CiscoBase can be got from art.ini file or from registry at "HKEY_LOCAL_MACHINE\SOFTWARE\Cisco
Systems, Inc.\Directory Configuration\CISCOBASE".
4. Log in using the admin user account. Limitation of this workaround: Only one user can be given
admin rights for the first time(using "adimin" account).
Do the following steps to grant admin rights for more users :
1. Give admin rights to one user by following the steps mentions above.
2. Login using the user and give admin rights to one/more users.
3. Delete the "CiscoAdminRepToolAdminGroupUsers" from CiscoBae.
4. Copy the group again from UserBase to CiscoBase. Follow the same steps to add more users to admin
group.
b) CSCdx00875: This defect arises when the common name ( the name displayed in the AD console) is
different from the user ID. The work around is to rename the user (Select the user, right click,
select rename) so that the common name is same as userID and then add the user to ART admin group.
Workaround: Change the common name to be same as the UserID field.
c) CSCdx26336: This is observed when the user, which is to be added to ART Admin group, is not
directly under the user base. Say, user base is cn=users, dc=cisco, dc=com but the user is present
under ou=evvbu,cn=users,dc=cisco,dc=com, then it is not possible to add that user to ART admin
group. There is no workaround for this problem other that adding an user who is directly under user
base to ART admin group.
WorkAround: Add an user who is directly under userbase to CAR Admin group.
HTH,
Kev
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide