Insufficient privileges to log in API publisher or Store for LDAP User

Question

When I use LDAP user account to log in API publisher or API store, error message was prompted "Unable to log you in! Login failed.Insufficient Privileges.", but the non-LDAP user (accounts were created in Primary Carbon JDBC userstore) with the same role can successfully login.

I checked my configuration and relevant logs as below:

User Store Manager Class: org.wso2.carbon.user.core.ldap.ActiveDirectoryUserStoreManager

Role: Internal/PUBLISHER, was assigned all permissions.

User: xxx.COM/leon01, was assigned role 'Internal/PUBLISHER'. This user can successfully log in API Manager Web Console.

Cluster environments: API Manager Web Console + Identity Server (Key Manager) + API Gateway Worker + API Publisher + API Store.

The log in Identity Server displays successful:

TID: [-1234] [] [2016-09-15 12:54:07,194]  INFO {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} -  'xxx.com/leon01@carbon.super [-1234]' logged in at [2016-09-15 12:54:07,194+0800] 

But the log in API Publisher / Store displays 'Login failed':

TID: [-1234] [] [2016-09-15 12:54:06,543]  INFO {org.wso2.carbon.core.internal.permission.update.PermissionUpdater} -  Permission cache updated for tenant -1234 {org.wso2.carbon.core.internal.permission.update.PermissionUpdater}
TID: [-1234] [] [2016-09-15 12:54:07,024] ERROR {org.wso2.carbon.apimgt.hostobjects.APIProviderHostObject} -  Login failed.Insufficient privileges. {org.wso2.carbon.apimgt.hostobjects.APIProviderHostObject}

Any idea? your help will be highly appreciated.

Answer 1

I copied userstores/xxx_com.xml to corresponding directory of API Publisher and API Store and this issue was resolved.