You can translate the question and the replies:

Cannot load Roles : Error accessing the metadata while loading/storing object

Hi, I'm enabling LDAPS authentication in VDP Client for default Admin DataBase. Connecting using my domain acoount works only when the condition "Assign 'all users role " for every connected user is enabled (Under Admin database configuration) When I check only the condition "use data source credentials to obtain roles". Authentication doesn't work, It displays an error : insufficient privileges to connect to database admin I checked Advanced Log of VDP server . I find that LDAP request for searching roles and Users are successfeully executed. 1 user fouded 3 groups founded ( becuase my username is a member of 3 groups on same OU) But I found error Error loading role 'role 1' Error accessing the metadata while loading/storing objects For information, I'm working on Rhel Environement . The user that runs VDP server is memebr of sudoers group. It has a recursive permission on all Denodo Folder. I find an answer to this question : User must be Administrator. But It's not helpfull. How can I check/grant privilege to user on the metadata? Which Folder/File should I verify? Thanks
user
01-09-2020 06:15:35 -0400

1 Answer

Hi, The possible reason for this error “**Error loading role ‘role 1’**” is when the **Groups/Roles** returned by the LDAP server may not be present in the Denodo as a Role. In your case, the LDAP server has returned the role called “role 1”. Hence the “**role 1**” must be created on the **Administration -> Role Management** Section and granted necessary privileges to connect to it. For more information, please refer to the highlighted note portion from the [LDAP authentication process](https://community.denodo.com/docs/html/browse/7.0/vdp/administration/databases_users_and_access_rights_in_virtual_dataport/administration_of_databases_users_roles_and_their_access_rights/creating_databases#:~:text=If%20a%20role%20name%20obtained) section of the Virtual DataPort Administration Guide. When the** Assign “allusers” role** option is selected then the Server will grant the privileges of the role “allusers” to all the users that log in successfully even if this role has not been assigned to the user in the LDAP server. That's why you were able to login when you have this option selected. When you select the option “**use data source credentials to obtain roles**”, the LDAP server will query to obtain the role by using the credentials that you have configured for LDAP datasource. In this case, the password configured in LDAP datasource should match the password for the login user. Otherwise the role/group retrieval query fails and results in “**insufficient access to <> database**” error has occurred. For more detailed information, I would suggest you to refer to the [Creating a database with LDAP authentication](https://community.denodo.com/docs/html/browse/7.0/vdp/administration/databases_users_and_access_rights_in_virtual_dataport/administration_of_databases_users_roles_and_their_access_rights/creating_databases#creating-a-database-with-ldap-authentication) section of the Virtual Dataport Administration Guide. If still see the issues persist and If you are a user with valid support access then you can raise a support case in [Denodo Support Site](https://support.denodo.com/) so that our support team can help you. Hope this helps!
Denodo Team
02-09-2020 07:08:33 -0400
You must sign in to add an answer. If you do not have an account, you can register here