In CA AXA after adding an LDAP userstore unable to login as tadmin user (LOGIN.ERROR.CODE.1451114)

Document ID : KB000117236
Last Modified Date : 10/10/2018
Show Technical Document Details
Issue:
After adding an LDAP userstore to CA AXA it is no longer possible to login as the tadmin user to the Tenant and receive error LOGIN.ERROR.CODE.1451114)
Environment:
CA AXA  16.x,17.x
Cause:
The LDAP userstore has become the DEFAULT STORE and so only a Tenant Administrator from that userstore can login using the Tenant Name.
 
Resolution:
1. An LDAP userstore Tenant Administrator can be added by logging in as Global Administrator gadmin.
Select People, click on the LDAP userstore and then filter on "Tenant Administrators". If none are listed then change the filter to "All" and select an LDAP user who will be the Tenant Administrator and edit their profile to have that Role. 
The LDAP Tenant Administrator can then login and change the default userstore back to the original userstore if required. Go to "Tenants > select tenant > Manage Tenant > User Store tab" and when multiple User Stores exist the DEFAULT STORE will be marked and there will be an option "MAKE DEFAULT STORE" for any other userstore. NOTE: This option is not visible when logged in as user gadmin.

2. Even with the LDAP userstore set to be the DEFAULT STORE it is still possible to login with tadmin if the original userstore is used in the Tenant Name field instead of the actual Tenant ID e.g. if tenant name is tenant1 then entering tenant1-USERSTORE into the Tenant Name field will allow tadmin to login.