Will LDAP migration of users affects Room permissions?

Similar Messages

• Will LDAP  migration of users affect their Collaboration Rooms??

  Hi,
    We are having EP 6.0 with MS-AD readonly Ldap.
  We are having domain migration in process now, ie users
  are being migrated from <i>dom1.comp.com</i> to <i>dom2.comp.com</i>.
  I was wondering how this is going to affect all the collaboration roooms
  that we are having, because the user's unique id will change once this
  migration is done.(isnt it ??) So would we have to re-assign the users
  permisions in each of these rooms?
  Also what other things are bound to get affected.
  Any help on this would be great.
  Regards
  Vineeth

  Hi,
  Yes it will change then (I hopeed you were using samaccountname).
  I've got little experience with collboration, but if there is a mass export and import which requires little manual steps that indeed seems like the best way to go.
  An alternative would be to program your own export and import functionality by using the collaboration java API.
  This should be fairly trivial for a programmer since the API appears quite good
  http://help.sap.com/javadocs/NW04/current/km/com/sap/ip/collaboration/room/api/IRooms.html
  http://help.sap.com/javadocs/NW04/current/km/com/sap/ip/collaboration/room/api/IRoomUsers.html
  Regards
  Dagfinn

• Migrated users incorrectly, now permissions problems

  Hi all!
  I purchased a 2011 MBP this year, to replace my 2008 MBP. I attempted to use Migration Assistant, but didn't transfer correctly and now I'm having permissions related problems. I'm assuming they are related, as that is how it sounds from posts I've read in these forums.
  When I used migration assistant, I had already created the same user name on the new MBP. Now that I've read many posts in this forum, I realize I should never have created a user on the new MBP, prior to using migration assistant. Anyway, having trouble with duplicate account names, I believe I reformatted the drive and used the drag and drop method from the old MBP to the new (I can't honestly remember, but I'm pretty sure that's the method I chose). I still created the same user name on both, so perhaps that wasn't a great idea.
  For the most part I didn't notice any problems, until after I purchased and installed MS Office 2011. I would open any Office app and everytime it would require me to go through all opening screens as if it was the first time opening Office, even though it had the serial number and all personal information already. I went through MS tech support and fortunately spoke with a very knowledgeable mac user and we traced it down to a permissions problem. He suggested I delete the user name and use the TestName we had created (which had no problems) At the time, I was in the middle of a large video project and I didn't want to do anything that may cause potential problems with it. I finished the project and began another one immediately. In the new project, I had problems with Premiere Pro not recognizing audio in some, not all, clips. I spent days with Adobe tech support and even sent them a sample file. Fast forward to yesterday; it was once again traced to permissions problems. The clip worked under the root user account we (Adobe tech support and I) created.
  So, my question is what is the best way to proceed? It seems apparent that I have to delete a user or figure out how to repair all permissions at once, since I have found files and repaired a few with the one-at-a-time method. Obviously this is time consuming and I don't have that kind of time.
  Should I delete the username and move things to a new username? If so, what are the best steps to prevent any permissions problems? Or is there a way to repair all file permissions through a command in the terminal?
  I can't honestly say I never had any permission problems with the 2008 MBP before, so if by chance there were permisions problems, or any other user related problems, would they have been introduced to this new MBP?
  Thank you in advance for the help! :-)
  EM

  emerson MEDIA wrote:
   About make a copy of /Users/paisleye into /Users/paislWhy am I doing that? Just for backup? Through the remainder of your post, it sounded as if I would only be accessing /Users/paisleye. Did I mis-read something?
  Exactly -- just for backup.  You may notice I'm a little paranoid -- if you have a Time Machine backup, and a SuperDuper/CarbonCopyCloner bootable clone on an external disk, AND a copy in /Users/paisl -- then you've got 3 backups before you start.  :-)  And when you are done you will have the original of /Users/paisleye in /Users/paisl and the original of /Users/test will still be in /Users/test.
  What should happen with the ordering is this:
  -- if a file is in /Users/test but not in /Users/paisleye, then it will copy over into /Users/paisleye with it's current ownership and permissions, which seem to be right.
  -- if a file is in /Users/paisleye but not in /Users/test, then the copy isn't going to fix anything, but it isn't going to hurt anything more, either.  The step where you set ownership of everything in /Users/paisleye to test:staff might just fix all of those problems.
  -- if a file is in /Users/paisleye AND /Users/test, then if the ownership/permissions are right on one and wrong on the other it's probably /Users/test that's good.  The copy (the long complicated tar command) will copy the /Users/test version and it's permissions/ownership overtop the /Users/paisleye version.  If that's not right, there is a backup in /Users/paisl, and on the TimeMachine, and on the clone.
  What's likely is that you are going to have the occasional weird thing happen with some stray file for months/years.  You can always go back and use chown and/or chmod on an individual file to fix it.  (The -R is the "recursive" flag to do a directory and everything underneath.  Leave it out, and it just does one file at a time.)
  I actually ended up with three different accounts on my machine that belong to "me" and had to do this.  (I bought the machine with free Parallels installed, and MacMall created an account called "user" to install it and I had to clean that up when I got it.)  This is not a terrible thing.  One thing that I would recommend if you get it all done and cleaned up and you are happy -- keep the test account, and keep it as an Administrator; then turn off Administrator on the paisleye account.  Then every time you need to do something Administrator, just give the test username/password.  Every so often you will get software that will refuse to install from a non-priv'd account (looking at you adobe!) so just turn on Fast User Switching and log into the test account and install from there.  It just a lot safer if you are not logged in all of the time with privs...
  And this unix stuff isn't hard to get the hang of.  If you half remember something, you can google it and find oodles of excellent documentation.

• How have you migrated user data? (Permissions issues).

  So far our upgrade from Tiger server to SL server has been fairly painless. I chose to do a completely clean install and then migrate users at a later date (after exporting them from the original configuration). I do have a complete bootable clone of the Tiger server install, so I can go back to that install at any time to check on things, so that's been a real help.
  But here is one snag I should have anticipated: permissions issues! I've tried several times now to migrate a single user account from Tiger server to SL server. But I'm getting massive permissions issues on the account. I've tried migrating the user data using Carbon Copy Cloner, or copying the file via. the Finder (what a pain), and in both cases when I login as that user on a client machine I have only read access (or even no access) to critical files.
  What methods have you used to successfully migrate user's directories? Alternately, what did you do to fix permissions issues for migrated users?
  Thanks.

  i use rsync for all transfers and then make sure ownership and perms align.
  are you talking about moving homedir data from old server to new, homedirs on client machines, or something else entirely? regardless, you'll need to ensure all of the pieces work together. stay away from finder copies or most gui tools. you'll have more control and more reliable results from the command line. passenger offers some folder migration functionality if you need a gui, though i've never used it for that. http://macinmind.com/?pid=2&progid=1&subpid=1

• Migration assistant doesn't migrate all user files

  I Wanted to do a semi clean install, so I decided to erase everything and install a fresh OS X Yosemite.
  i Used migration assistance to only migrate my user account and all its files. Everything seemed to work fine, until I realized I was missing things. Some fonts were not copied over (/User/name/Library/Fonts) and most of my music was not copied over (~/Music/iTunes etc.). The only music that seemed to transfer were ones I purchased from iTunes or imported recently (with the latest iTunes). I got fed up with the entire process and didn't do any more investigation or debugging and am now doing a full restore from time machine. Luckily I have two time machine backups... Can't always assume everything will go correctly (one time machine is stuffed as it was preparing to backup my new installation with lost user files).
  has anyone else had the same problems?
  As a note I was able to locate those fonts manually on one of the time machine backups but it said the links we broken (they must be aliases) but since I knew the absolute path I could find them. Maybe that's part of the problem? Also I wonder if user permissions (eg ownership) could affect the restore user account process...
  Ps: Apple this site ***** on my iPad mini. Fonts are way too small!

  I did exactly that
  If so, that would have been Setup Assistant, not Migration Assistant. From the sound of it, I'm not so certain that is what you did. They are very similar, but may produce different results. Setup Assistant appears on the first boot of the new Mac. It is generally far more problem free than Migration Assistant. If you select the option to migrate later you get MA. Have you checked to see if you don't now have another User where all your settings now reside. This can be the result of using MA.
  If you didn't use SA on the first boot, it might be far less time consuming and aggravating to simply reinstall the OS and the bundled apps. This will produce a brand new option to use SA on the first boot.

• LDAP Authentication Failed :user is not a member in any of the mapped group

  Hi,
  I tried to set up the LDAP Authentication but I failed.
  LDAP Server Configuration Summary seems to be well filled.
  I managed to add a Mapped LDAP member Group: This group appears correctly in the Group list. 
  But itu2019s impossible to create a User. Although this user is a member of the mapped group (checked with LDAP Brower) , an error message is displayed when I tried to create it (There was an error while writing data back to the server: Creation of the user User cannot complete because the user is not a member in any of the mapped groups)
  LDAP Hosts: ldapserverip:389
  LDAP Server Type: Custom
  Base LDAP Distinguished Name: dc=vds,dc=enterprise
  LDAP Server Administration Distinguished Name: CN=myAdminUser,OU=System Accounts,OU=ZZ Group Global,ou=domain1,dc=vds,dc=enterprise
  LDAP Referral Distinguished Name:
  Maximum Referral Hops: 0
  SSL Type: Basic (no SSL)
  Single Sign On Type: None
  CMS Log :
  trace message: LDAP: No such attribute: supportedControl, assuming no ranging support.
  trace message: LDAP: LdapQueryForEntries: QUERY base: dc=vds, dc=enterprise, scope: 2, filter: (samaccountname=KR50162), attribute: dn objectclass
  trace message: LDAP: LdapQueryForEntries: QUERY result: 0 took 2453 ms
  trace message: LDAP: LdapQueryForEntries() QUERY number of entries returned: 1
  trace message: GetParents from plugin for cn=huh\,chen, ou=accounts, ou=users, ou=domain1, dc=vds, dc=enterprise.
  trace message: LDAP: De-activating query cache
  trace message: LDAP: LdapQueryForEntries: QUERY base: , scope: 0, filter: (objectClass=*), attribute: supportedControl
  trace message: LDAP: LdapQueryForEntries: QUERY result: 0 took 0 ms
  trace message: LDAP: LdapQueryForEntries() QUERY number of entries returned: 0
  trace message: LDAP: query for DSE root returned 89
  trace message: LdapQueryForEntries: incr. retries to 1
  trace message: LDAP: Updating the graph
  trace message: LDAP: Starting Graph Update...
  trace message: LDAP: LdapQueryForEntries: QUERY base: , scope: 0, filter: (objectClass=*), attribute: supportedControl
  trace message: LDAP: LdapQueryForEntries: QUERY result: 0 took 0 ms
  trace message: LDAP: LdapQueryForEntries() QUERY number of entries returned: 0
  trace message: LDAP: query for DSE root returned 89
  trace message: LdapQueryForEntries: incr. retries to 1
  trace message: LDAP: LdapQueryForEntries: QUERY base: , scope: 0, filter: (objectClass=*), attribute: supportedControl
  trace message: LDAP: LdapQueryForEntries: QUERY result: 0 took 0 ms
  trace message: LDAP: LdapQueryForEntries() QUERY number of entries returned: 1
  assert failure: (.\ldap_wrapper.cpp:3066). (pSetAttributes : no message).
  trace message: LDAP: No such attribute: supportedControl, assuming no ranging support.
  trace message: LDAP: LdapQueryForEntries: QUERY base: dc=enterprise, scope: 2, filter: (&(cn=gp-asia)(objectclass=group)(member=cn=huh
  , chen, ou=accounts, ou=users, ou=domain1, dc=vds, dc=enterprise)), attribute: objectclass
  trace message: LDAP: LdapQueryForEntries: QUERY base: , scope: 0, filter: (objectClass=*), attribute: supportedControl
  trace message: LDAP: LdapQueryForEntries: QUERY result: 0 took 0 ms
  trace message: LDAP: LdapQueryForEntries() QUERY number of entries returned: 1
  assert failure: (.\ldap_wrapper.cpp:3066). (pSetAttributes : no message).
  trace message: LDAP: No such attribute: supportedControl, assuming no ranging support.
  trace message: LDAP: LdapQueryForEntries: QUERY base: dc=enterprise, scope: 2, filter: (cn=gp-asia), attribute: member objectclass samaccountname cn
  trace message: LDAP: LdapQueryForEntries: QUERY result: 0 took 3109 ms
  trace message: LDAP: LdapQueryForEntries() QUERY number of entries returned: 0
  trace message: LDAP: query for DSE root returned 0
  trace message: Failed to commit user 'KR50162'. Reason: user is not a member in any of the mapped groups.
  trace message: [UID=0;USID=0;ID=79243] Update object in database failed
  trace message: Commit failed.+
  Can you please help?
  Joffrey

  Please do this after you verify all permission settings for all the groups the account is associated with. Also, make sure you check the NTFS folder permissions before doing this as well.
  Since the same result happens on multiple computers, it is not the profile.
  I am recommending you delete the AD account (or rename to backup the account).
  It will not effect the users Exchange account, but you will need to link it back to the new AD user account. 
  You can also delete her profile just to remove it, for the "just in case" scenario.
  Don't forget to mark the post that solved your issue as &quot;Answered.&quot; By marking the Answer you are enabling users with similar issues to find what helped you. Lewis Renwick - IT Professional

• Data propagation problems w/ NIS+ to LDAP migration..

  Hello All,
  I'm running in to an issue performing an NIS+ to LDAP migration with Solaris 9.
  It all happens like this: NIS+ successfully populates the directory through the 'initialUpdateAction=to_ldap' option-- afterwards, no updates made directly to LDAP are ever pushed back into NIS+.
  I'm of the understanding (which might be incorrect) that after performing the initial update, NIS+ should simply act as a cache to the data stored in LDAP. Do I need to perform an 'initialUpdateAction=from_ldap' after populating LDAP to force the direction of the data propagation to change?
  I'm experienced with LDAP, so I'm comfortable everything is all right on that side, however, I'm not so sure about NIS+. Anyone out there who has gone through this migration who'd be willing to offer some assistance or advice would be greatly appreciated.
  Many thanks in advance..
  ..Sean.

  Well, you neglected to outline exactly how you accomplished your migration.
  Starting with Tiger Server using NetInfo as a standalone server, we created an Open Directory Master, as described in Apple's Open Directory Guide. By the time we'd finished that, we had an OD admin. From there, we did as I previously described -- exported with WGM from NetInfo, imported with WGM into LDAP, deleted with WGM from NetInfo.
  See http://support.apple.com/kb/TA23888?viewlocale=en_US
  This seems to be an article on how to re-create a password that's been lost. That's not really what we need, though. The OD admin account we created works fine for other services, just not for WGM. And other admin users we created work fine for other services, but not for WGM. The problem is that although admin users can log into many services, they can't log into WGM -- only root can.

• Migrate the users, groups from essbase 7.1.6 to shared services

  Hi
  Our current production is essbase version 7.1.6 and we are planning to migrate to EPM 11.1.2 . We would like to move the security administration from Essbase to Shared Services (want to use Native Directory).
  can somebody please suggest
  1) An utility that Oracle provides with EPM 11.1.2 that helps to migrate the users and groups from 7.1.6 to shared services?
  2) After bringing the users groups from 7.1.6 to 11.1.2, do we need to externalize these users and groups or no need?
  Appreciate the help. Thanks,

  if you have LDAP/MSAD try to configure it first .That will get your users
  Now using maxl
  spool on to GROUP.txt
  display gruoup all;
  spool on to USER.txt
  display user in group all;
  for test purpose create a test group and a test user from the shared services.
  Now using GROUP.txt
  make up maxl statements to create groups(use any advanced text editor or MS excel to get your work done fast)
  create group 'groupname';
  now login into that shared services
  go to FOundation Application group->click sharedservices->drop down native directory ->Right click on Groups and select export for edit.THat will save you Groups.csv file.
  Now
  1.Open that Groups.csv file
  2.Using USER,txt ,paste the users in that file under their respective group.(Look for test group created that should give you an idea!!!)
  3.Paste user correctly and save it to the same file Groups.csv
  4.go to FOundation Application group->click sharedservices->drop down native directory ->Right click on Groups and select IMPORT for edit.
  5.that will get your users into the groups.
  ________filters_______
  Using maxl again
  spool on to FILTER.txt
  display filter row all;
  spool on to GRPRIVILEGE.txt
  display privilege group all;
  Now using FILTER.txt
  create maxl statements
  (use any advanced text editor or MS excel to get your work done fast)
  Ex: create filter app.database.filtername read/write/none/metaread on 'AREA ' ;
  Using GRPRIVILEGE.txt
  create maxl statements
  grant filter app.databse.filtername to 'groupname';
  that should get your filters created and assigned.
  else you can use Advanced Security Manger
  http://www.appliedolap.com/free-tools/advanced-security-manager
  hope that should give you an idea!!!!!!!

• After Migration AD users do we need to keep SID history ?

  Hi Team,
   After Migration AD users do we need to keep SID history ?
   what are all the parameters need to verify post-migration ?
  This posting is provided &amp;quot;AS IS&amp;quot; with no warranties and confers no rights! Always test ANY suggestion in a test environment before implementing! http://sesaitech.blogspot.in/

  SID history is really more of an aesthetic problem.
  If you have users with lots of SidHistory entries and lots of Groups, SidHistory will contribute to Kerberos Ticket bloat, so you may wish to clean it up for that reason.
  You won't find a list of definitive things to check because SidHistory may affect your users ability to access ANY domain resource - File Share, Websites, databases etc.
  If you are reasonably confident that you have migrated all your resources, you have good backups and a process to do a SID History restore (requires authoritative restore of AD users which will also restore passwords)  I would suggest staging out your
  SidHistory removal and watching for spikes in helpdesk calls.
  Good Luck!
  Shane

• Migrating Local Users to Network/Mobile Home Directories

  Hey Everyone!
  A Happy Holiday's to you all! I'm in the midst of building a new system for my new clients. They had nothing but static IP numbers and no actual servers in a 50+ Mac environment. MacBook Pros, G5's and PowerBook G4s up the yang.
  What I'm looking to do is migrate as seamlessly as possible, all of the existing local users to network users and then some of those network users will become mobile accounts. I have Open Directory authenticating properly so...
  Here's my plan:
  1) Finish creating new builds for the MacBook Pro's, the G5s, and the PowerBook G4s.
  2) Create the users in OD and assign them to groups for permissions.
  3) Drag and drop entire home directory from each computer to a shared folder on my OD Server.
  From here I want to run chown, I'm guessing, to change the user:group for the home folders I copied over so that they match the ID's created by OD. I figure when I do that, then I can simply replace the OD created home folders in my server's Users folder with the copied and permission modified home directories from each local user.
  My guess is that would be the fastest way to migrate the users to the network.
  My question is are the terminal commands I need to run on each folder in order to make this as seamless as possible?
  chown -R username:newgroupname /~path to copied local home directory
  Is that syntax right?

  The command is correct!!!
  But my quess is if you use ACL's to set the permissions you won't need to run the command on every folder
  Best Regards

• Multiple user creation in R12 and migration of users

  I would like to know how we can automate a process of user creation in R12, or is there a way to create multiple users in Ebiz with respective responsibilities.
  Second case is, migration of users from one instance to another. The problem out here is selective users not all?
  Regards

  Pl search the forums for FND_USER package - you will find several hits that show how this package can be used in a programmatic fashion to bulk create new users and assign responsibilities. Examples are also available on My Oracle Support.
  To migrate user, use FNDLOAD. See this doc - you will also find hits in these forums if you search.
  376469.1 - Can FNDLOAD Migrate User Accounts Without Forcing Users To Change Their Passwords?
  HTH
  Srini

• Time Machine - How do you not migrate computer user name?

  Hello,
  I am going to be selling my Mac Pro (MA970LL/A) and getting a Macbook Pro.  In the past, I have used a time machine total migration.
  I was thinking about doing it again but I do not want the username/computer name to transfer as well.  I want this laptop to have a completely new, different name.
  Is there a way to do this transfer and still give the computer a new username/computer name?
  I appologize if I did not use the correct terminology.
  I am refering to this:
  Macintosh HD>Users>Name
  also appearing in that folder is:
  Machintosh HD>Users>Shared   ... if that helps.
  Thank you for your help!

  If the new name is different from the old one, then MA will migrate the old account, automatically keeping the old username.
  I'm not sure we are on the same page here, so to reiterate for clarity.
  You are getting a new computer.
  You want to migrate your old account to the new computer but want to change the account's username.
  When you get the new computer to through the setup and when you are asked to configure the intial admin account you need to use the same username of the old account (the one you will be migrating.) When MA starts the migration process it will prompt you to either Cancel or Rename the account you are migrating. You can then assign the username you would like for the migrated account. MA will take care of the process.
  After migration you will need to verify the migrated account has admin status. Also configure it for auto-login. Restart the computer. The computer should startup using the migrated account. You may then delete the initial account you made in the Setup Assistant.

• Is there a way to migrate AD users to different domain?

  Hello SharePoint Fam,
  I have a 10,000 user environment and these users are spread across 15 different domains.  Our data/network team are beginning to migrate and consolidate our environment down to one domain.  We did a test and had them migrate a couple of accounts
  to different domain and confirmed that this breaks the user access.  Is there a script or recommendation that I could use to migrate specific users to this domain?  This new domain is still under the same forest
  Thanks n advance,

  Hi,
  According to your description, my understanding is that you want to migrate AD users to another domain.
  The tool you need to migrate users between domains is ADMT (Active Directory Migration Tool) which will migrate users, groups, and computers.
  After that, we need to use Move-SPUser to migrate the users to new accounts:
  $user = Get-SPUser -web http://my.website.url -Identity DomainA\UserA
  Move-SPUser -IgnoreSID -Identity $user -NewAlias 'DomainB\UserA'
  More references:
  http://technet.microsoft.com/en-us/library/ff607729(v=office.15).aspx
  http://localhost25.blogspot.com/2012/06/sharepoint-2010-migrate-users-with-move.html
  http://blogs.msdn.com/b/sowmyancs/archive/2012/01/07/migrate-users-groups-powershell-script.aspx
  Thanks,
  Victoria
  Forum Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Victoria Xia
  TechNet Community Support

• SharePoint 2013 - Server Error in '/' Application - This operation can be performed only on a computer that is joined to a server farm by users who have permissions in SQL Server to read from the configuration database

  Hi
  After I ran SharePoint configuration wizard successfully to upgrade to SharePoint 2013 / SP1.
  I can open Central Administration site just fine.
  but now when I open any Site collection,  I got this error.
  Server Error in '/' Application
  This operation can be performed only on a computer that is joined to a server farm by users who have permissions in SQL Server to read from the configuration database. To connect this server to the server farm, use the SharePoint Products Configuration
  Wizard, located on the Start menu in Microsoft SharePoint 2010 Products
  I have restarted all the servers:  SQL server, WFE and APP servers but still cann't get this resolve.
  Services on all servers are running,  IIS - application pools are running.
  Can someone help with where that could be a problem or if there is a solution.
  Thanks in advance for your comments or advices.
  Swanl

  Please verify the followings:
  Make sure that from the SharePoint front end and application servers that you can ping your SQL server.
  Make sure that your Farm account has permission to the configuration database.
  Lastly verify that your database didn't for some reasons go into recovery mode.
  once everything is fine and you are still having issues, restart the SQL host service on the SQL server.
  Once the service is restarted you will need to reboot Central Admin and then your front end servers.
  In addition, as you built your farm inside the firewall, please disable the firwall, or create rules for SQL Server service in the firwall on SQL server.
  More information about creating rules in firewall, please refer to the following posts: http://social.technet.microsoft.com/Forums/en-US/c5d4d0d0-9a3b-4431-8150-17ccfbc6fb82/can-not-create-data-source-to-an-sql-server http://www.mssqltips.com/sqlservertip/1929/configure-windows-firewall-to-work-with-sql-server/
  Here is a similar post for you to take a look at: http://social.technet.microsoft.com/Forums/en-US/ea54e26c-1728-48d4-b2c5-2a3376a1082c/this-operation-can-be-performed-only-on-a-computer-that-is-joined-to-a-server-farm-by-users-who-have?forum=sharepointgeneral 
  Please 'propose as answer' if it helped you, also 'vote helpful' if you like this reply.

• The current user has insufficient permissions to perform this operation when trying to add Term stored managed navigation.

  Hi,
  i am getting this error "The current user has insufficient permissions to perform this operation." when trying to add the Term store managed navigation like the following screen shot. i am the Farm
  administrator and as well managed services account. also noticed, cannot delete the service application, saying you don't have enough permission to delete the db. but using this account i was able to do everything before in my environment. is anyone already
  face this kind of error, so what will be the way to resolve this?
  Appreciated!

  event though its a farm admin,It should provide the access to MMS.please find the below link for more details and the solution for the issue.
  Go to SharePoint Central Administration Site –> Application Management –> [Service Applications] –> Manage service applications
  2.   Highlight the Managed Metadata Service that your web application is associated with. (Do not click on the link, just click somewhere else on that row to highlight it)
  3.   Click on Permissions button in the ribbon area.
  4.   Add the application pool account used by your web application and give it  ‘full Access to Term Store’
  5.   Click OK.
  http://expertsharepoint.blogspot.de/2014/08/managed-metadata-service-or-connection.html
  Anil Avula[MCP,MCSE,MCSA,MCTS,MCITP,MCSM] See Me At: http://expertsharepoint.blogspot.de/