The ADMIN/ADMIN id mysteriously disappeared after LDAP setup in Jazz Team Server
I configured LDAP integration with JTS and left the "disable ADMIN id" box unchecked so that the id would stay around. However, after restarting the server, the ADMIN id does not show up in the list of ids on the JTS Users and this has created an urgent problem because it's the only id that works on one of the two applications that use the JTS.
There's a tech note at How to re-enable ADMIN default access to Jazz Team Server that describes changing a couple of config files but those config files were already correct so that didn't help.
There's another forum post that describes using the advanced properties page to change the directory type from LDAP to UNSUPPORTED, allowing changes to ids so I tried creating an ADMIN id but it said that the id already exists even though it's not visible in either the Active or Archive list of ids.
I'm running the following:
- JTS v.3.0.1 on Tomcat
- AppScan Enterprise Server 8.6.0.2 (currently working since my LDAP id exists there).
- AppScan Source 8.6.0.2 (currently broken since ADMIN is only valid id).
Thanks,
Jack
2 answers
1. Switch the directory source back to Tomcat.
2. In ...\JazzTeamServer\server\tomcat\conf\server.xml, uncomment this line:
<Realm className="org.apache.catalina.realm.UserDatabaseRealm" digest="SHA-1" digestEncoding="UTF-8" resourceName="UserDatabase"/>
and comment out this line:
<!--Realm className="org.apache.catalina.realm.JNDIRealm" connectionName="" connectionURL="ldap://bluepages.ibm.com:389" debug="99" roleBase="ou=memberList, ou=ibmgroups, o=ibm.com" roleName="cn" roleSearch="(uniquemember={0})" roleSubtree="true" userBase="ou=bluepages, o=ibm.com" userSearch="(preferredIdentity={0})" userSubtree="true"/-->
Comments
I converted this from a comment to an answer (since it is the right answer for the question) but some text was lost in the conversion. I opened the defect Converted a comment to an answer and some text was lost (79852).
I believe the text which was under "and comment out this line:" was something like
<Realm className="com.ibm.team.repository.localgroups.realm.LocalMappingJNDIRealm"
connectionURL="ldap://ldapserver.com:389" userBase="ou=users,dc=jazz,dc=net"
userSearch="(uid={0})"
userSubtree="true"
roleBase="ou=people,dc=xxx"
roleSubtree="false"
roleSearch="(memberNotAvailablexxx={0})"
roleName="cn"
/>
After switching to LDAP, you should now be authenticating as an LDAP user who is mapped to the JazzAdmins repository role. The ADMIN user exists in the Tomcat directory from the previous configuration which is why you no longer see it listed. If you are not able to log in to an application as a user mapped to JazzAdmins, it sounds like the LDAP configuration is not complete for that application. Which application are you unable to log in to and what error are you getting?
Comments
Hi Benjamin,
Thanks for the quick response.
I guess that explains what's going on but I'm not sure how to fix it. I am able to login to JTS and to the AppScan Enterprise application using my LDAP/JazzAdmins id but for the other application, I hadn't yet imported any LDAP id into it or done anything else so an attempt to login using ADMIN or any LDAP id now says "Unauthorized user, verify the credentials provided".