It's all about the answers!

Ask a question
QuestionsTagsUsersBadges
Guidelines | FAQ
Follow this question
Question details

×4,710
×88
×54
×11

question asked: Feb 04 '13, 3:09 p.m.
question was seen: 5,944 times
last updated: Feb 05 '13, 11:02 a.m.

Related questions

The ADMIN/ADMIN id mysteriously disappeared after LDAP setup in Jazz Team Server

0
Jack Goldstein (3658) | asked Feb 04 '13, 3:09 p.m.
Hi,

I configured LDAP integration with JTS and left the "disable ADMIN id" box unchecked so that the id would stay around.  However, after restarting the server, the ADMIN id does not show up in the list of ids on the JTS Users and this has created an urgent problem because it's the only id that works on one of the two applications that use the JTS.

There's a tech note at How to re-enable ADMIN default access to Jazz Team Server that describes changing a couple of config files but those config files were already correct so that didn't help.

There's another forum post that describes using the advanced properties page to change the directory type from LDAP to UNSUPPORTED, allowing changes to ids so I tried creating an ADMIN id but it said that the id already exists even though it's not visible in either the Active or Archive list of ids.

I'm running the following:
  • JTS v.3.0.1 on Tomcat
  • AppScan Enterprise Server 8.6.0.2 (currently working since my LDAP id exists there).
  • AppScan Source 8.6.0.2 (currently broken since ADMIN is only valid id).
Can anyone suggest a way to fix this?  It's having a serious impact on our organization.

Thanks,
Jack

2 answers

Most liked answers ↑|Newest answers|Oldest answers

1
permanent link
Jack Goldstein (3658) | answered Feb 04 '13, 7:39 p.m.
Benjamin worked offline with me on this and eventually figured out that I had to do two things:

1.  Switch the directory source back to Tomcat.

2.  In ...\JazzTeamServer\server\tomcat\conf\server.xml, uncomment this line:

    <Realm className="org.apache.catalina.realm.UserDatabaseRealm" digest="SHA-1" digestEncoding="UTF-8" resourceName="UserDatabase"/>

and comment out this line:

    <!--Realm className="org.apache.catalina.realm.JNDIRealm" connectionName="" connectionURL="ldap://bluepages.ibm.com:389" debug="99" roleBase="ou=memberList, ou=ibmgroups, o=ibm.com" roleName="cn" roleSearch="(uniquemember={0})" roleSubtree="true" userBase="ou=bluepages, o=ibm.com" userSearch="(preferredIdentity={0})" userSubtree="true"/-->
Comments
Bo Chulindra commented Feb 05 '13, 11:02 a.m.
JAZZ DEVELOPER

I converted this from a comment to an answer (since it is the right answer for the question) but some text was lost in the conversion. I opened the defect Converted a comment to an answer and some text was lost (79852).

I believe the text which was under "and comment out this line:" was something like

<Realm className="com.ibm.team.repository.localgroups.realm.LocalMappingJNDIRealm"
connectionURL="ldap://ldapserver.com:389" userBase="ou=users,dc=jazz,dc=net"
userSearch="(uid={0})"
userSubtree="true"
roleBase="ou=people,dc=xxx"
roleSubtree="false"
roleSearch="(memberNotAvailablexxx={0})"
roleName="cn"
/>

0
permanent link
Benjamin Silverman (4.1k610) | answered Feb 04 '13, 3:34 p.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER
Hi Jack,

After switching to LDAP, you should now be authenticating as an LDAP user who is mapped to the JazzAdmins repository role.  The ADMIN user exists in the Tomcat directory from the previous configuration which is why you no longer see it listed.  If you are not able to log in to an application as a user mapped to JazzAdmins, it sounds like the LDAP configuration is not complete for that application.  Which application are you unable to log in to and what error are you getting?
Comments
Jack Goldstein commented Feb 04 '13, 3:51 p.m.

Hi Benjamin,

Thanks for the quick response.

I guess that explains what's going on but I'm not sure how to fix it.  I am able to login to JTS and to the AppScan Enterprise application using my LDAP/JazzAdmins id but for the other application, I hadn't yet imported any LDAP id into it or done anything else so an attempt to login using ADMIN or any LDAP id now says "Unauthorized user, verify the credentials provided".

Your answer

Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.