Urgent: Jazz Server, WAS and LDAP (Active Directory) setting
Hi
I've got a Jazz server setup (RQM actually) and deployed on WAS 6.1 on
Windows 2003 Server. I've hooked up WAS to use Active directory as the
User Account Repository, and mapped the JAZZ* groups to AD groups.
Now I'm trying to get the Jazz Server to use those same settings and
gotten a bit lost:-) Here are my settings on WAS from the Secure
administration, applications, and infrastructure > Standalone LDAP
registry page:
Host: srvrfreddy
Port:389
BaseDN: DC=freddy,DC=com,DC=au
Bind DN:CN=Administrator,CN=Users,DC=freddy,DC=com,DC=au
and in the WAS Secure administration, applications, and infrastructure
Standalone LDAP registry > Advanced Lightweight Directory
Access Protocol (LDAP) user registry settings page, which it auto
filled in:
User filter : (&(sAMAccountName=%v)(objectcategory=user))
Group Filter : (&(cn=%v)(objectcategory=group))
User ID map : user:sAMAccountName
Group ID map: *:cn
Group member ID map : memberof:member
The connection works fine, I can login to the Jazz Web as an AD user.
Running https://localhost:9443/jazz/setup is fine until I get to the
Setup User Reqistry page. I've trie on two different servers (both
Win2K3 SP2) and get different results:
1. RQM/WAS installed locally on the Domain Controller:
LDAP connection was attempted with warnings. Resolve warnings or click
Next to continue.
Cannot connect to LDAP directory "ldap://localhost:389".
I've tried putting the IP address in, put ip/host in hosts etc.
2. RQM/WAS installed on a different server:
Testing the LDAP configuration resulted in errors. Please verify
settings and retest.
The group member property "memberof" is not present in the LDAP registry
With this I've tried "member", "memberof", "members".
Of course I can dsquery/dgset the admin user and the groups I have setup
in AD.
Now how do I map the above to the (somewhat confusing) Jazz settings
in
com.ibm.team.repository.service.internal.userregistry.ldap.LDAPUserRegistryProvider
(https://jazz.net/wiki/bin/view/Main/LDAP4Dummies didn't help much):
Base Group DN
Base User DN
Find Groups for User
Find Users by Any Name Query
Find Users by Name Query
Find Users by User Id Query
Group Member Property
Group Name Property
Jazz to LDAP Group Mapping
LDAP Registry Location
ldap://srvrfreddy:389
User Name
Administrator
User Property Names Mapping
Or is Jazz/RQm just not meant to work with MS AD?? And secondly, if I've
already setup all of the above in WAS why go through these again?
Thanks heaps for any help..
Freddy
I've got a Jazz server setup (RQM actually) and deployed on WAS 6.1 on
Windows 2003 Server. I've hooked up WAS to use Active directory as the
User Account Repository, and mapped the JAZZ* groups to AD groups.
Now I'm trying to get the Jazz Server to use those same settings and
gotten a bit lost:-) Here are my settings on WAS from the Secure
administration, applications, and infrastructure > Standalone LDAP
registry page:
Host: srvrfreddy
Port:389
BaseDN: DC=freddy,DC=com,DC=au
Bind DN:CN=Administrator,CN=Users,DC=freddy,DC=com,DC=au
and in the WAS Secure administration, applications, and infrastructure
Standalone LDAP registry > Advanced Lightweight Directory
Access Protocol (LDAP) user registry settings page, which it auto
filled in:
User filter : (&(sAMAccountName=%v)(objectcategory=user))
Group Filter : (&(cn=%v)(objectcategory=group))
User ID map : user:sAMAccountName
Group ID map: *:cn
Group member ID map : memberof:member
The connection works fine, I can login to the Jazz Web as an AD user.
Running https://localhost:9443/jazz/setup is fine until I get to the
Setup User Reqistry page. I've trie on two different servers (both
Win2K3 SP2) and get different results:
1. RQM/WAS installed locally on the Domain Controller:
LDAP connection was attempted with warnings. Resolve warnings or click
Next to continue.
Cannot connect to LDAP directory "ldap://localhost:389".
I've tried putting the IP address in, put ip/host in hosts etc.
2. RQM/WAS installed on a different server:
Testing the LDAP configuration resulted in errors. Please verify
settings and retest.
The group member property "memberof" is not present in the LDAP registry
With this I've tried "member", "memberof", "members".
Of course I can dsquery/dgset the admin user and the groups I have setup
in AD.
Now how do I map the above to the (somewhat confusing) Jazz settings
in
com.ibm.team.repository.service.internal.userregistry.ldap.LDAPUserRegistryProvider
(https://jazz.net/wiki/bin/view/Main/LDAP4Dummies didn't help much):
Base Group DN
Base User DN
Find Groups for User
Find Users by Any Name Query
Find Users by Name Query
Find Users by User Id Query
Group Member Property
Group Name Property
Jazz to LDAP Group Mapping
LDAP Registry Location
ldap://srvrfreddy:389
User Name
Administrator
User Property Names Mapping
Or is Jazz/RQm just not meant to work with MS AD?? And secondly, if I've
already setup all of the above in WAS why go through these again?
Thanks heaps for any help..
Freddy
One answer
Please take a look at
https://jazz.net/learn/LearnItem.jsp?href=content/tech-notes/jazz-team-server-1_0-user-management-in-tomcat/index.html and
https://jazz.net/learn/LearnItem.jsp?href=content/tech-notes/jazz-team-server-1_0-user-management-in-jazz/index.html
These are technotes for configuring Jazz on Jazz and Tomcat. For WAS, we have few more tech notes available at https://jazz.net/learn/tech-notes/
member property need to be mapped to the attribute used in LDAP directory to represent the members of a group.
The attribute depends on the scheme used by the LDAP directory. The usual values are
member or uniquemember or memberof
User Management in Jazz talks about the different LDAP properties in jazz.
--- Balaji
https://jazz.net/learn/LearnItem.jsp?href=content/tech-notes/jazz-team-server-1_0-user-management-in-tomcat/index.html and
https://jazz.net/learn/LearnItem.jsp?href=content/tech-notes/jazz-team-server-1_0-user-management-in-jazz/index.html
These are technotes for configuring Jazz on Jazz and Tomcat. For WAS, we have few more tech notes available at https://jazz.net/learn/tech-notes/
member property need to be mapped to the attribute used in LDAP directory to represent the members of a group.
The attribute depends on the scheme used by the LDAP directory. The usual values are
member or uniquemember or memberof
User Management in Jazz talks about the different LDAP properties in jazz.
--- Balaji
Hi
I've got a Jazz server setup (RQM actually) and deployed on WAS 6.1 on
Windows 2003 Server. I've hooked up WAS to use Active directory as the
User Account Repository, and mapped the JAZZ* groups to AD groups.
Now I'm trying to get the Jazz Server to use those same settings and
gotten a bit lost:-) Here are my settings on WAS from the Secure
administration, applications, and infrastructure > Standalone LDAP
registry page:
Host: srvrfreddy
Port:389
BaseDN: DC=freddy,DC=com,DC=au
Bind DN:CN=Administrator,CN=Users,DC=freddy,DC=com,DC=au
and in the WAS Secure administration, applications, and infrastructure
Standalone LDAP registry > Advanced Lightweight Directory
Access Protocol (LDAP) user registry settings page, which it auto
filled in:
User filter : (&(sAMAccountName=%v)(objectcategory=user))
Group Filter : (&(cn=%v)(objectcategory=group))
User ID map : user:sAMAccountName
Group ID map: *:cn
Group member ID map : memberof:member
The connection works fine, I can login to the Jazz Web as an AD user.
Running https://localhost:9443/jazz/setup is fine until I get to the
Setup User Reqistry page. I've trie on two different servers (both
Win2K3 SP2) and get different results:
1. RQM/WAS installed locally on the Domain Controller:
LDAP connection was attempted with warnings. Resolve warnings or click
Next to continue.
Cannot connect to LDAP directory "ldap://localhost:389".
I've tried putting the IP address in, put ip/host in hosts etc.
2. RQM/WAS installed on a different server:
Testing the LDAP configuration resulted in errors. Please verify
settings and retest.
The group member property "memberof" is not present in the LDAP registry
With this I've tried "member", "memberof", "members".
Of course I can dsquery/dgset the admin user and the groups I have setup
in AD.
Now how do I map the above to the (somewhat confusing) Jazz settings
in
com.ibm.team.repository.service.internal.userregistry.ldap.LDAPUserRegistryProvider
(https://jazz.net/wiki/bin/view/Main/LDAP4Dummies didn't help much):
Base Group DN
Base User DN
Find Groups for User
Find Users by Any Name Query
Find Users by Name Query
Find Users by User Id Query
Group Member Property
Group Name Property
Jazz to LDAP Group Mapping
LDAP Registry Location
ldap://srvrfreddy:389
User Name
Administrator
User Property Names Mapping
Or is Jazz/RQm just not meant to work with MS AD?? And secondly, if I've
already setup all of the above in WAS why go through these again?
Thanks heaps for any help..
Freddy