LDAP config with TDS - group member property
Having trouble on what I hope is the very last step of a Jazz+TDS config. Using RTC 1.0.1.
After filling in all fields in the ldap panel in setup, and working through the errors, we're down to just this one after hitting test connection:
I'm content that "member" is the membership attribute of our groups. Also its the same value that tomcat appears to be happy with (happy enough to let us this far into setup).
In a teamserver.properties for a bluepages config, I see the com.ibm.team.repository.ldap.findGroupsForUserQuery property available, but it doesn't seem to map to any of the input fields on the ldap setup screen. My teamserver.properties has not been saved yet - not sure how I might check and tweak that value, or if that's just a dead end.
Thanks for any help/suggestions!
After filling in all fields in the ldap panel in setup, and working through the errors, we're down to just this one after hitting test connection:
Testing the LDAP configuration resulted in errors. Please verify settings and retest.
The group member property "member" is not present in the LDAP registry
I'm content that "member" is the membership attribute of our groups. Also its the same value that tomcat appears to be happy with (happy enough to let us this far into setup).
In a teamserver.properties for a bluepages config, I see the com.ibm.team.repository.ldap.findGroupsForUserQuery property available, but it doesn't seem to map to any of the input fields on the ldap setup screen. My teamserver.properties has not been saved yet - not sure how I might check and tweak that value, or if that's just a dead end.
Thanks for any help/suggestions!
3 answers
Hi Jeff
I had exactly the same prolem albeit with WAS and LDAP on MS AD. See
https://jazz.net/forums/viewtopic.php?t=2980.
In my case it turned out that the group (JAZZUsers) was empty and
therefore the LDAP lookup had no "member" property - a very close look
at the output of "dsquery * "<yourgroupDN>" -attr *" showed that.
Adding a user to the group fixed that and all is good.
HTH
Freddy
jeffo wrote:
I had exactly the same prolem albeit with WAS and LDAP on MS AD. See
https://jazz.net/forums/viewtopic.php?t=2980.
In my case it turned out that the group (JAZZUsers) was empty and
therefore the LDAP lookup had no "member" property - a very close look
at the output of "dsquery * "<yourgroupDN>" -attr *" showed that.
Adding a user to the group fixed that and all is good.
HTH
Freddy
jeffo wrote:
Having trouble on what I hope is the very last step of a Jazz+TDS
config. Using RTC 1.0.1.
After filling in all fields in the ldap panel in setup, and working
through the errors, we're down to just this one after hitting test
connection:
Testing the LDAP configuration resulted in errors. Please verify
settings and retest.
The group member property "member" is not present in the
LDAP registry
I'm content that "member" is the membership attribute of our
groups. Also its the same value that tomcat appears to be happy with
(happy enough to let us this far into setup).
In a teamserver.properties for a bluepages config, I see the
com.ibm.team.repository.ldap.findGroupsForUserQuery property
available, but it doesn't seem to map to any of the input fields on
the ldap setup screen. My teamserver.properties has not been saved
yet - not sure how I might check and tweak that value, or if that's
just a dead end.
Thanks for any help/suggestions!
Oh and I forgot: Note that Jazz seems fussy about what you put in the
"Base Group DN" property - I had to set it to
"CN=JAZZUsers,OU=Blah1,OU=blah2,DC=somedc,DC=somedc2" ie. *exactly* the
group the users are in. One level below
("OU=Blah1,OU=blah2,DC=somedc,DC=somedc2") doesn't work. Don't know if
that's a bug - WAS accepts it fine.
Freddy
Freddy wrote:
"Base Group DN" property - I had to set it to
"CN=JAZZUsers,OU=Blah1,OU=blah2,DC=somedc,DC=somedc2" ie. *exactly* the
group the users are in. One level below
("OU=Blah1,OU=blah2,DC=somedc,DC=somedc2") doesn't work. Don't know if
that's a bug - WAS accepts it fine.
Freddy
Freddy wrote:
Hi Jeff
I had exactly the same prolem albeit with WAS and LDAP on MS AD. See
https://jazz.net/forums/viewtopic.php?t=2980.
In my case it turned out that the group (JAZZUsers) was empty and
therefore the LDAP lookup had no "member" property - a very close look
at the output of "dsquery * "<yourgroupDN>" -attr *" showed that.
Adding a user to the group fixed that and all is good.
HTH
Freddy
Provided a patch to Jeff.
Our LDAP validator looks for a non-null group member and name attribute values. There was a group with a null member and it so happened to be first result of a query.
The fix is to look for 5 results from the query. If none of them contain a non-null member / name attribute value, validator does not display an error.
-- Balaji
Our LDAP validator looks for a non-null group member and name attribute values. There was a group with a null member and it so happened to be first result of a query.
The fix is to look for 5 results from the query. If none of them contain a non-null member / name attribute value, validator does not display an error.
-- Balaji
Oh and I forgot: Note that Jazz seems fussy about what you put in the
"Base Group DN" property - I had to set it to
"CN=JAZZUsers,OU=Blah1,OU=blah2,DC=somedc,DC=somedc2" ie. *exactly* the
group the users are in. One level below
("OU=Blah1,OU=blah2,DC=somedc,DC=somedc2") doesn't work. Don't know if
that's a bug - WAS accepts it fine.
Freddy
Freddy wrote:
Hi Jeff
I had exactly the same prolem albeit with WAS and LDAP on MS AD. See
https://jazz.net/forums/viewtopic.php?t=2980.
In my case it turned out that the group (JAZZUsers) was empty and
therefore the LDAP lookup had no "member" property - a very close look
at the output of "dsquery * "<yourgroupDN>" -attr *" showed that.
Adding a user to the group fixed that and all is good.
HTH
Freddy