Jazz Forum Welcome to the Jazz Community Forum Connect and collaborate with IBM Engineering experts and users

LDAP config with TDS - group member property

Having trouble on what I hope is the very last step of a Jazz+TDS config. Using RTC 1.0.1.

After filling in all fields in the ldap panel in setup, and working through the errors, we're down to just this one after hitting test connection:

Testing the LDAP configuration resulted in errors. Please verify settings and retest.
The group member property "member" is not present in the LDAP registry



I'm content that "member" is the membership attribute of our groups. Also its the same value that tomcat appears to be happy with (happy enough to let us this far into setup).

In a teamserver.properties for a bluepages config, I see the com.ibm.team.repository.ldap.findGroupsForUserQuery property available, but it doesn't seem to map to any of the input fields on the ldap setup screen. My teamserver.properties has not been saved yet - not sure how I might check and tweak that value, or if that's just a dead end.

Thanks for any help/suggestions!

0 votes



3 answers

Permanent link
Hi Jeff

I had exactly the same prolem albeit with WAS and LDAP on MS AD. See
https://jazz.net/forums/viewtopic.php?t=2980.

In my case it turned out that the group (JAZZUsers) was empty and
therefore the LDAP lookup had no "member" property - a very close look
at the output of "dsquery * "<yourgroupDN>" -attr *" showed that.
Adding a user to the group fixed that and all is good.

HTH
Freddy

jeffo wrote:
Having trouble on what I hope is the very last step of a Jazz+TDS
config. Using RTC 1.0.1.

After filling in all fields in the ldap panel in setup, and working
through the errors, we're down to just this one after hitting test
connection:

Testing the LDAP configuration resulted in errors. Please verify
settings and retest.
The group member property "member" is not present in the
LDAP registry


I'm content that "member" is the membership attribute of our
groups. Also its the same value that tomcat appears to be happy with
(happy enough to let us this far into setup).

In a teamserver.properties for a bluepages config, I see the
com.ibm.team.repository.ldap.findGroupsForUserQuery property
available, but it doesn't seem to map to any of the input fields on
the ldap setup screen. My teamserver.properties has not been saved
yet - not sure how I might check and tweak that value, or if that's
just a dead end.

Thanks for any help/suggestions!

0 votes


Permanent link
Oh and I forgot: Note that Jazz seems fussy about what you put in the
"Base Group DN" property - I had to set it to
"CN=JAZZUsers,OU=Blah1,OU=blah2,DC=somedc,DC=somedc2" ie. *exactly* the
group the users are in. One level below
("OU=Blah1,OU=blah2,DC=somedc,DC=somedc2") doesn't work. Don't know if
that's a bug - WAS accepts it fine.

Freddy


Freddy wrote:

Hi Jeff

I had exactly the same prolem albeit with WAS and LDAP on MS AD. See
https://jazz.net/forums/viewtopic.php?t=2980.

In my case it turned out that the group (JAZZUsers) was empty and
therefore the LDAP lookup had no "member" property - a very close look
at the output of "dsquery * "<yourgroupDN>" -attr *" showed that.
Adding a user to the group fixed that and all is good.

HTH
Freddy

0 votes


Permanent link
Provided a patch to Jeff.

Our LDAP validator looks for a non-null group member and name attribute values. There was a group with a null member and it so happened to be first result of a query.

The fix is to look for 5 results from the query. If none of them contain a non-null member / name attribute value, validator does not display an error.

-- Balaji

Oh and I forgot: Note that Jazz seems fussy about what you put in the
"Base Group DN" property - I had to set it to
"CN=JAZZUsers,OU=Blah1,OU=blah2,DC=somedc,DC=somedc2" ie. *exactly* the
group the users are in. One level below
("OU=Blah1,OU=blah2,DC=somedc,DC=somedc2") doesn't work. Don't know if
that's a bug - WAS accepts it fine.

Freddy


Freddy wrote:

Hi Jeff

I had exactly the same prolem albeit with WAS and LDAP on MS AD. See
https://jazz.net/forums/viewtopic.php?t=2980.

In my case it turned out that the group (JAZZUsers) was empty and
therefore the LDAP lookup had no "member" property - a very close look
at the output of "dsquery * "<yourgroupDN>" -attr *" showed that.
Adding a user to the group fixed that and all is good.

HTH
Freddy

0 votes

Your answer

Register or log in to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.

Search context
Follow this question

By Email: 

Once you sign in you will be able to subscribe for any updates here.

By RSS:

Answers
Answers and Comments
Question details

Question asked: Dec 08 '08, 2:07 p.m.

Question was seen: 6,235 times

Last updated: Dec 08 '08, 2:07 p.m.

Confirmation Cancel Confirm