It's all about the answers!

Ask a question

LDAP config with TDS - group member property


jeff oestreich (1061148) | asked Dec 08 '08, 2:07 p.m.
Having trouble on what I hope is the very last step of a Jazz+TDS config. Using RTC 1.0.1.

After filling in all fields in the ldap panel in setup, and working through the errors, we're down to just this one after hitting test connection:

Testing the LDAP configuration resulted in errors. Please verify settings and retest.
The group member property "member" is not present in the LDAP registry



I'm content that "member" is the membership attribute of our groups. Also its the same value that tomcat appears to be happy with (happy enough to let us this far into setup).

In a teamserver.properties for a bluepages config, I see the com.ibm.team.repository.ldap.findGroupsForUserQuery property available, but it doesn't seem to map to any of the input fields on the ldap setup screen. My teamserver.properties has not been saved yet - not sure how I might check and tweak that value, or if that's just a dead end.

Thanks for any help/suggestions!

3 answers



permanent link
Balaji Krish (1.8k12) | answered Dec 09 '08, 12:46 p.m.
JAZZ DEVELOPER
Provided a patch to Jeff.

Our LDAP validator looks for a non-null group member and name attribute values. There was a group with a null member and it so happened to be first result of a query.

The fix is to look for 5 results from the query. If none of them contain a non-null member / name attribute value, validator does not display an error.

-- Balaji

Oh and I forgot: Note that Jazz seems fussy about what you put in the
"Base Group DN" property - I had to set it to
"CN=JAZZUsers,OU=Blah1,OU=blah2,DC=somedc,DC=somedc2" ie. *exactly* the
group the users are in. One level below
("OU=Blah1,OU=blah2,DC=somedc,DC=somedc2") doesn't work. Don't know if
that's a bug - WAS accepts it fine.

Freddy


Freddy wrote:

Hi Jeff

I had exactly the same prolem albeit with WAS and LDAP on MS AD. See
https://jazz.net/forums/viewtopic.php?t=2980.

In my case it turned out that the group (JAZZUsers) was empty and
therefore the LDAP lookup had no "member" property - a very close look
at the output of "dsquery * "<yourgroupDN>" -attr *" showed that.
Adding a user to the group fixed that and all is good.

HTH
Freddy

permanent link
Sudhakar Frederick (80113631) | answered Dec 08 '08, 10:58 p.m.
JAZZ DEVELOPER
Oh and I forgot: Note that Jazz seems fussy about what you put in the
"Base Group DN" property - I had to set it to
"CN=JAZZUsers,OU=Blah1,OU=blah2,DC=somedc,DC=somedc2" ie. *exactly* the
group the users are in. One level below
("OU=Blah1,OU=blah2,DC=somedc,DC=somedc2") doesn't work. Don't know if
that's a bug - WAS accepts it fine.

Freddy


Freddy wrote:

Hi Jeff

I had exactly the same prolem albeit with WAS and LDAP on MS AD. See
https://jazz.net/forums/viewtopic.php?t=2980.

In my case it turned out that the group (JAZZUsers) was empty and
therefore the LDAP lookup had no "member" property - a very close look
at the output of "dsquery * "<yourgroupDN>" -attr *" showed that.
Adding a user to the group fixed that and all is good.

HTH
Freddy

permanent link
Sudhakar Frederick (80113631) | answered Dec 08 '08, 10:38 p.m.
JAZZ DEVELOPER
Hi Jeff

I had exactly the same prolem albeit with WAS and LDAP on MS AD. See
https://jazz.net/forums/viewtopic.php?t=2980.

In my case it turned out that the group (JAZZUsers) was empty and
therefore the LDAP lookup had no "member" property - a very close look
at the output of "dsquery * "<yourgroupDN>" -attr *" showed that.
Adding a user to the group fixed that and all is good.

HTH
Freddy

jeffo wrote:
Having trouble on what I hope is the very last step of a Jazz+TDS
config. Using RTC 1.0.1.

After filling in all fields in the ldap panel in setup, and working
through the errors, we're down to just this one after hitting test
connection:

Testing the LDAP configuration resulted in errors. Please verify
settings and retest.
The group member property "member" is not present in the
LDAP registry


I'm content that "member" is the membership attribute of our
groups. Also its the same value that tomcat appears to be happy with
(happy enough to let us this far into setup).

In a teamserver.properties for a bluepages config, I see the
com.ibm.team.repository.ldap.findGroupsForUserQuery property
available, but it doesn't seem to map to any of the input fields on
the ldap setup screen. My teamserver.properties has not been saved
yet - not sure how I might check and tweak that value, or if that's
just a dead end.

Thanks for any help/suggestions!

Your answer


Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.