It's all about the answers!

Ask a question

Problem fetching user roles: CRJAZ0737I More than one user with the id ... is present in the external user directory.ID CRJAZ1527E

Faaris Alvarez (1111) | asked May 21 '13, 11:47 a.m.
 Would like to know what Jazz LDAP is using for "user id".   We thought we resolved the duplicate issue with Display Names using a Notes Server for LDAP Purposes.  What configurations need to be updated (Jazz Side, Notes LDAP side). 

Faaris Alvarez commented May 21 '13, 1:46 p.m. | edited May 21 '13, 4:03 p.m.

 Reaching out to my LDAP Administrator for assistance.  Our LDAP is based on IBM Lotus Notes environment.  Will update our modifications.

Bo Chulindra commented May 21 '13, 4:07 p.m. | edited May 21 '13, 4:08 p.m.

I think the error may be possible if your JTS has case-insensitive user ID set to true but your LDAP is case-sensitive. For example, if the users foo and FOO are in your LDAP and JTS is doing case-insensitive matching, then both will return in the result when searching for foo.

However, the JTS by default is case-sensitive, so some admin would have had to have changed it which seems unlikely.

2 answers

permanent link
Josh Crawford (984615) | answered May 21 '13, 12:48 p.m.
 Hi Faaris,  you can determine this in the JTS/admin advanced properties page.  The following property tracks that:

Another interesting test would be to see if that user can view his OWN roles, but not others.  

permanent link
Indradri Basu (1.8k1514) | answered May 21 '13, 12:55 p.m.
During setup or in https://<yourserver>:<port>/jts/admin->Advance Properties, you will find the "User Property Names Mapping" which needs to be configured in such a way that it returns a unique value when the LDAP is queried.

For example:
userId=uid,name=cn,emailAddress=mail, here uid,cn and mail are your LDAP server attributes, none of  which should be null and collectively produces an unique user definition. This also matters on how your LDAP is setup as most of the organizations create their own custom attributes. Your LDAP administrators should be able to help you much better on this.

Your answer

Register or to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.