LDAP Group mapping
CLM defines 5 groups (JazzAdmins,JazzProjectAdmins,JazzDWAdmins,JazzUsers,JazzGuests) and we need to map these groups to groups in LDAP.
http://pic.dhe.ibm.com/infocenter/clmhelp/v4r0m3/topic/com.ibm.jazz.install.doc/topics/t_deploy_was.html
If I decided not to use "JazzGuests" group, how should I map this? Is it ok to set blank for mapped group?
Same situation goes for the settings in setup wizard, where I should set ldap group mapping.
Thank you in advance.
http://pic.dhe.ibm.com/infocenter/clmhelp/v4r0m3/topic/com.ibm.jazz.install.doc/topics/t_deploy_was.html
If I decided not to use "JazzGuests" group, how should I map this? Is it ok to set blank for mapped group?
Same situation goes for the settings in setup wizard, where I should set ldap group mapping.
Thank you in advance.
Accepted answer
Hi Yohko,
Instead of mapping JazzGuests to a blank value, it would be better to map it to a real group with no members, and then lock down that group in LDAP if you don't want to give anyone the read-only role. That way you'll avoid unnecessary noise in the logs for an unresolved mapping.
The following page has some sample syntax, but of course your LDAP will be different:
http://pic.dhe.ibm.com/infocenter/rtcihelp/v1r0m0/topic/com.ibm.teami.troubleshoot.doc/topics/t_ldapconfig_trouble_rtci.html (that's from RTCi documentation, but the LDAP setup is the same).
I hope that helps,
John
Instead of mapping JazzGuests to a blank value, it would be better to map it to a real group with no members, and then lock down that group in LDAP if you don't want to give anyone the read-only role. That way you'll avoid unnecessary noise in the logs for an unresolved mapping.
The following page has some sample syntax, but of course your LDAP will be different:
http://pic.dhe.ibm.com/infocenter/rtcihelp/v1r0m0/topic/com.ibm.teami.troubleshoot.doc/topics/t_ldapconfig_trouble_rtci.html (that's from RTCi documentation, but the LDAP setup is the same).
I hope that helps,
John
One other answer
Hi Yohko,
we had similar preconditions and we solved it that way that our JazzUsers and JazzGuests groups are mapped to the same group within our LDAP system.
I agree with John that everything is better then a blank value and for that I suppose using the same group for Guests and Users.
Hope this helps,
Simon
we had similar preconditions and we solved it that way that our JazzUsers and JazzGuests groups are mapped to the same group within our LDAP system.
I agree with John that everything is better then a blank value and for that I suppose using the same group for Guests and Users.
Hope this helps,
Simon
Comments
Thank you for the idea.
In this case, let's say I map JazzUsers and JazzGuests to Group1 in LDAP.
Members in Group1 have 2 types(JazzUsers and JazzGuests) of repository access?
yes, but as JazzUsers have more permissions than JazzGuests it doesn't matter.
Permissions of JazzGuests are included in JazzUsers.
1 vote