It's all about the answers!

Ask a question

LDAP Group mapping

Yohko Tanaka (10522535) | asked Oct 25 '13, 12:40 a.m.
CLM defines 5 groups (JazzAdmins,JazzProjectAdmins,JazzDWAdmins,JazzUsers,JazzGuests) and we need to map these groups to groups in LDAP.

If I decided not to use "JazzGuests" group, how should I map this? Is it ok to set blank for mapped group?

Same situation goes for the settings in setup wizard, where I should set ldap group mapping.

Thank you in advance.

Accepted answer

permanent link
John Carolan (71616) | answered Oct 25 '13, 5:56 a.m.
Hi Yohko,

Instead of mapping JazzGuests to a blank value, it would be better to map it to a real group with no members, and then lock down that group in LDAP if you don't want to give anyone the read-only role.  That way you'll avoid unnecessary noise in the logs for an unresolved mapping.

The following page has some sample syntax, but of course your LDAP will be different:  (that's from RTCi documentation, but the LDAP setup is the same).

I hope that helps,

Yohko Tanaka selected this answer as the correct answer

Yohko Tanaka commented Oct 25 '13, 11:46 a.m.

Thank you, this is a good idea.

One other answer

permanent link
Simon Eickel (1.1k65257) | answered Oct 25 '13, 8:04 a.m.
Hi Yohko,

we had similar preconditions and we solved it that way that our JazzUsers and JazzGuests groups are mapped to the same group within our LDAP system.

I agree with John that everything is better then a blank value and for that I suppose using the same group for Guests and Users.

Hope this helps,

Yohko Tanaka commented Oct 25 '13, 11:49 a.m.

Thank you for the idea.
In this case, let's say I map JazzUsers and JazzGuests to Group1 in LDAP.
Members in Group1 have 2 types(JazzUsers and JazzGuests) of repository access?

Simon Eickel commented Oct 28 '13, 2:37 a.m.

yes, but as JazzUsers have more permissions than JazzGuests it doesn't matter.
Permissions of JazzGuests are included in JazzUsers.

Your answer

Register or to post your answer.