It's all about the answers!

Ask a question

LDAP Group mapping


Yohko Tanaka (10523139) | asked Oct 25 '13, 12:40 a.m.
CLM defines 5 groups (JazzAdmins,JazzProjectAdmins,JazzDWAdmins,JazzUsers,JazzGuests) and we need to map these groups to groups in LDAP.
http://pic.dhe.ibm.com/infocenter/clmhelp/v4r0m3/topic/com.ibm.jazz.install.doc/topics/t_deploy_was.html

If I decided not to use "JazzGuests" group, how should I map this? Is it ok to set blank for mapped group?

Same situation goes for the settings in setup wizard, where I should set ldap group mapping.

Thank you in advance.

Accepted answer


permanent link
John Carolan (71616) | answered Oct 25 '13, 5:56 a.m.
Hi Yohko,

Instead of mapping JazzGuests to a blank value, it would be better to map it to a real group with no members, and then lock down that group in LDAP if you don't want to give anyone the read-only role.  That way you'll avoid unnecessary noise in the logs for an unresolved mapping.

The following page has some sample syntax, but of course your LDAP will be different:
http://pic.dhe.ibm.com/infocenter/rtcihelp/v1r0m0/topic/com.ibm.teami.troubleshoot.doc/topics/t_ldapconfig_trouble_rtci.html  (that's from RTCi documentation, but the LDAP setup is the same).

I hope that helps,

John
Yohko Tanaka selected this answer as the correct answer

Comments
Yohko Tanaka commented Oct 25 '13, 11:46 a.m.

Thank you, this is a good idea.

One other answer



permanent link
Simon Eickel (1.1k75457) | answered Oct 25 '13, 8:04 a.m.
Hi Yohko,

we had similar preconditions and we solved it that way that our JazzUsers and JazzGuests groups are mapped to the same group within our LDAP system.

I agree with John that everything is better then a blank value and for that I suppose using the same group for Guests and Users.

Hope this helps,
Simon

Comments
Yohko Tanaka commented Oct 25 '13, 11:49 a.m.

Thank you for the idea.
In this case, let's say I map JazzUsers and JazzGuests to Group1 in LDAP.
Members in Group1 have 2 types(JazzUsers and JazzGuests) of repository access?


1
Simon Eickel commented Oct 28 '13, 2:37 a.m.

yes, but as JazzUsers have more permissions than JazzGuests it doesn't matter.
Permissions of JazzGuests are included in JazzUsers.

Your answer


Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.