LDAP integration issues
I've just integrated our RTC server with our corporate Active Directory server. Base functionality is working fine, but I have a couple of issues that I need to resolve before rolling out to our production server:
1. User Property Names Mapping for email address. How is this verifying emailAddress property? I set: userId=sAMAccountName,name=displayName,emailAddress=mail and at least my user account in ldap has a 'mail' attribute. But it complains The e-mail address property "mail" is not present in the LDAP registry I put in another attribute (emailAddress=sAMAccountName) to get beyond this point, but obviously emails will not be imported correctly. 2. user display name. our ldap doesn't have a 'firstName lastName' attribute, it has a 'lastName, firstName' attribute, and separate firstName and lastName attributes. I'd prefer to use the 'firstName lastName' so user search, etc work as expected. Possible to map name to "firstName + ' ' + lastName"? Or other recommendations? Thanks! |
7 answers
Hey Jason, Here's the link to the LDAP sync doc: http://publib.boulder.ibm.com/infocenter/rtc/v1r0m1/index.jsp?topic=/com.ibm.team.repository.web.admin.doc/topics/cldapsynctask.html Hope this helps. Scott Rich IBM Jazz Team |
@rschoon: thanks, but not an option for us... corporate ldap wouldn't allow us to add attributes. we'll be fine for now with our displayName attribute.
@Balaji: One more question, if you don't mind. Do I need to import ALL users that will access RTC. I was working under impression that users with jazzGuest ("All Employees" ldap group/tomcat role in my case) and no client access license could access the web interface with read-only permissions. Tried with one user and he was able to authenticate and get past tomcat authorization, but was then told by jazz that he didn't belong to appropriate group. Imported him, no client license assigned, and then he was able to see read-only. We have potentially hundreds (thousands?) of users that may access RTC, as this will be linked from some of our other systems. Importing our entire LDAP user base doesn't seem a palatable option. Any option to allow authenticated, but non-repo imported users to have read-only access? Warning in logs: WARN com.ibm.team.repository.servlet.TeamServerServlet - CRJAZ1183I Authenticated user "XXXX" does not exist in the repository. The user may need to be imported into the repository. Note that login is case-sensitive. |
Jason,
You are right. There are no ill-effects of importing using last name, first name. User search is backwards (beign with a space to search by first name..) --- Balaji Update on issue 1: Upgrading to 1.0.1.1 made the email=mail a warning, allowing me to save that configuration. Imported a couple of users and the email came through as I'd expect. |
Ralph Schoon (63.1k●3●36●46)
| answered Mar 03 '09, 2:41 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER
Hello jasonkissinger,
a customer of mine hat similar issues due to the fact that contractors have very lonk names in their Active directory. One approach that seems feasible and worked for them was to create an additional field, fill that with the name to display and use it instead. Ralph Thanks Balaji. |
Update on issue 1: Upgrading to 1.0.1.1 made the email=mail a warning, allowing me to save that configuration. Imported a couple of users and the email came through as I'd expect.
Question on issue 2: Can you think of any ill effects to importing users as lastName, firstName (location)? ie: "Kissinger, Jason (STP)". All I can think is hint on user search ("begin with a space to search by last name") is backwards. |
Thanks Balaji.
1. I'll try 1.0.1.1 this evening 2. opened Enhancement 73015: https://jazz.net/jazz/web/projects/Rational%20Team%20Concert#action=com.ibm.team.workitem.viewWorkItem&id=73015 Jason, I've just integrated our RTC server with our corporate Active Directory server. Base functionality is working fine, but I have a couple of issues that I need to resolve before rolling out to our production server: |
Jason,
>> 1 What version of the Jazz server are you using ? We had few issues with Active directory server. Can you try with 1.0.1.1 server. (1.0.1.1 server was released on 2/27/2009) >>2 It is not possible. We don't have a mechanism to map a single attribute to multiple attributes in LDAP. Please open a enhancement request. --- Balaji Jazz Server Team I've just integrated our RTC server with our corporate Active Directory server. Base functionality is working fine, but I have a couple of issues that I need to resolve before rolling out to our production server: |
Your answer
Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.