It's all about the answers!

Ask a question

LDAP authentication with Windows Active Directory


Alexander Shmugliakov (11) | asked Mar 04 '09, 5:44 a.m.
I'm trying to set up a Jazz server (1.0.1.1) to authenticate users against Windows AD. What I have done is as follows (according to https://jazz.net/wiki/bin/view/Main/LDAP4Dummies article):
    Logged in with ADMIN/ADMIN
    Selected "Tomcat User Database" as a type of registry
    Set up my own user with the same ID and password I have in AD
    Configured the server for LDAP usage
    Shut down the server
    Configured the Web container for LDAP
    Restarted the server
    Opened the page https://...:9443/jazz/setup and logged in with the ID/password I set in p3


The server lets me in, but I'm getting the message:
The user shmuglak is not authorized to access the Jazz Team Server Admin UI

although my user ID appears in the JazzAdmins group in the AD.

Here're the ldap-related settings from my teamserver.properties file:

com.ibm.team.repository.ldap.findUsersByAnyNameQuery=(| (name\=* ?1*) (name\=*_?1*))

com.ibm.team.repository.ldap.findUsersByUserIdQuery=sAMAccountName\=?1
com.ibm.team.repository.ldap.baseGroupDN=OU\=Jazz,OU\=Test,DC\=haifa,DC\=ibm,DC\=com
com.ibm.team.repository.ldap.findUsersByNameQuery=name\=?1*
com.ibm.team.repository.ldap.membersOfGroup=member
com.ibm.team.repository.ldap.userAttributesMapping=userId\=sAMAccountName,name\=name,emailAddress\=mail
com.ibm.team.repository.ldap.registryLocation=ldap\://haifa.ibm.com\:389
com.ibm.team.repository.ldap.registryPassword=[xxxxxxxxxxx]
com.ibm.team.repository.ldap.baseUserDN=OU\=IL-Users,DC\=haifa,DC\=ibm,DC\=com
com.ibm.team.repository.ldap.registryUserName=xxxxxxxxxxx
com.ibm.team.repository.ldap.groupMapping=JazzAdmins=JazzAdmins,JazzUsers=JazzUsers,JazzDWAdmins=JazzDWAdmins,JazzGuests=JazzGuests
com.ibm.team.repository.ldap.groupNameAttribute=cn
com.ibm.team.repository.ldap.findGroupsForUserQuery=member={USER-DN}


It seems that my membership in the JazzAdmins group is not recognized. Any help is greatly appreciated.

One answer



permanent link
Balaji Krish (1.8k12) | answered Mar 04 '09, 5:24 p.m.
JAZZ DEVELOPER
looks like according to your container (WAS / tomcat) the user id is not part of the Admin group.

please double the attributes used by ur container LDAP configuration.

--- Balaji

I'm trying to set up a Jazz server (1.0.1.1) to authenticate users against Windows AD. What I have done is as follows (according to https://jazz.net/wiki/bin/view/Main/LDAP4Dummies article):
    Logged in with ADMIN/ADMIN
    Selected "Tomcat User Database" as a type of registry
    Set up my own user with the same ID and password I have in AD
    Configured the server for LDAP usage
    Shut down the server
    Configured the Web container for LDAP
    Restarted the server
    Opened the page https://...:9443/jazz/setup and logged in with the ID/password I set in p3


The server lets me in, but I'm getting the message:
The user shmuglak is not authorized to access the Jazz Team Server Admin UI

although my user ID appears in the JazzAdmins group in the AD.

Here're the ldap-related settings from my teamserver.properties file:

com.ibm.team.repository.ldap.findUsersByAnyNameQuery=(| (name\=* ?1*) (name\=*_?1*))

com.ibm.team.repository.ldap.findUsersByUserIdQuery=sAMAccountName\=?1
com.ibm.team.repository.ldap.baseGroupDN=OU\=Jazz,OU\=Test,DC\=haifa,DC\=ibm,DC\=com
com.ibm.team.repository.ldap.findUsersByNameQuery=name\=?1*
com.ibm.team.repository.ldap.membersOfGroup=member
com.ibm.team.repository.ldap.userAttributesMapping=userId\=sAMAccountName,name\=name,emailAddress\=mail
com.ibm.team.repository.ldap.registryLocation=ldap\://haifa.ibm.com\:389
com.ibm.team.repository.ldap.registryPassword=[xxxxxxxxxxx]
com.ibm.team.repository.ldap.baseUserDN=OU\=IL-Users,DC\=haifa,DC\=ibm,DC\=com
com.ibm.team.repository.ldap.registryUserName=xxxxxxxxxxx
com.ibm.team.repository.ldap.groupMapping=JazzAdmins=JazzAdmins,JazzUsers=JazzUsers,JazzDWAdmins=JazzDWAdmins,JazzGuests=JazzGuests
com.ibm.team.repository.ldap.groupNameAttribute=cn
com.ibm.team.repository.ldap.findGroupsForUserQuery=member={USER-DN}


It seems that my membership in the JazzAdmins group is not recognized. Any help is greatly appreciated.

Your answer


Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.