It's all about the answers!

Ask a question

exportUsers command results missing "group" column


Yohko Tanaka (10523139) | asked Jan 09 '14, 11:35 p.m.
edited Jan 09 '14, 11:35 p.m.
Hi,

I have a problem about repotools exportUsers command.
I executed the command at my customer's environment and found that "groups" column was blank for some users.
(It seems that users of specific 2 groups.)

Environment : CLM 4.0.3, Windows 2008 R2, IHS/WAS 8.5.0.2, Oracle 11g, Active Directory

Does anyone have the same situation?
It would be great if anybody tell me where to look at.

Thank you in advance.

2 answers



permanent link
Yohko Tanaka (10523139) | answered Jan 13 '14, 11:02 p.m.
Hi, Thank you for the comment.

I do map multiple LDAP groups to Jazz Roles like below.(Names of groups are sample.)

JazzAdmins=Admin C;Admin A;Admin B, JazzUsers=User A;User B;User C, JazzDWAdmins=AdminD, JazzProjectAdmins=AdminD, JazzGuests=User A;User B;User C

It seems that exported data of users of Admin A/Admin B are missing.
Also, Admin B group is sub group of Admin A.

Could you elaborate on the meaning of "to see if one of the multiple groups seems to be the 'primary'." ?


Comments
Kevin Ramer commented Jan 14 '14, 7:59 a.m.

The "primary" was to rule in a particular group, which it appears you have done.  I don't think Jazz authentication can handle ldap sub groups either.

https://jazz.net/forum/questions/133894/subgroup-in-active-directory
https://jazz.net/forum/questions/4476/ldap-auth-with-nested-groups
https://jazz.net/forum/questions/48091/ldap-authentication-with-nested-groups

Do you have multiple applications registered to your JTS ?  For example, multiple RTC, RQM.


Yohko Tanaka commented Jan 15 '14, 5:40 a.m. | edited Jan 15 '14, 5:41 a.m.

Thank you for the reply.I really appreciate it.
Yes, I registerd RTC/RQM/RRC to the JTS.
It would be great if you have any other idea about where to look at.

About LDAP subgroup authentication, I actually tried below, but it seems it's not working so I opened a PMR about this.
https://jazz.net/library/article/985


permanent link
Kevin Ramer (4.5k8183200) | answered Jan 10 '14, 4:29 p.m.
You mention WAS which I know can allow multiple LDAP groups to be mapped onto Jazz Roles.  However, when we moved from RTC v2 to V3 (introduction of Jazz Team Server) we tried to map several groups to JazzUsers which worked for the most part, but the JTS concept of users diverged from each of the CCM application's notion of its users.  So we soon converted all the registered applications to have single LDAP group in their respective JTS.

If you have mapped multiple LDAP groups onto any of your Jazz roles (JazzUsers, JazzGuests....) I would compare the membership of the LDAP groups assigned to users who are missing the group in the exported data to see if one of the multiple groups seems to be the 'primary'.

I would also view those users without an exported group in the JTS/CCM/QM user admin pages to see what Jazz Roles appear (if any).


Your answer


Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.