It's all about the answers!

Ask a question
QuestionsTagsUsersBadges
Follow this question
Question details

×4,692
×1,192

question asked: Jan 30 '14, 3:53 a.m.
question was seen: 5,701 times
last updated: Feb 12 '14, 8:43 a.m.

Related questions

FAQ - How this Forum works

LDAP authentication for local build forge users

0
Steffen Kriese (381921) | asked Jan 30 '14, 3:53 a.m.
Hello,

is there a way to use LDAP to verify the password for a local user id? The email property of the user should be used for the LDAP lookup.  

Thanx, Steffen

3 answers

Most liked answers ↑|Newest answers|Oldest answers

0
permanent link
Spencer Murata (2.3k115971) | answered Jan 30 '14, 8:28 a.m.
FORUM MODERATOR / JAZZ DEVELOPER
 Yes.
http://pic.dhe.ibm.com/infocenter/bldforge/v7r1m3/index.jsp?topic=%2Fcom.ibm.rational.buildforge.doc%2Ftopics%2Fadmin_ldap_about.html

Look at the section for LDAP domain properties.  It goes over how to connect BF to the LDAP server, then when a user logs in with their LDAP creds, a matching BF user is generated and the validation of that users credentials is given to the LDAP server.  You can also set up mappings between your BF access groups and the LDAP groups.

~Spencer
0
permanent link
Steffen Kriese (381921) | answered Feb 03 '14, 4:53 a.m.
Spencer,

thank you very much for pointing us the documentation. Base on this document we were able to configure the build forge access with IBM bluepages. Unfortunately we still have an issue.  We configured blupages as LDAP host and set the Search Base, Groups Search Base and so on. With this a user can logon using intranet user id / password.
With the initial logon a local build forge user id is created. This id can be later assigned to access groups and the user can work with build forge. There are two problems with this approach:
  • each owner on an intranet id can logon (we have circumvented this by setting a default access group guest, but still this creates dummy users)
  • We have a tool to automate the user management. This tool manages user id on several servers / applications. For build forge we can't use this because the workflow would be something like this:
    • update blue group
    • wait for user first time log in to build forge
    • update access groups with new user id.
      the work flow is not straight forward.
We are looking for a LDAP / Blupages config which allows to use the intranet ID/password but does not has the limitation listed before. May be you can send us a sample or describe how this is done in your group. Thanks in advance.

Kind regards, Steffen

Comments
Spencer Murata commented Feb 03 '14, 9:05 a.m.
FORUM MODERATOR / JAZZ DEVELOPER

I don't think you can black or white list users from the LDAP domain.  If the credentials are good, the user will be created.  The guest access group is probably the best solution here.  As far as the blue group problem, you can map access groups to LDAP groups, so you can automate what access groups a user will be assigned to when they log in.  That would be the best solution for the other user management issue.  Then you could update a bluegroup, have the user login and then they would automatically be added to which ever access groups map to the bluegroups they belong to.  Also this would keep valid bluepages users who aren't in project bluegroups from seeing anything they shouldn't see.


~Spencer

0
permanent link
Steffen Kriese (381921) | answered Feb 06 '14, 8:43 a.m.
Hi Spencer,

I tried to map LDAP groups to access groups. When setting "Map Access Groups:" to ON I can't no longer logon to the build forge console. Any idea what could be wrong?

Thanx, Steffen
Comments
Spencer Murata commented Feb 12 '14, 8:43 a.m.
FORUM MODERATOR / JAZZ DEVELOPER

Mapping the access groups shouldn't affect logging on unless it precludes you from ANY valid access group.  Do you not have a default access group for all users?


~Spencer 

Your answer

Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.