LDAP authentication for local build forge users
3 answers
Yes.
~Spencer
http://pic.dhe.ibm.com/infocenter/bldforge/v7r1m3/index.jsp?topic=%2Fcom.ibm.rational.buildforge.doc%2Ftopics%2Fadmin_ldap_about.html
Look at the section for LDAP domain properties. It goes over how to connect BF to the LDAP server, then when a user logs in with their LDAP creds, a matching BF user is generated and the validation of that users credentials is given to the LDAP server. You can also set up mappings between your BF access groups and the LDAP groups.
~Spencer
Spencer,
thank you very much for pointing us the documentation. Base on this document we were able to configure the build forge access with IBM bluepages. Unfortunately we still have an issue. We configured blupages as LDAP host and set the Search Base, Groups Search Base and so on. With this a user can logon using intranet user id / password.
With the initial logon a local build forge user id is created. This id can be later assigned to access groups and the user can work with build forge. There are two problems with this approach:
Kind regards, Steffen
thank you very much for pointing us the documentation. Base on this document we were able to configure the build forge access with IBM bluepages. Unfortunately we still have an issue. We configured blupages as LDAP host and set the Search Base, Groups Search Base and so on. With this a user can logon using intranet user id / password.
With the initial logon a local build forge user id is created. This id can be later assigned to access groups and the user can work with build forge. There are two problems with this approach:
- each owner on an intranet id can logon (we have circumvented this by setting a default access group guest, but still this creates dummy users)
- We have a tool to automate the user management. This tool manages user id on several servers / applications. For build forge we can't use this because the workflow would be something like this:
- update blue group
- wait for user first time log in to build forge
-
update access groups with new user id.
the work flow is not straight forward.
Kind regards, Steffen
Comments
I don't think you can black or white list users from the LDAP domain. If the credentials are good, the user will be created. The guest access group is probably the best solution here. As far as the blue group problem, you can map access groups to LDAP groups, so you can automate what access groups a user will be assigned to when they log in. That would be the best solution for the other user management issue. Then you could update a bluegroup, have the user login and then they would automatically be added to which ever access groups map to the bluegroups they belong to. Also this would keep valid bluepages users who aren't in project bluegroups from seeing anything they shouldn't see.
~Spencer