User not configured in LDAP can still login
We have a user that is defined against the project that quite clearly states in the user administration section that they are not defined on the LDAP service and will NOT be able to login until they are defined. Fair enough I thought.
So I attempted to login as that user - and surprise - I was logged in successfully complete with full rights. How can that be ? unless of course whilst the system claims I'm using LDAP it really isn't ? |
4 answers
We have a user that is defined against the project that quite clearly states in the user administration section that they are not defined on the LDAP service and will NOT be able to login until they are defined. Fair enough I thought. Ok, so here is one info :) The authentication and the authorization is managed by the AppServer The info in the jazz repository is mainly used for 'UI' information (name email etc) My feeling is that the user is authenticated by LDAP, maybe part of a group, and thus can log in.. But Jazz does not know it (what do you see on the right top hand corner ? what name ? ) Does that help ? |
We have a user that is defined against the project that quite clearly states in the user administration section that they are not defined on the LDAP service and will NOT be able to login until they are defined. Fair enough I thought. Ok, so here is one info :) The authentication and the authorization is managed by the AppServer The info in the jazz repository is mainly used for 'UI' information (name email etc) My feeling is that the user is authenticated by LDAP, maybe part of a group, and thus can log in.. But Jazz does not know it (what do you see on the right top hand corner ? what name ? ) Does that help ? unfortunately no not really, this particular ID I know for sure is not on the LDAP registry ... top right show the exact name of the user I logged in as. |
Ok, so basically we log on in the app server wit ha user that does not exist in the LDAP and we still access jazz servlet right ?
Then we must not authenticate against the LDAP then :( This would mean that the app server sends some credentials to the LDAP, the LDAP says 'yeah this user exists' even though the user does not exist and allows the person to access the servlet :( The LDAP config inside JAZZ does not do authentication, the LDAP setup in the App Server does Did we setup the app server against LDAP or another user registry ? Is that a tomcat configuration ? Is the realm setup for JNDI or is it the default user registry one ? |
Hello, I re-read and I am confused :) Yeah it happens all the time :)
You stated: "unfortunately no not really, this particular ID I know for sure is not on the LDAP registry ... top right show the exact name of the user I logged in as." So, the user does not appear in the registry, so the authentication must be done against something different than the regisitry and it should work . Otherwise, we will get a 'wrong userid password' error message The top-right shows the user because the UID we entered when we loged in, matches a UID in the JAZZ USERS.. so this is normal What would puzzle me is if the user profile in jazz net has a set of JazzAdmins groups selected :) The LDAP connection inside JAZZ (LDAP properties in JAZZ) are not for authentication or authorization at all.. they are just for Jazz to retrieve the name and import users automatically :) Let me know.. if this does not help, I will call you and we will go through the setup |
Your answer
Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.