Jazz Forum Welcome to the Jazz Community Forum Connect and collaborate with IBM Engineering experts and users

using secure LDAP or LDAPS protocol for authentication is it supported for CLM 4.x?

Questions
Tags
Users
Badges
anup Gaur
(1392444) edited
Aug 19 '14, 6:13 p.m.
Does CLM 4.0.6 support secure LDAP or te LDAPS protocol. Although my jts /setup works fine with Tomcat and Windows AD LDAP authentication using ldap://dchost:389 format. the same does not work for the ldaps://myserver:636. Is it not supported or something else needs to be done?

The forum below doesnot solve this problem. So two things here. Is it supported when using Tomcat. If yes then does simply changing the protocol to ldaps with secure port will it do the trick? I think we need to have a certificate installed somewhere.

0 votes

2 answers
10,050 views
0 votes

2 answers

Permanent link
Rohit Balduwa
(945511) Aug 11 '14, 12:49 a.m.
Hi Anup

Yes, you can configure Lightweight Directory Access Protocol over SSL (LDAPS) for IBM Rational Team Concert on Apache Tomcat.

There are 2 steps required to configure Lightweight Directory Access Protocol over SSL (LDAPS) for Rational Team Concert running on Apache Tomcat

  1. Import the certificate from your LDAP server into Apache Tomcat's trust store
  2. Rerun the steps documented in Managing users with Lightweight Directory Access Protocol (LDAP) (http://pic.dhe.ibm.com/infocenter/clmhelp/v3r0m1/index.jsp?topic=%2Fcom.ibm.jazz.install.doc%2Ftopics%2Fc_plan_identity_management.html) to configure your Rational Team Concert to connect to LDAP through the secure port.


For Part 1, follow the below steps:

Below are steps to import a certificate into Apache Tomcat's trust store:

  1. Stop the Apache Tomcat server
  2. Obtain the certificate from the LDAPS server (an LDAP Administrator should be able to provide the certificate file)
    In this example, the certificate file in the *.der format

  3. Navigate to "..\\JazzTeamServer\server\jre\bin" directory
  4. Double click on ikeyman.exe to launch
  5. Click on the Open button and browse to the "..\\JazzTeamServer\server\jre\lib\security" directory
  6. Select to view all file types. You should see a file called 'cacerts' in the list
  7. Open the 'cacerts' file


  8. IBM Key Management will prompt for a password
    Enter 'changeit' and click OK. A list of 'Signer Certificates' will display (see below)
    Note: 'changeit' is a default password. If you have changed it, you will need to enter your own password


  9. Click on the 'Add' button to add a certificate from file
  10. Browse to the certificate file and click on OK to add


  11. This will open a prompt for a certificate name. Enter a name and click OK
  12. Exit from ikeyman by selecting "Key Database File > Exit" from the main menu
  13. Start the server

Details from the technote:

http://www-01.ibm.com/support/docview.wss?uid=swg21508904

If this answers your question please mark it as accepted.


1 vote

Permanent link
Krzysztof Kaźmierczyk
(7.5k480103) Mar 02 '21, 3:43 a.m.

The same document for Liberty configuration: https://jazz.net/wiki/bin/view/Deployment/ConfigureLDAPs

0 votes

Your answer

Register or log in to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.

Ask a question
Guidelines
FAQ
Search context
Follow this question

By Email: 

Once you sign in you will be able to subscribe for any updates here.

By RSS:

Answers
Answers and Comments
Question details
× 6,130
× 1,381

Question asked: Aug 09 '14, 2:57 p.m.

Question was seen: 10,050 times

Last updated: Mar 02 '21, 3:43 a.m.

Confirmation Cancel Confirm