Jazz platform and a Windows domain move
Hi fellows,
I've won a quite nice job.
I have to do an estimation of effort for moving a Jazz platform from one domain forest to an other.
Our environment:
JTS/RTC/RQM on Windows, ~1.000 registered user
Authentication is LDAP on Windows, Base dn is toplevel.net, User ID is mapped to UserPrincipalName
Assuming the new domain will use exactly the same UPN:
- configure JTS and WAS to connect to several LDAPs
http://www-01.ibm.com/support/docview.wss?uid=swg21458382
- if the user moves to the new domain, he should be possible to login with the new account
Assuming the new domain will use different UPNs
- configure JTS and WAS to connect to several LDAPs
http://www-01.ibm.com/support/docview.wss?uid=swg21458382
- when the user moves to the new domain, we have to reconfigure the JTS login, to work with the new UPN
- can be done with scripting like https://rsjazz.wordpress.com/2012/10/12/changing-the-jazz-user-id-using-the-rtc-plain-java-client-libraries/ if there are lots of user at one moment
Am I right regarding the technical steps?
greetings georg.
I've won a quite nice job.
I have to do an estimation of effort for moving a Jazz platform from one domain forest to an other.
Our environment:
JTS/RTC/RQM on Windows, ~1.000 registered user
Authentication is LDAP on Windows, Base dn is toplevel.net, User ID is mapped to UserPrincipalName
Assuming the new domain will use exactly the same UPN:
- configure JTS and WAS to connect to several LDAPs
http://www-01.ibm.com/support/docview.wss?uid=swg21458382
- if the user moves to the new domain, he should be possible to login with the new account
Assuming the new domain will use different UPNs
- configure JTS and WAS to connect to several LDAPs
http://www-01.ibm.com/support/docview.wss?uid=swg21458382
- when the user moves to the new domain, we have to reconfigure the JTS login, to work with the new UPN
- can be done with scripting like https://rsjazz.wordpress.com/2012/10/12/changing-the-jazz-user-id-using-the-rtc-plain-java-client-libraries/ if there are lots of user at one moment
Am I right regarding the technical steps?
greetings georg.
Accepted answer
Hello Georg,
you are right,
please note, however, that support for multiple LDAPs is limited. One thing is that importing user from all but one LDAP needs to be done manually (or using a "trick" which involves making the given LDAP the "main" one, temporarily). In the long run, it can be a bit tedious, and definitely increases the administrative workload. As you are probably aware, an enhancement is filed for this: https://jazz.net/jazz/web/projects/Jazz%20Foundation#action=com.ibm.team.workitem.viewWorkItem&id=140055
you are right,
please note, however, that support for multiple LDAPs is limited. One thing is that importing user from all but one LDAP needs to be done manually (or using a "trick" which involves making the given LDAP the "main" one, temporarily). In the long run, it can be a bit tedious, and definitely increases the administrative workload. As you are probably aware, an enhancement is filed for this: https://jazz.net/jazz/web/projects/Jazz%20Foundation#action=com.ibm.team.workitem.viewWorkItem&id=140055