It's all about the answers!

Ask a question

configuring Ldap with RQM


Krunal Gaoli (671269) | asked May 19 '15, 7:30 a.m.
 Hi All,
I am configuring Ldap with RQM , I have edited the server.xml file like this__and restart the server

Realm className="org.apache.catalina.realm.JNDIRealm"
      connectionPassword="***********" 
   connectionURL="ldap://servername.com:389"
               userBase="dc=domain_name,dc=com"
               userSearch="(uid={0})"
               userSubtree="true"
               roleBase="dc=domain_name,dc=com"
               roleSubtree="false"
               roleSearch="(memberNotAvailablexxx={0})"
               roleName="cn"
            

 I have given all the necessary parameters required for the in step 6 i.e. set-up user registry mentioning below__


LDAP Registry Location: ldap://*********.com:389
User Name                      :ldap user
Password                         : ***********
Base User DN                 : DC=********,DC=com
User Property Names : Mapping:userId=sAMAccountName,name=cn,emailAddress=mail
Base Group DN            : DC=********,DC=com

Jazz to LDAP Group Mapping   ::     JazzAdmins=JazzAdmins, JazzUsers=JazzUsers, JazzDWAdmins=JazzDWAdmins,                            JazzProjectAdmins=JazzProjectAdmins, JazzGuests=JazzGuests

Group Name Property ::   cn

Group Member Property ::  member  

but its not working, I am not getting into next step please suggest something.


2 answers



permanent link
Donald Nong (14.5k614) | answered May 19 '15, 9:02 p.m.
edited May 19 '15, 9:03 p.m.
You are not even telling others what instructions you are following, how do you expect others to know what "next step" is? And again, "not working" means little to others - explain the exact .

Assuming that you're using MS Active Directory Server as the LDAP provider, I can see few of issues with the Tomcat settings.
1. You have specified "connectionPassword", but not "connectionUser". Does the LDAP server require authentication to browse the LDAP tree? Or anonymous access is allowed?
2. You may try userSearch="(sAMAccountName={0})" instead of using "uid", depending on what you are going to use as the "log in".
3. The "roleSearch" parameter looks suspicious. Are you really sure your LDAP server has an attribute called "memberNotAvailablexxx"?

To understand your LDAP server better, I suggest you use an LDAP client such as the ldp.exe tool provided by Microsoft to and have a play on the LDAP server.
https://support.microsoft.com/en-us/kb/224543

Comments
Krunal Gaoli commented May 20 '15, 1:22 a.m. | edited May 20 '15, 2:47 a.m.

 Hi Donald Nong,

 I made the changes as per your suggestion ,but now I am getting this error
ID CRJAZ1845E.  saying Although the new user was created successfully, an error occurred while trying to assign the Client Access License keys to the new user.



Donald Nong commented May 20 '15, 2:50 a.m.

It appears that the LDAP issue is resolved and you get a different one. How about if you open the new user profile and assign the license there?


Krunal Gaoli commented May 20 '15, 5:05 a.m. | edited May 21 '15, 4:45 a.m.

 Hi Donald Nong, 

Know the LDAP issue is solve , I can import user into project, but they are unable to login into the application by using there windows credentials.


Donald Nong commented May 21 '15, 5:02 a.m.

The fact that you can import users into project only proves that the LDAP settings in JTS are correct. You may still need to double check the LDAP settings in Tomcat. What is the error message when the user cannot log on CLM?


permanent link
Krunal Gaoli (671269) | answered May 21 '15, 8:24 a.m.
 This are my tomcat setting can you please verify it , 

 <Realm className="org.apache.catalina.realm.JNDIRealm"
       connectionName="dc=companyname,dc=com"
               connectionPassword="*********" 
       connectionURL="ldap://hostname.com:389"
               userBase="dc=company name,dc=com"
               userSearch="(uid={0})"
               userSubtree="true"
               roleBase="dc=company name,dc=com"
               roleSubtree="true"
               roleSearch="(memberNotAvailablexxx={0})"
               roleName="cn"
    />



Comments
Donald Nong commented May 21 '15, 8:12 p.m.

See my original answer. I'm not convinced that the settings are correct.

Your answer


Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.