It's all about the answers!

Ask a question

LDAP and Two Server Topology


Rob Olsen (351143) | asked Jun 11 '15, 12:51 p.m.

In the past I normally install JTS and RTC (CCM) on to one server and then run setup.  Today, based on a growing use of a new installation, in my new installation I split the JTS and CCM to two servers.  Installation went fine, CCM was registered as I ran through custom setup on the JTS server.  I am using Tomcat and LDAP authentication.  In the past I use to log in to "CCM/admin" and create a "Project".  I cannot log in to CCM, but only as ADMIN.  So I am stuck creating a "Lifecycle" project on the JTS server.  This fails because only ADMIN can log in to the CCM server.  So here are my questions:

1) Do I need to run "Setup" on the CCM server as well to set up LDAP?

2) If I do step (1) above and "only" want a "CCM Project" and not a "Lifecycle" project, do I log in to the CCM server and do what I did in the past and create a project on that server, or am I stuck with creating a "Lifecycle" project from the JTS Server?

One answer



permanent link
Kevin Ramer (4.5k6172190) | answered Jun 11 '15, 2:55 p.m.
Do both tomcat (jts and ccm) have the same Realm definitions as well as the role mappings to your specific setup ?

The realm will be in the tomcat/conf/server.xml while the role mappings in the tomcat/webapps/ccm/WEB-INF/web.xml

If you change either, you'll have to bounce the tomcat process.

Comments
Rob Olsen commented Jun 11 '15, 3:13 p.m.

Thanks for the response Kevin.  Right now the server.xml and web.xml files in both servers do not match. 

When I ran the "Custom" set up on the JTS server, I set it up for LDAP authentication.  It created a new server.xml and web.xml files, of which I replaced in the appropriate folders and restarted JTS.  I never did this for the CCM server.  Was I suppose to copy these same files over to the CCM server as well?  Was this supposed to be done automatically?  Did I miss something in the documentation somewhere?  


Rob Olsen commented Jun 11 '15, 3:24 p.m.

So I moved over to my CCM server and copied over the server.xml and web.xml files over from the JTS server and restarted Tomcat.  I am now able to log in to CCM as well.

I will continue with my configuration.  I sure wish I knew where this was documented, or if it is.  Maybe I should have known that if you have one JTS server and multiple servers supporting QM, CCM, DM, etc, that you need to copy that server.xml and web.xml files over from JTS! 


Kevin Ramer commented Jun 11 '15, 3:28 p.m.

I think that the web.xml for the dependent application(s) will be bare-bones as will the server.xml.

There could be a lot of mis match, but the important sections are as I've mentioned.  You can pretty much copy/paste the realm definition from the jts to ccm.  Check the jts web.xml for entries like:

              <security-role-ref>
                <role-name>JazzUsers</role-name>
                        <role-link>some-group-name</role-link>
                </security-role-ref>

One for each of JazzUsers, JazzGuests, JazzAdmins, JazzProjectAdmins, JazzDWAdmins ( some can be the same e.g. the Admins )
then look for :
<security-role>..</security-role> for additional things.   

Your answer


Register or to post your answer.