Cannot be able to login with uid on Jazz Team Server
Hello,
I have configured CLM 5.0.2 on WAS using LDAP as user authentication. I have some queries regarding this configuration and need your support and guidance.
1. When I login on Jazz Team server i cannot be able to login with uid. For example: uid = test1. But when i am going to use the detailed distinguished name (i.e. CN=users,CN=test1, dc=....,dc=....) i can easily login on JTS home. Kindly guide me how can i configure uid so that i can login?
2. After starting the WAS when i see the log file of system.out following error is shown:
SECJ0360E: Authentication failed for <user> because multiple users matched the user.
When i see my LDAP configuration i didn't see any multiple users.
Accepted answer
You need to go under "Advanced Lightweight Directory Access Protocol (LDAP) user registry settings" after clicking the "Configure" button adjacent to the pulldown indicating the realm definition.
The property:
User ID map
will be the one that needs to be changed
The property:
User ID map
will be the one that needs to be changed
2 other answers
Hello Aftab
The issue looks like the LDAP parameters passed in the Websphere and JTS/setup LDAP registry settings are not accurate to fetch the details. You need to ensure that the accurate LDAP parameters are defined.
Also, verify the security mappings defined for the application. Check the Bind and Base DN properties in WAS. Also verify the LDAP parameters defined in jts/setup, step6..
Steps to verify:
http://www-01.ibm.com/support/knowledgecenter/SSYMRC_5.0.2/com.ibm.jazz.install.doc/topics/t_instl_config_ldap_on_was.html?cp=SSYMRC_5.0.2&lang=en
To get accurate LDAP parameters, Install a third party software named: Softerra LDAP Browser and it will list you the parameters.
http://www-01.ibm.com/support/docview.wss?uid=swg21445366
If this answers your question please mark it as accepted.
Regards,
Rohit
The issue looks like the LDAP parameters passed in the Websphere and JTS/setup LDAP registry settings are not accurate to fetch the details. You need to ensure that the accurate LDAP parameters are defined.
Also, verify the security mappings defined for the application. Check the Bind and Base DN properties in WAS. Also verify the LDAP parameters defined in jts/setup, step6..
Steps to verify:
http://www-01.ibm.com/support/knowledgecenter/SSYMRC_5.0.2/com.ibm.jazz.install.doc/topics/t_instl_config_ldap_on_was.html?cp=SSYMRC_5.0.2&lang=en
To get accurate LDAP parameters, Install a third party software named: Softerra LDAP Browser and it will list you the parameters.
http://www-01.ibm.com/support/docview.wss?uid=swg21445366
If this answers your question please mark it as accepted.
Regards,
Rohit
Comments
i have configured the LDAP again. Now i am not getting the error of multiple users. But still i cannot i cannot be able to login with uid. I have to specify the full distinguished name for login.
Bind Distinguished name is: CN=test,OU=ABC, dc=....,dc=...
uid=test
objectclass=person,organizational
cn=test
mail=test@test.com
In WAS , i am using custom type as ldap server, primary administrative user and bind DN are the same. The test connection was successful. When i login on WAS admin console i have to specify the distinguished name as a login id. I want to login with uid i.e. test. How can i bind uid instead of DN?