Can JazzUsers be set to any authenticated user?
We want to use RTC to manage support requests. It is painful and unintuitive to require users to first be added to an ldap group before being able to login. It is not practical to constantly update an ldap group with employees daily. Is there a way to set the JazzUsers setting to be any authenticated user? We are on RTC 5.0.2 right now.
|
Accepted answer
If you are using WAS as the application server, the easiest way is to map the "all authenticated in application realm" special subject to the security role "JazzUsers", rather than map users and/or groups to the role.
https://www-01.ibm.com/support/knowledgecenter/SSAW57_8.5.5/com.ibm.websphere.nd.doc/ae/usec_tselugrad.html Note that this contradicts to the CLM configuration document where it says "Do not enable the All authenticated? option". But if this is what you want, why not? http://www-01.ibm.com/support/knowledgecenter/SSCP65_5.0.1/com.ibm.jazz.install.doc/topics/t_deploy_was.html The version of RTC should not matter in this case. Vince Thyng selected this answer as the correct answer
Comments
Vince Thyng
commented Oct 06 '15, 11:25 p.m.
Awesome, thanks Donald. This seems to be working for me. A coworker and I noticed that RTC v6 seems to be pre-importing everyone they find in the associated ldap groups. Any chance this would end up importing our entire user directory? :/
Donald Nong
commented Oct 07 '15, 12:22 a.m.
That's quite unexpected. If there are more than 500 users for a group, not "everybody" will be imported, as JTS should retrieve 500 users at most - this is controlled by the JTS advanced property Max Number of Entries Returned from User Search.
|
One other answer
You can use a group with all users e.g. DomainUsers and then just use the self registration on first login.
So you do not have to manage the group and import the users.
Additionally the Project Area can have set the Access to Everyone, so you also don't have to manage teams.
Regards
Guido
Comments
Vince Thyng
commented Oct 06 '15, 11:23 p.m.
Thanks for the suggestion. This is a Tivoli directory instead of MS Active Directory and I have not found an equivalent group.
|
Your answer
Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.