Multiple LDAP with Jazz Authorization Server

Hi Pumtat,

because JAS is based on the WAS libertiy profile, this is possible with help of a federate repository REALM definition, with multiple LDAP registries (e.g. multiple AD forests). So the login and the group mapping goes through multiple LDAP registries.
One trick is, in the group mapping of JTS/CCM/QM you can have multiple groups mapped per repository role. SO you can map groups from different LDAP registries.

See also my question / answers on:

• https://jazz.net/forum/questions/206291/ldap-integration-with-multiple-ldap-dns-mulitple-ad-forests-with-jazz-v60-and-later

• https://jazz.net/forum/questions/208725/howto-filter-out-disabled-users-in-a-federate-repositories-realm-within-was

Only issue is currently the import/synch/update of the users, because v6.0 and earlier versions of JTS cannot have more than one LDAP configuration in advanced properties to searchs users from. But for this there exists workaround like switching the lDAP properties or using repotool commands.

There exists a plan item in jazz.net (currently planned for V.6.0.1-M5 where JTS should become able to search the users out of JAS instead directly from LDAP.

Note: don't be confused by the login/group resolution of a user agains the import/synch/update of the User DB. This are two complettly different handled processes. The first is WAS the second is JTS.

regards
Guido

Hi Pumtat, No Jazz (CLM) cannot be configured to integrate with multiple LDAP.