It's all about the answers!

Ask a question

Unable to import users after non-LDAP to LDAP switch in CLM 6.0.2


Will Girard (1516) | asked Aug 15 '16, 8:50 a.m.
edited Aug 15 '16, 9:02 a.m. by Ralph Schoon (63.6k33646)
Hello

I've just upgraded from CLM 4.0.6 to CLM 6.0.2. By now we've used tomcat users for authentication. Now i want to change from tomcat users to LDAP (MS AD) authentication.

After the upgrade I ran the setup of JTS (https://myserver.com/jts/setup) then switched to LDAP authentication, configured ldap, and the test was successful. I saved the configuration and followed the steps to replace web.xml in the applications and server.xml in the tomcat/conf directory.

I restarted the server and noted that i can't login with my old credentials. I tried my AD credentials and the login worked fine (Note: the usernames of the tomcat user registry are the same as in AD). 

However if i have a look under https://myserver.com/jts/admin#action=com.ibm.team.repository.admin.configureAdvanced all the LDAP related configurations have the default - non-LDAP - values. If i start the setup again, there ist still tomcat user registry selected, an my LDAP settings are note displayed.

If i want to import a user, none of the users in my AD groups are found.

Long story short, i can login with AD credentials for existing users where the username of the tomcat user registry matches the username in AD, but I cannot add new users from AD.

Did i miss someting? Do i need to configure some settings under Advanced Configuration? If yes which one?

Does someone have a complete guide how to switch from tomcat user registry to AD?

Thank you very much in advance.
Willi

Comments
Will Girard commented Sep 01 '16, 2:50 a.m.

Thank you for all your replies. I found my fault. After configuring LDAP in /jts/setup i stopped the server and replaced the config, so the values were only saved to the web.xml and the server.xml. 


Long story short i forgot to click next on the LDAP configuration page. I ran the setup again configured LDAP and clicked trough the whole setup. then it worked and the values were saved to the xml files and into the database.

2 answers



permanent link
Ralph Schoon (63.6k33646) | answered Aug 15 '16, 9:06 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER
On the setup page where you set LDAP, there is a help link that guides you to an article that helps you to validate your LDAP settings. It looks like your LDAP parameters might be wrong.

I think we used AD in Rational solution for Collaborative Lifecycle Management 2012 Administration Workshop so maybe that is a little help. Note, I think we have an error there and the user ID attribute is wrong, but nevertheless....

Comments
Will Girard commented Aug 17 '16, 8:36 a.m. | edited Aug 17 '16, 8:54 a.m.

 Hi Ralph


Thank you for the fast answer. Which parameters do you mean? The test on the setup page was successful and i can login with an my existing user and my AD password. The password from the tomcat user registry doesn't work anymore. So i think parameters are correct.

I red the https://jazz.net/wiki/pub/Main/CLM2012AdminWorkshop/lab-workbook.pdf chapter for LDAP integration and i did exactly the same thing.

In my active users i also have the blue information bubble that states that the username is a readonly attribute.

so the only problem is how can i import a new user? If I go to active users and click on the top right "Import User" it does not find any users in my directory.

Is there also a possibility to setup a user synchronisation so that JTS does periodically check if there are new users in the AD groups and add them to the active users?

Thank you very much.
Willi



Ralph Schoon commented Aug 17 '16, 8:57 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER
Step 2:Configure Jazz Team Server to use an LDAP server to act as my user registry
Once you have configured your application server and LDAP server as described in the server setup guide, complete this form to configure the Jazz Team Server to use your LDAP server for user and group information.

For additional reference and help browsing your directory, see the topic How to verify LDAP parameters for Jazz Team server configuration.

I haven't played with LDAP for quite some time. I think after your setup the RTC server should be able to synchronize users in (not import) if the user is in a RTC group. There are advanced parameters in JTS that you could check. 


Will Girard commented Aug 17 '16, 9:51 a.m.

Thanks for the reply.


You are referencing to "Step 2" above, where do i find this step?

I will try to verify the LDAP parameters.

Regards.


Ralph Schoon commented Aug 17 '16, 9:58 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER

This is the help text in the setup step when you select LDAP.


permanent link
Donald Nong (14.5k614) | answered Aug 17 '16, 10:06 p.m.
There are two parts of the LDAP configuration - one for authentication and the other for user synchronization/import. When you run /jts/setup, the LDAP configuration should be recorded for the latter (in Advanced Properties/teamserver.properties). The content that you copied in tomcat/conf/server.xml deals with the former, which appears to be done correctly already. I'm not sure what's wrong with the setup process that the configuration did not get retained.

Your answer


Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.