How to configure "Federation of user registries" in WAS Liberty for CLM 6.0.1
Hello!
We would like to use IBM LDAP and basic file user registry together to allow login from both LDAP and Non LDAP users of a CLM 6.0.1 instance, which was setup using IBM WebSphere Application Server(WAS) - Liberty server. Knowledge center covers this topic only in the context of WAS but not covers about Liberty. Reference : https://www.ibm.com/support/knowledgecenter/SSAW57_8.5.5/com.ibm.websphere.wlp.nd.doc/ae/cwlp_repository_federation.html So here are few questions : 1) In server.xml of Liberty, can we use both of below user registries ? <include location="conf/ldapUserRegistry.xml"/> <include location="conf/basicUserRegistry.xml/> So here basic registry federated with LDAP. -bash-4.1$ ./productInfo version Product name: WebSphere Application Server Product version: 8.5.5.7 Product edition: LIBERTY_CORE -bash-4.1$ pwd /home/jazz/6.0.1/<install_path>/server/liberty/wlp/bin -bash-4.1$ 2) Is this a supported configuration for CLM 6.0.1.x? |
Accepted answer
Hi Mallikarjuna
The following forum question that was raised for WAS.
https://jazz.net/forum/questions/206291/ldap-integration-with-multiple-ldap-dns-mulitple-ad-forests-with-jazz-v60-and-later
It might work for Liberty as well as per Liberty Innocenter:
I did a quick test on CLM 6.0.2 and it seems to work.However, the process of adding new users in the Basic Registry is complex. Here is a high level of what I tried
- First change the group names for basicUserRegistry to make it different from the group names in LDAP registry
- Modify server.xml to enable both Basic and Ldapregistry.xmls
- Run and complete JTS Setup configuring to LDAP
- Add the JazzGroups from BasicUserRegitry to application.xml file
- Add the list of users in BasicUserRegistry
- Login to JTS as a user with JazzAdmin Role,
- Go to Server > Advanced Properties search for "User Registry Type" and change it from LDAP to DETECT
- Click on Users > Active Users and Create Users with similar userids created in the Basic UserRegistry
- Go to Server > Advanced Properties , change "User Registry Type" and from DETECT to LDAP
Mallikarjuna Kandala selected this answer as the correct answer
Comments
Mallikarjuna Kandala
commented Sep 22 '16, 10:21 a.m.
Hi Shubjit,
Shubjit Naik
commented Sep 23 '16, 12:18 a.m.
Hi Mallikarjuna
It would be best to first configure Liberty/JTS to LDAP and synchronize users, then enable Basic User Registry. Are you able to login as a user from your Basicregistry file?
In your case,
- JTS would still not have the LDAP details
- Liberty has to be configured with LDAP with right parameters.
Mallikarjuna Kandala
commented Sep 26 '16, 5:40 a.m.
Hi Shubjit,
Hi Mallikarjuna Might be to do with the version 6.0.1. Could be the bundled liberty config.
Is there a possibility to test the same config in 6.0.2 ?
I tried with 2 LDAPs and BASIC user registry and it seems to work well in 6.0.2
Mallikarjuna Kandala
commented Sep 26 '16, 10:05 a.m.
Hi Shubjit,
|
Your answer
Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.
Comments
Some information from my original post is not visible so reposting here:
So here are few questions :
1) In server.xml of Liberty, can we use both of below user registries ?
<include location="conf/ldapUserRegistry.xml"/>
<include location="conf/basicUserRegistry.xml/>
So here basic registry federated with LDAP.
-bash-4.1$ ./productInfo version
Product name: WebSphere Application Server
Product version: 8.5.5.7
Product edition: LIBERTY_CORE
-bash-4.1$ pwd
/home/jazz/6.0.1/<install_path>/server/liberty/wlp/bin
-bash-4.1$
2) Is this a supported configuration for CLM 6.0.1.x?