Does changing advanced properties require server restart?
We appended an additional LDAP group through the web ui -> server -> "Advanced properties"->"Jazz to LDAP Group Mapping" property. My user profile (rich client) reflects the change (JazzAdmin from the second LDAP group), but when I try to do operations that require JazzAdmin, it say's I'm not authorized (even after logging out and in again).
E.g.
When trying to login to the web ui admin page => The user <me> is not authorized to access Jazz Team Server Admin UI
When trying to view another users profile through the rich client => the "Repository Groups" sections says "You are required to be in the JazzAdmins group to edit the groups of another user."
My question is, does changing this property require a server restart?
Its a production system and I'd have to coordinate an outage.
E.g.
When trying to login to the web ui admin page => The user <me> is not authorized to access Jazz Team Server Admin UI
When trying to view another users profile through the rich client => the "Repository Groups" sections says "You are required to be in the JazzAdmins group to edit the groups of another user."
My question is, does changing this property require a server restart?
Its a production system and I'd have to coordinate an outage.
2 answers
The LDAP mappings in the Jazz Admin web UI do not change the mapping used to assert permissions, they are only used to display the roles that a user is in for the user editor view.
The application container (WAS or Tomcat) is responsible for detecting which roles the user is in when it comes to asserting access. If you'd like to change the mapping used to determine roles, you'll need to change the value in the application container for it to take effect.
You might be able to update WAS role mappings without a restart (you'd have to check with the WAS documentation) but if you are using Tomcat you'll have to restart.
The application container (WAS or Tomcat) is responsible for detecting which roles the user is in when it comes to asserting access. If you'd like to change the mapping used to determine roles, you'll need to change the value in the application container for it to take effect.
You might be able to update WAS role mappings without a restart (you'd have to check with the WAS documentation) but if you are using Tomcat you'll have to restart.
I was thrown off by technote http://jazz.net/library/techtip/96 which says the group mapping is optional.
It worked once we added the group mapping in WAS under the Enterprise Application (jazz.war) section (and it did not require a server restart).
Thanks Matt
Assigning Group Roles
In this section we will show how to assign roles and permissions to the groups loaded from LDAP server.
Note
This step is optional, however it verifies that the group filter is setup properly and the Jazz application will be deployed and started without any Group permissions related problems.
It worked once we added the group mapping in WAS under the Enterprise Application (jazz.war) section (and it did not require a server restart).
Thanks Matt