Correct group mapping in Jazz / JAS system
We are wondering were to configure the Group-Role-Mapping in a JAS system.
Situation:
Central JAS system
2 (or more) separate Jazz environments
Same users in both environments, but users can have different permissions in these environments (e.g. JazzUser in environment-1, JazzPrjAdmin in environment-2)
There is a set of different access Groups (in MS AD) for each environment.
From all the documentation about JAS it seems, that the mapping must be configured in the “appConfig.xml” in JAS. But this mapping would not differ between separate Jazz environments.
There is also a group mapping configuration in the JTS (LDAP configuration). Until now we thought that this configuration is only for user import (e.g. nightly sync).
When talking with IBM (very short) about the above situation, they told us, that configuring the mapping in JTS is enough.
So we tried this and it seems that it is working.
In JAS I did not configure any special role mapping (did not change the default: e.g. JazzAdminsàJazzAdmins)
But now this is a configuration which is documented nowhere.
Does anyone know an official documentation how to configure JAS/Jazz group mapping for the above configuration?
Comments
Lonnie VanZandt
Mar 25 '21, 11:14 a.m.Was it the case that the teamserver.properties user.registry.type is left at UNSUPPORTED (implying JAS SSO) but that the server.xml still needs to include the ldapUserRegistry.xml (not, or in addition to, the basicUserRegistry file) so that Jazz CLM knows how to parse LDAP information which it should be seeing coming in from the JAS+LDAP systems?