Enabling LDAP on WebSphere Application Server after using JAZZ as user managment
Lior Peled (17●4●16)
| asked Feb 05 '18, 7:31 a.m.
retagged Mar 14 '18, 10:54 a.m. by Ken Tessier (841●1●7) Hi,
we are currently managing users in CLM and would like to enable LDAP for user management.
2 questions:
1. Is there any specific configuration during WebSphere installation that we had to set on intial installation?
2. what are the exact steps to follow in order to enable LDAP on WebSphere ?
Current CLM version 6.0.4 , WebSphere 8.5.5.11
Lior
|
3 answers
It should be fine. Just follow the standard documents.
Comments
Lior Peled
commented Feb 10 '18, 3:39 p.m.
Hi,
I was able to have a successful test connection to the AD after follwing The steps in the article, now when I try to login with the one user I added to the JazzAdmins group in the active directory as a test, I get a permissions denied message saying the user is not part of a group membership (can't remember the exact message).
Is there anything else I need to do besides adding the users to the relevant active directory Jazz group I created?
Is the successful connection test I received enough or are there any other mandatory steps I need to take?
Donald Nong
commented Feb 12 '18, 1:27 a.m.
You need to re-do the role mapping every time you change the user registry - step 9 in the below document.
Lior Peled
commented Feb 14 '18, 4:48 a.m.
Hi,
The role mapping solved the problem.
The issui now is that I can't login to the websphere console.. I can turn the security flag off but then the clm web is unavailable.
How do I create another websphere user so I can login to WAS console when security flag is once I enable LDAP?
Georg Kellner
commented Feb 14 '18, 12:29 p.m.
Hi,
|
hi,
the user for LDAP was configured I just didn't realize it.. thanks.
I have another issue now.
the JazzUsers group is mapped to the relevant team in the active directory but for some reason I get the permission denied message when trying to login with one of the users that is a member in the group , users in JazzAdmins group are able to login (strange thing is that one a user from the admins group is logged in the user profile that is recognized is the Admin name and not the users'.. any idea why?)
please advise.
|
Hi,
I was able to solve the login issue from JazzUsers group but have a few questions,
I found out that the User ID in active directory and RTC current users list was the same but not in reference to lower/uper case so in the advanced properties I changed the flag for the case sensitive option and that solved the problem.
the thing is that the User Registry type is set to unsupported ever since I enabled LDAP (I read somewhere that it is supposed to be set to LDAP).
my question now is what does that flag means? considering that I was able to login using the credentials from the active directory.
another question, now if a new user needs to have access to CLM applications, is it enough that the user is added to the relevant group in Active Directory? do I need to create the new user in JTS as well? what is the proper flow?
thanks.. Lior
Comments
Donald Nong
commented Feb 21 '18, 12:45 a.m.
You need to set the User Registry Type in JTS to LDAP in order to synchronize the users. If you create a new LDAP user in the appropriate LDAP group, it should be added to JTS automatically during the nightly user synchronization. You can also add the user manually on the Active Users page of the Web GUI.
Lior Peled
commented Feb 21 '18, 3:18 a.m.
Thanks Donald,
I did that yesterday and the user I added to the JazzUsers group in Active Directory wasn't created.
I tried also running the manuall sync using repotools command but that didn't work as well.
when I try to use the import users option, once I search for one I get an error "CRJAZ0742E A connection to the LDAP directory server could not be established. Verify the configuration and availability of the LDAP server"
how is this possible considering I'm able to login using my credentials from LDAP?
Check the advanced property LDAP Registry Location under com.ibm.team.repository.service.jts.internal.userregistry.ldap.LDAPUserRegistryProvider, or the com.ibm.team.repository.ldap.registryLocation line in server/conf/jts/teamserver.properties (they are the same thing).
|
Your answer
Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.