Struggling to setup an LDAP User Registry
I am trying to install JTS v6.0.6 and am struggling to setup an LDAP User Registry.
At the moment my Liberty “server.xml” file has <include location=”conf/basicUserRegistry.xml” which means that I can log on as the initial ADMIN account.
I know that I eventually need to have <include location=”conf/ldapUserRegistry.xml” but at the moment I can’t log on with that setting.
My progress so far with the ‘jts/setup’ is that I have configured the Public url, configured the ‘jts’ database and created its tables, and I’ve registered Applications.
On the “Setup User Registry” page at Step 1 I have specified User Registry Type = LDAP.
At Step 2 I’ve entered LDAP Registry Location details and the “Base User DN”, “Base Group DN”, “Group Member Property” details which are copied from another Jazz Team Server (using Apache Tomcat) we have that works fine, so I’m fairly confident I’ve got them all set up correctly.
When I select “Test Connection” I get
“An LDAP connection was established but generated warnings. Resolve the warnings or click Next to continue.
ID CRJAZ1559W
Unable to validate the user information. Ldap://<our-server-name>:3268
And the “liberty\servers\clm\logs\jts.log” has CRJAZ2149W An error occurred while validating the LDAP configuration.
What’s my best way forward from here ?
Thanks
Peter
Accepted answer
Stupid, stupid, stupid !!!!!
It's always something daft :
When I was editing "server.xml" to go from basicUserRegistry to ldapUserRegistry I got rid of the "!--" at the start of the include block but I forgot to get rid of the "--" at the end.
So my "server.xml" didn't know about <include location="conf/ldapUserRegistry.xml"/> and obviously I couldn't get any user to log in.
Now I've corrected that I have managed to log on to jts admin home page as my LDAP user who is also a JazzAdmin.
I'm going home now, but I'll no doubt be back soon with another daft question. (probably about managing licenses)
Thanks for all your help
Peter
4 other answers
Thanks for your help so far everyone.
It feels like I’m making progress, but I’m not there yet.
I am trying to install JTS v6.0.6 and setup the LDAP User Registry to point to an Active Directory.
This new Jazz Team Server has been installed using the default websphere Liberty profile
This Active Directory / LDAP that I am attempting to use is already being used by another Jazz Team Server (JTS v6.0.2) which has an Apache Tomcat application server.
Starting off with the basicUserRegistry and logged in as ADMIN I have run the jts/setup and configured the Public url, configured the ‘jts’ database and created its tables, and I’ve registered the Applications.
At the “Setup User Registry” page I have got the green “You have successfully configured the User Registry” message.
“ldapUserRegistry.xml” and “application.xml” were written when I hit the “Save LDAP Config Files” button.
If I stay logged on using the basicUserRegistry as ADMIN I can go to the Users page and see a list of 182 Active Users.
Which I assume must mean the LDAP Server connection is OK.
I clicked on one of these users ‘rtc.admin’ and confirmed that he had “Jazz Admins” repository permissions.
He did not have a Client Access License assigned yet so I gave him one of my RTC - Developer trial licenses that I have on this new Server. Then I saved the rtc.admin user settings.
Having done all that I stopped the server, changed the “server.xml” to use “ldapUserRegistry” and restarted the Server.
I tried to log on as ‘rtc.user’ but I still get “Login failed”
What have I forgotten to do ?
Thanks
Peter
In addition on the setup page where you specify LDAP there is a link to some tooling that I found helpful in the past to find out the client settings and to make sure LDAP can be connected. Carefully read that page when you switch back and forth.
Comments
Ah that looks useful.
I've run out of steam today so I'll take a look in the morning and report back.
I have made some progress on this and have now got the green”LDAP connection is established” message.
Here's also the link to the version 6.0.6 knowledge center: https://www.ibm.com/support/knowledgecenter/SSYMRC_6.0.6/com.ibm.jazz.install.doc/topics/t_config_ldap_connection_liberty.html