The "Jazz to LDAP Group Mapping" field cannot be empty. If you don't use groups at all, how do you fill in that field?

Thanks, Gary

Gary,

I just talked to an engineer who said that you have to manage users+groups in LDAP or in RTC. You cannot split the two up. Either I was doing something I should not have done or things have changed since pre v1.0.

I will look for the VM image where I was running that configuration. If I can find it I will post the configuration here.

To my knowledge, LDAP groups are required if you are using LDAP user
authentication. The work item to remove this requirement is 86995. It
is currently marked as "high priority" for RTC-3.0.

Cheers,
Geoff

garymu wrote:

Thank for the information, Jas.

I'm still wondering if the groups are mandatory. I could envision
using LDAP just for pure authentication, and then applying roles
(admin, etc.) from Jazz itself. Can someone "in the know"
please quickly let us know?

Jas - could you possibly send me your configuration inside the Jazz
server for Active Directory?

Thanks, Gary

Group information is used to authorize user operations. For example, only users with jazzAdmins authority can create new users in the repository.

Here are the steps to use LDAP authentication / authorization in RTC without creating new groups in LDAP. This is NOT a recommended setting. This setting can be used only when customers are not authorized to create new groups in LDAP. Note : this solution requires WebSphere application server.

- configure LDAP authentication in WAS
- While mapping users and groups, add the appropriate users to the 4 Jazz groups. for e..g Users A, C, D and E are mapped to JazzAdmins group. Users X, Y and Z are mapped to JazzUsers group.
- Users are authenticated using the information provided in WAS
- RTC retrieves group information (before performing user operations) from application server. The application server uses the information provided in step 2 to return the group information.
- Provide some dummy values in LDAP setup wizard. The group information of a user will not be shown in the user editor.


--- Balaji
Jazz Server Team

To my knowledge, LDAP groups are required if you are using LDAP user
authentication. The work item to remove this requirement is 86995. It
is currently marked as "high priority" for RTC-3.0.

Cheers,
Geoff

garymu wrote:

Thank for the information, Jas.

I'm still wondering if the groups are mandatory. I could envision
using LDAP just for pure authentication, and then applying roles
(admin, etc.) from Jazz itself. Can someone "in the know"
please quickly let us know?

Jas - could you possibly send me your configuration inside the Jazz
server for Active Directory?

Thanks, Gary

In Tomcat, you cannot map list of users to a group. Thats why I mentioned that the prereq for this solution is WAS.

--- Balaji

Balaji:

Thanks for the reply.

Are the instructions for Tomcat pretty much the same?

Gary