It's all about the answers!

Ask a question

Using LDAP user registry with CLM

Milan Krivic (9808163136) | asked Apr 07 '20, 6:15 a.m.


we configured our CLM with LDAP (IBM Tivoly Directory Server) using WAS Integrated Console.
We defined several repositories in WAS realm and connected with LDAP (Groups in LDAP are on different levels).
We have created default Jazz groups on LDAP: JazzAdmins, JazzUsers, JazzProjectAdmins, JazzGuests.
These groups are not on same level in LDAP, but after configuring repositories on WAS realm which can read groups, we were able to find all groups when configuring ccm.war and jts.war applications.
But, there is a problem during the clm setup step where we must define LDAP parameters again:
I can write only one Base Group DN which I defined: ou=JAZZ,ou=groups,o=company,c=hr. That mentioned Base Group DN is also available in one of the WAS repositories which I mentioned before.
So, in this Base Group DN I have for example three Jazz Groups: JazzAdmins, JazzProjectAdmins and JazzGuests. Group JazzUsers is on another Base Group DN: ou=Jazz,ou=Spec,ou=groups,o=company,c=hr which is also available in one of the WAS repositories.

So, my question is: how can I achieve that my current CLM read jazz group JazzUsers and recognize all users which are members of this group?
Can I user more than one Base Group DN during CLM setup step where I must define user registry?

I hope you understand my question and problem.

Kind regards,

One answer

permanent link
Dave Evans (1382137) | answered Apr 08 '20, 11:50 a.m.

 So you have some groups under the location:


and more groups under the location:

Therefore, the highest common level that contains BOTH sets of groups should be:

Try setting Base Groups DN to:

I think this should work. We have quite a hierarchy of groups at our place, too.

Your answer

Register or to post your answer.