Using LDAP user registry with CLM
Hi,
we configured our CLM with LDAP (IBM Tivoly Directory Server) using WAS Integrated Console.
We defined several repositories in WAS realm and connected with LDAP (Groups in LDAP are on different levels).
We have created default Jazz groups on LDAP: JazzAdmins, JazzUsers, JazzProjectAdmins, JazzGuests.
These groups are not on same level in LDAP, but after configuring repositories on WAS realm which can read groups, we were able to find all groups when configuring ccm.war and jts.war applications.
But, there is a problem during the clm setup step where we must define LDAP parameters again:
I can write only one Base Group DN which I defined: ou=JAZZ,ou=groups,o=company,c=hr. That mentioned Base Group DN is also available in one of the WAS repositories which I mentioned before.
So, in this Base Group DN I have for example three Jazz Groups: JazzAdmins, JazzProjectAdmins and JazzGuests. Group JazzUsers is on another Base Group DN: ou=Jazz,ou=Spec,ou=groups,o=company,c=hr which is also available in one of the WAS repositories.
So, my question is: how can I achieve that my current CLM read jazz group JazzUsers and recognize all users which are members of this group?
Can I user more than one Base Group DN during CLM setup step where I must define user registry?
I hope you understand my question and problem.
Kind regards,
Milan
|
One answer
So you have some groups under the location:
ou=JAZZ,ou=groups,o=company,c=hr
and more groups under the location:
ou=Jazz,ou=Spec,ou=groups,o=company,c=hr
Therefore, the highest common level that contains BOTH sets of groups should be:
ou=groups,o=company,c=hr
Try setting Base Groups DN to:
ou=groups,o=company,c=hr
I think this should work. We have quite a hierarchy of groups at our place, too.
|
Your answer
Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.