It's all about the answers!

Ask a question

repotools create user with jazz admin permissions

Ankit Vashistha (125626) | asked May 26 '20, 12:41 a.m.
edited May 26 '20, 12:49 a.m.
I need to create a new user using repotools command under jts and want to assign this new user jazz admin license.
I saw an example of creating a new user but how to assign a admin rights to that user was not mentioned.

My current CLM setup is configured to use LDAP as user registry, can i still go ahead with creating user using repotool command. We have enterprise topology implementation of CLM. 

Accepted answer

permanent link
Ralph Schoon (62.7k33643) | answered May 26 '20, 2:57 a.m.
There is nothing like a Jazz admin license. There are several concepts of "admin rights". It would be beneficial if you could be clearer on what you want to do in the first place.

One concept relevant for administration is the repository role JazzAdmin, which allows the user to see all data and also make themselves administrators for any project area.

To add to Bhagaths answer, if one wants to do any automation around creating users while using LDAP, you would
  1. Use LDAP automation tools to create the user and assign it the Jazz repository roles including JazzAdmin
  2. Synchronize the user from LDAP using repotool syncUsers
I have not tried this with LDAP, but the repotools command createUser allows to assign a license to a user. It updates the user if it exists. An example below.

call %SERVERFOLDER%\repotools-jts -createUser userId=build repositoryURL=%REPOSITORY% adminUserId=%USERID% adminPassword=%PASSWORD%

Ankit Vashistha selected this answer as the correct answer

Ankit Vashistha commented May 26 '20, 5:55 a.m.
My point of worry is, my CLM setup is configured with LDAP, and currently I am not able to login using my JazzAdmin account.
I though to create a new user with JazzAdmin rights to perform functionality.

Or else if you can suggest where to check whether user is able to get authenticated from LDAP or not, or if there are some issue at CLM server side, because with that same user and password combination I am able to login to my mail server and other applications.

Ralph Schoon commented May 26 '20, 6:35 a.m. | edited May 26 '20, 6:37 a.m.
The JazzAdmin repository role is defined in LDAP by group mapping. So creating a new admin user with that mapping that is synced in would be sufficient. But you would need the admin user to trigger the synchronization to make it usable instantly.

You could simply change the password of your current admin user in LDAP and should be able to log in. As long as your LDAP connection with CLM works, that should not be a problem.

You could create another admin user with JazzAdmin repository role. It might not fix your problem, if the Admin password you currently use is correct.

You should
1. Try to change the current admins password in LDAP
2. If that does not help check your server log files and your LDAP log files to see what the problem is.

Ankit Vashistha commented May 27 '20, 5:19 a.m.
That really helps @Ralph Schoon

Just want to know one thing, do we have any provision to change my current LDAP server to new LDAP server in my running CLM server.

Also do i have the facility to shift back to CLM's own user management feature from LDAP server.

Ralph Schoon commented May 27 '20, 8:03 a.m. | edited May 27 '20, 8:06 a.m.
I think that is possible, but how to depends on the deployment details and doing it likely requires a good understanding of what you are doing. Dependent on the application server, there are likely several xml files that need changing and I would assume you would also have to change advanced properties in the Jazz application configurations.

I will not detail this further.

I also do not see why you would want to do that. You want to fix your admin user and their password. Unless we are missing information this is something that only needs fixing in LDAP.

Ankit Vashistha commented May 29 '20, 1:49 a.m.
Thanks for your support @Ralph Schoon
CLM application is working fine from the user management point of view, above question was just about the curiosity as we may face some issues related to user login and management from LDAP side.

One other answer

permanent link
Bhagath P B (3787) | answered May 26 '20, 1:56 a.m.

Hi Ankit,

If your CLM is configured with LDAP user registry you can only use repotool syncUsers to create or modify users into application.

Ankit Vashistha commented Jun 02 '20, 12:30 a.m.

Thanks Bhagath for your response. its already discussed

Your answer

Register or to post your answer.