Is the user in Jazz identified with specific identifier?
Scenario:
1. Install Jazz with WAS liberty web application.
2. Set Jazz User Registry Type to LDAP, and import some users into Jazz, as jazzuser1,jazzuser2(and belong to JazzUsers Group)
3. Assign some licenses to these users.
4. Set up some projects areas in applications, as in CCM/RM/QM
5. Login in application with jazzuser1 or jazzuser2
6. Create some artifacts or workitems.
7. modify local basicUserRegistry.xml which based on jazz install dir, and add jazzuser1 and jazzuser2 to this file, and set a new password (different with LDAP password) for these users separately, and assign repository group to these users.
8. Then switch Jazz User Registry Type to "Liberty Basic"
9. Try to Login Jazz with jazzuser1 or jazzuser2
10 . These users can login into Jazz succesfully with new password.
my questions:
1. that does this rational?
2. Is the user in Jazz identified with specific identifier?
3. does it means that the users stored in Jazz application database, and basic Registry file or LDAP registry is only used to do authentification?
Accepted answer
- A user has a unique ID - which you enter when you create one, so I wonder why the question
- A user has also a unique internal UUID
- Jazz ALWAYS delegates the authentication to the application server or another authentication server. The rules you enter when setting up LDAP map the internal user ID to the LDAP ID
- The internal user ID and the user ID are used for various purposes e.g. to track change history and the like.
Comments
For that I am verifying and evaluating Federated User Registry straegy, so there are many strange thinkings need to be clarified.
When using Liberty Basic Registry, manually create a user from the UI means the system create a User ID in the JTS database, and generate a internal user ID then corresponding to it.
When using LDAP Registry, the JTS application will sync the LDAP users and create User ID in JTS database, and then generate a internal user ID then corresponding to it.
the user ID / User internal ID can not be identified and distinguished where it is from, Basic Registry repo or LDAP repo,
right?
All the questions above are related to advanced ways how the Application server is configured. This is definitely not anything this forum is really up to. WAS and Liberty have their own forums.
The application server can not tell where the user comes from. In cases with using multiple user repositories, it will use some order. I do not know which. Maybe another forum does.