Read-only LDAP + Tomcat
Hi,
We are using 2.0.0.2 standard edition. We need to use LDAP for authentication. But we are not able to change the LDAP group definition. That is, Jazz groups can not be added on the LDAP server. Anyone knows how to do group mapping in other ways? We have to use Tomcat, the LDAP (Microsoft Active Directory) is read-only.
Any suggestion is appreciated. Thank you very much.
Lin
We are using 2.0.0.2 standard edition. We need to use LDAP for authentication. But we are not able to change the LDAP group definition. That is, Jazz groups can not be added on the LDAP server. Anyone knows how to do group mapping in other ways? We have to use Tomcat, the LDAP (Microsoft Active Directory) is read-only.
Any suggestion is appreciated. Thank you very much.
Lin
2 answers
Hi Lin,
We had a similar issue during the period we set up RTC where we are. Even though the user that tomcat used to communicate with the LDAP server had permission to modify the members of the JazzUsers and JazzAdmin groups, it still said Read Only. The IBM/Rational consultant looked into this and found that when using LDAP, it is hard coded to be Read Only so there was no chance of getting this working.
We now manually add the users to the required groups.
I've just spotted this work item though which sounds promising:
https://jazz.net/jazz/web/projects/Rational%20Team%20Concert#action=com.ibm.team.workitem.viewWorkItem&id=86995
Jas
We had a similar issue during the period we set up RTC where we are. Even though the user that tomcat used to communicate with the LDAP server had permission to modify the members of the JazzUsers and JazzAdmin groups, it still said Read Only. The IBM/Rational consultant looked into this and found that when using LDAP, it is hard coded to be Read Only so there was no chance of getting this working.
We now manually add the users to the required groups.
I've just spotted this work item though which sounds promising:
https://jazz.net/jazz/web/projects/Rational%20Team%20Concert#action=com.ibm.team.workitem.viewWorkItem&id=86995
Jas
Hi,
We are using 2.0.0.2 standard edition. We need to use LDAP for authentication. But we are not able to change the LDAP group definition. That is, Jazz groups can not be added on the LDAP server. Anyone knows how to do group mapping in other ways? We have to use Tomcat, the LDAP (Microsoft Active Directory) is read-only.
Any suggestion is appreciated. Thank you very much.
Lin
Hi Jas,
Thank you very much for your help. Finally we decided to use tomcat-users.xml as the user data source.
Lin
Thank you very much for your help. Finally we decided to use tomcat-users.xml as the user data source.
Lin
Hi Lin,
We had a similar issue during the period we set up RTC where we are. Even though the user that tomcat used to communicate with the LDAP server had permission to modify the members of the JazzUsers and JazzAdmin groups, it still said Read Only. The IBM/Rational consultant looked into this and found that when using LDAP, it is hard coded to be Read Only so there was no chance of getting this working.
We now manually add the users to the required groups.
I've just spotted this work item though which sounds promising:
https://jazz.net/jazz/web/projects/Rational%20Team%20Concert#action=com.ibm.team.workitem.viewWorkItem&id=86995
Jas
Hi,
We are using 2.0.0.2 standard edition. We need to use LDAP for authentication. But we are not able to change the LDAP group definition. That is, Jazz groups can not be added on the LDAP server. Anyone knows how to do group mapping in other ways? We have to use Tomcat, the LDAP (Microsoft Active Directory) is read-only.
Any suggestion is appreciated. Thank you very much.
Lin