LDAP auth: last step, configuring Jazz properties
Our Tomcat is authenticating users against LDAP (login is successful), but I am unable to complete the last step in the Jazz LDAP confuration guide at:
https://jazz.net/wiki/bin/view/Main/RoleMigrationAndLdapConfiguration#Configuring_Jazz_to_import_users Step 1 in that section instructs the admin to go to the url: https://localhost:9443/jazz/admin#action=com.ibm.team.repository.admin.configureAdvanced It seems that there is no such action, though (one of our devs checked the source code), and we get the 'loading' message, but no page ever appears. We're running M5. Everything else is working as expected. Any suggestions for where to start looking? Thanks- John |
8 answers
Hello John,
Glad to hear that you've made it this far. I just tested the URL on a server running on my workstation and it it came up: https://localhost:9443/jazz/admin#action=com.ibm.team.repository.admin.configureAdvanced Note that this page is restricted to only authenticated users who have the JazzAdmins role. Please double check the following: - The LDAP group membership and names - The tomcat configuration to authenticate with those groups - the user id you are using to configure the server Connecting as a user who did not have the role resulted in a dialog indicating the user did not have the proper authority to access that page, but after dismissing the dialog the page displayed exactly as you've reported. I filed a bug https://jazz.net/jazz/web/projects/Jazz%20Project#action=com.ibm.team.workitem.viewWorkItem&id=46307 to provide a better presentation for this case. Thanks, Ritchie ********************************************** Ritchie Schacher Jazz Repository/Server Team "jman" <shijia616@163-dot-com.no-spam.invalid> wrote in message news:fqdmlt$bgq$1@localhost.localdomain... Our Tomcat is authenticating users against LDAP (login is successful), |
|
If the LDAP Realm in server.xml is temporarily commented out, so that the original, working UserDatabaseRealm is in effect, should the
https://localhost:9443/jazz/admin#action=com.ibm.team.repository.admin.configureAdvanced page be visible with ADMIN login? Thanks for the help. I'll post the eventual solution once we get there. John |
|
Yes that would work, as long as you also uncomment the UserDatabaseRealm.
-- Ritchie ********************************************** Ritchie Schacher Jazz Repository/Server Team "jman" <shijia616@163-dot-com.no-spam.invalid> wrote in message news:fqfn4g$f9p$1@localhost.localdomain... If the LDAP Realm in server.xml is temporarily commented out, so that |
|
LDAP auth is now working. The bit that I had wrong was in Tomcat's server.xml file:
With this definition, Tomcat searches for groups whose memberUids contain a DN, such as the filter, "(memberUid=uid=jman,ou=people,dc=foobar,dc=com". However, I had set up the group as a UNIX-like group with the bare uid. Changing the roleSearch tag to the following:
causes Tomcat to use the filter "(memberUid=jman)", the desired behavior at our site. We're now able to login with user and admin privileges by authing against LDAP. At this point, it doesn't matter to us, but the configureAdvanced page still isn't accessible: https://localhost:9443/jazz/admin#action=com.ibm.team.repository.admin.configureAdvanced Our local Java expert sent me a screenshot from eclipse of the Jazz M5 source code that, he believes, shows that a ConfigureAdvanced.js file that should exist for this action to work actually doesn't exist. The screenshot is incomplete, but he thinks it should be in a directory such as "ui/internal/admin/server/ConfigureAdvanced.js'. I don't know anything about Java, so I can't help here. Sorry! Thanks for the help. |
|
|
|
"jman" <shijia616@163-dot-com.no-spam.invalid> wrote in message
news:fqif10$lp4$1@localhost.localdomain...
import users and to display user's roles? Our local Java expert sent me a screenshot from eclipse of the Jazz M5 One of our web UI developer's double-checked and reports the following: "I just tried an out-of-the-box M5 jazz server, and I didn't have any problems loading the configureAdvanced page. My javascript file is at: <JAZZ_HOME>\server\tomcat\webapps\jazz\WEB-INF\eclipse\plugins\com.ibm.team.repository.web_0.6.0.I20080223-1237\resources\ui\internal\admin\server\ConfigureAdvanced.js" If this file doesn't exist for you, maybe there were problems unpacking the jazz.war. -- Ritchie ********************************************** Ritchie Schacher Jazz Repository/Server Team |
(No ConfigureAdvanced.js file in the .jar file) Note that this is running on a Linux host; might it be that this file doesn't exist out-of-the-box in the Linux version? Anyway, sorry I'm not a Jazz expert, but here's what I know. We already had our Jazz users from the pre-LDAP configuration; AFAIK, we've only set up LDAP to perform auth through Tomcat, and no configuration in the Jazz app. John |
|
Thanks for clarifying the usage scenario. The LDAP properties for the
advanced configuration only exist in M5, and the link for the advanced configuration page also changed in M5. The command you showed (/usr/share/jazz/server/tomcat/webapps/jazz/WEB-INF/eclipse/plugins/com.ibm.team.repository.web_0.6.0.I20080110-1623.jar | grep resources/ui/internal/admin/server/C 8069 01-10-08 16:37 ) suggests you are using beta2 and not M5. Can you double check that this in fact M5? If you go to <serverURL>/jazz/admin in a web browser you should see the server version in the status page. -- Ritchie ********************************************** Ritchie Schacher Jazz Repository/Server Team |
Your answer
Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.