It's all about the answers!

Ask a question

Jazz to LDAP Group Mapping


James Leone (13613513) | asked Jun 21 '10, 5:42 p.m.
I am attempting to configure our server to use LDAP. This way people can log in using the same username/password they use whe logging into Windows. We do this for several other applications (including Build Forge and ClearQuest).

I've hit a stumbling block with the "Jazz to LDAP Group Mapping" field. We are very early in our stages with RTC. Our LDAP does not have any sort of Jazz group information. To that end, we do not really want to manage the Jazz group information in the LDAP machine, since that is managed by a different department and dealing with them is an overhead.

Is there a way I can use the LDAP w/o having the Jazz group information stored in the LDAP?

Is anybody out there using LDAP?

I am currently using the ADMIN/ADMIN account for all configuration w/ Jazz. I have successfully imported my personal account from the LDAP server. Unfortunately, I cannot log in using this account. However, I'm not sure if this problem is b/c my account is not associated with any Jazz Groups (like JazzGuest, etc.). I cannot alter this in the admin UI since they are being pulled from LDAP.

In our Build Forge implementation, we left all group mapping type stuff blank. This allows us to change the group associations for each account directly in Build Forge and we don't have to muck with LDAP attributes.

3 answers



permanent link
Ralph Schoon (63.1k33645) | answered Jun 22 '10, 2:32 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER
Hi,

there are teams using LDAP and the group mapping is required.
Maybe this could help you: http://jazz.net/library/techtip/457

Ralph

I am attempting to configure our server to use LDAP. This way people can log in using the same username/password they use whe logging into Windows. We do this for several other applications (including Build Forge and ClearQuest).

I've hit a stumbling block with the "Jazz to LDAP Group Mapping" field. We are very early in our stages with RTC. Our LDAP does not have any sort of Jazz group information. To that end, we do not really want to manage the Jazz group information in the LDAP machine, since that is managed by a different department and dealing with them is an overhead.

Is there a way I can use the LDAP w/o having the Jazz group information stored in the LDAP?

Is anybody out there using LDAP?

I am currently using the ADMIN/ADMIN account for all configuration w/ Jazz. I have successfully imported my personal account from the LDAP server. Unfortunately, I cannot log in using this account. However, I'm not sure if this problem is b/c my account is not associated with any Jazz Groups (like JazzGuest, etc.). I cannot alter this in the admin UI since they are being pulled from LDAP.

In our Build Forge implementation, we left all group mapping type stuff blank. This allows us to change the group associations for each account directly in Build Forge and we don't have to muck with LDAP attributes.

permanent link
James Leone (13613513) | answered Jun 22 '10, 12:35 p.m.
Thank you!

The techtip looks very promising and we are using RTC 2.0.0.2iFix3 so I will give this a go.

permanent link
James Leone (13613513) | answered Jun 22 '10, 3:23 p.m.
It hasn't gone as smoothly as I had hoped. I was able to follow along the techtip instructions, but I'm at an impass and I have a feeling it pertains to the way the <Realm> is configured in tomcat/conf/server.xml.

If I comment out the default "UserDatabaseRealm" and rely on the "LocalMapingJNDIRealm" as described in the article, I can no longer use the "ADMIN" account. I attempt to login using an account that exists in LDAP and I get an "invalid login" error.

I have a feeling, that the "LocalMapingJNDIRealm" is having problems connecting to the ldap server. When I attempt to log into Jazz with the "LocalMapingJNDIRealm" in place, tomcat/logs/catalina.out says:

javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece^@]; remaining name 'DC=ad,DC=sjm,DC=com'


Previously, I configured the "out of the box" LDAP functionality using the same values that I am configuration "LocalMapingJNDIRealm" with. I was able to successfully "Import" users from LDAP so I am pretty confident that the correct information is in the server.xml file.

The "LocalMapingJNDIRealm" has a "debug" attribute. The default value is 9, I set that to 1. However I don't see any difference and am not certain where I should look for that debug output, maybe this could help?

Any thoughts on how to debug this? Maybe a logging properties file somewhere?

Your answer


Register or to post your answer.