Jazz to LDAP Group Mapping
I am attempting to configure our server to use LDAP. This way people can log in using the same username/password they use whe logging into Windows. We do this for several other applications (including Build Forge and ClearQuest).
I've hit a stumbling block with the "Jazz to LDAP Group Mapping" field. We are very early in our stages with RTC. Our LDAP does not have any sort of Jazz group information. To that end, we do not really want to manage the Jazz group information in the LDAP machine, since that is managed by a different department and dealing with them is an overhead.
Is there a way I can use the LDAP w/o having the Jazz group information stored in the LDAP?
Is anybody out there using LDAP?
I am currently using the ADMIN/ADMIN account for all configuration w/ Jazz. I have successfully imported my personal account from the LDAP server. Unfortunately, I cannot log in using this account. However, I'm not sure if this problem is b/c my account is not associated with any Jazz Groups (like JazzGuest, etc.). I cannot alter this in the admin UI since they are being pulled from LDAP.
In our Build Forge implementation, we left all group mapping type stuff blank. This allows us to change the group associations for each account directly in Build Forge and we don't have to muck with LDAP attributes.
I've hit a stumbling block with the "Jazz to LDAP Group Mapping" field. We are very early in our stages with RTC. Our LDAP does not have any sort of Jazz group information. To that end, we do not really want to manage the Jazz group information in the LDAP machine, since that is managed by a different department and dealing with them is an overhead.
Is there a way I can use the LDAP w/o having the Jazz group information stored in the LDAP?
Is anybody out there using LDAP?
I am currently using the ADMIN/ADMIN account for all configuration w/ Jazz. I have successfully imported my personal account from the LDAP server. Unfortunately, I cannot log in using this account. However, I'm not sure if this problem is b/c my account is not associated with any Jazz Groups (like JazzGuest, etc.). I cannot alter this in the admin UI since they are being pulled from LDAP.
In our Build Forge implementation, we left all group mapping type stuff blank. This allows us to change the group associations for each account directly in Build Forge and we don't have to muck with LDAP attributes.
2 answers
James,
You might want to take a look at
https://jazz.net/library/article/457 (LDAPLocalGroup mapping). This user directory must be used when you want to use LDAP for authentication but use a file (outside LDAP) to manage the groups / roles.
This article was written for 2.x. The LDAPLocalGroup user directory is supported in 3.x. So, if you are using a 3.x RTC, you should be able to change the server.xml and teamserver.properties to use LDAPLOCALGroup user directory.
-- Balaji
Jazz Foundation Team
Comments
Sean G Wilbur
JAZZ DEVELOPER Jun 12 '12, 9:58 a.m.Keep in mind that the LDAP route is easier at scale than managing this in a text file (even if interfacing with the corporate IT team is difficult that is a more sustainable path for the long term). -Sean