It's all about the answers!

Ask a question

RTC Express C and LDAP


Martin Laye (1631) | asked Jun 29 '10, 5:38 p.m.
According to the comparison chart at https://jazz.net/downloads/rational-team-concert/releases/2.0.0.2iFix3 , LDAP authentication is supported on RTC Express C, but not LDAP import/synchronize. I have tried and tried to get LDAP authentication working by editing the server.xml and web.xml files under Tomcat, but no progress. (I have done this a dozen times or more on RTC Standard and Enterprise with no problem.) I have checked and checked my Active Directory settings. There is no issue there that I can see. https://<host>:<port>/jazz/setup also does not show an option for LDAP in the User Registry step. I have looked for answers on the forum and other places, but still don't have a resolution. I am trying here before contacting the product team.

Does RTC Express C support LDAP authentication?
If so, how do you configure it?

BTW, using Derby, FWIW.

One answer



permanent link
Martin Laye (1631) | answered Jul 01 '10, 1:18 p.m.
I think I figured this out. For those who want to get this working:

RTC Express can use LDAP for user authentication, however since there is no import or synchronization ALL user management MUST be done in Active Directory (users, group permissions). This is why the Group Permissions are grayed out in the Jazz Admin User Management page. I verified this by changing my group role from JazzAdmins to JazzUsers in Active Directory, logged back in and did not have Admin capabilities as I did before I changed my group permissions in Active Directory.

After changing my group role back to JazzAdmins, I then created a new user in Active Directory with the name JazzUser and a member of Group JazzUsers. I then (as JazzAdmin) went to the Admin console User management page and created the same user (JazzUser) and logged out. I then logged in as JazzUser and verified that I had project access, but not Admin access.

Bottom line is, all user management with LDAP in RTC Express (or Express C) must be done with the Active Directory at the Domain Controller and NOT with the Jazz Admin console. However, when you add a user in the Jazz Admin User Management section, that user must have already been created in Active Directory (with associated group permissions) prior to creating it in Jazz. Of course, all server.xml and web.xml changes must be made beforehand AND the com.ibm.team.repository.service.internal.userregistry.ExternalUserRegistryService value under Server->Advanced Properties must be set to UNSUPPORTED. I suspect that the local user objects are being stored in the Derby database, but I have not confirmed this.

I do still have 2 identical duplicate entries for two properties in Server->Advanced Properties
com.ibm.team.repository.service.internal.userregistry.TomcatUserRegistryProvider
and
com.ibm.team.repository.service.internal.userregistry.ldap.LDAPUserRegistryProvider
This does not seem to affect anything, however.

Your answer


Register or to post your answer.