LDAP/BluePages/BlueGroups with M5
I'm trying to figure out the parameters required to make the user import from LDAP work with bluepags. I've created 5 BlueGroups: WA_JazzGroups, WA_JazzAdmins, WA_JazzDWAdmins, WA_JazzUsers, WA_JazzGuests. The last 4 groups are members of the first group.
WA_JazzAdmins has 1 member and WA_JazzUsers has several members.
Does anyone know the correct settings to make this work? I've played around with various options for com.ibm.team.repository.service.internal.userregistry.LDAPUserRegistryProvider with no success.
I'm assuming that when these settings are correct, I simply go to the Manage Users page in the WebUI and specify which users I want to import, is that correct?
Any help would be greatly appreciated!
EDIT: I should specify that I'm using the latest integration build which as the fix for 45900
WA_JazzAdmins has 1 member and WA_JazzUsers has several members.
Does anyone know the correct settings to make this work? I've played around with various options for com.ibm.team.repository.service.internal.userregistry.LDAPUserRegistryProvider with no success.
I'm assuming that when these settings are correct, I simply go to the Manage Users page in the WebUI and specify which users I want to import, is that correct?
Any help would be greatly appreciated!
EDIT: I should specify that I'm using the latest integration build which as the fix for 45900
15 answers
Hi Pravesh,
M5a milestone build will be released today. This contains all the fixes you
need.
As far as LDAP config go, bluepages is IBM internal. The properties shown
below does not have the coordinates for bluepages and base user dn).
com.ibm.team.repository.ldap.registryLocation=xxx
com.ibm.team.repository.ldap.baseUserDN=xxx
com.ibm.team.repository.ldap.baseGroupDN=xxx (would be the dn of
WA_JazzGroups)
# I have mapped user id to emailAddress, name to cn and emailAddress to
email address fields. You might choose
# to use a different mapping
com.ibm.team.repository.ldap.userAttributesMapping=userId=emailaddress,name=cn,emailAddress=emailaddress
#Group Mapping
com.ibm.team.repository.ldap.groupMapping=JazzAdmins=WA_JazzAdmins,
JazzDWAdmins=WA_JazzDWAdmins,JazzGuests=WA_JazzGuests,JazzUsers=WA_JazzUsers
com.ibm.team.repository.ldap.findUsersByUserIdQuery=emailaddress=?1
com.ibm.team.repository.ldap.groupNameAttribute=cn
com.ibm.team.repository.ldap.findGroupsForUserQuery=uniquemember={USER-DN}
(You should substitue uniquemember with attribute you used to specify the
members of a group in LDAP registry).
To import users from LDAP registry, you need to select the repository node
in Eclipse client, right click and choose New->User.
----- Balaji
"pravesh" <pravesh@us.ibm-dot-com.no-spam.invalid> wrote in message
news:fr6r5r$mud$1@localhost.localdomain...
M5a milestone build will be released today. This contains all the fixes you
need.
As far as LDAP config go, bluepages is IBM internal. The properties shown
below does not have the coordinates for bluepages and base user dn).
com.ibm.team.repository.ldap.registryLocation=xxx
com.ibm.team.repository.ldap.baseUserDN=xxx
com.ibm.team.repository.ldap.baseGroupDN=xxx (would be the dn of
WA_JazzGroups)
# I have mapped user id to emailAddress, name to cn and emailAddress to
email address fields. You might choose
# to use a different mapping
com.ibm.team.repository.ldap.userAttributesMapping=userId=emailaddress,name=cn,emailAddress=emailaddress
#Group Mapping
com.ibm.team.repository.ldap.groupMapping=JazzAdmins=WA_JazzAdmins,
JazzDWAdmins=WA_JazzDWAdmins,JazzGuests=WA_JazzGuests,JazzUsers=WA_JazzUsers
com.ibm.team.repository.ldap.findUsersByUserIdQuery=emailaddress=?1
com.ibm.team.repository.ldap.groupNameAttribute=cn
com.ibm.team.repository.ldap.findGroupsForUserQuery=uniquemember={USER-DN}
(You should substitue uniquemember with attribute you used to specify the
members of a group in LDAP registry).
To import users from LDAP registry, you need to select the repository node
in Eclipse client, right click and choose New->User.
----- Balaji
"pravesh" <pravesh@us.ibm-dot-com.no-spam.invalid> wrote in message
news:fr6r5r$mud$1@localhost.localdomain...
I'm trying to figure out the parameters required to make the user
import from LDAP work with bluepags. I've created 5 BlueGroups:
WA_JazzGroups, WA_JazzAdmins, WA_JazzDWAdmins, WA_JazzUsers,
WA_JazzGuests. The last 4 groups are members of the first group.
WA_JazzAdmins has 1 member and WA_JazzUsers has several members.
Does anyone know the correct settings to make this work? I've played
around with various options for
com.ibm.team.repository.service.internal.userregistry.LDAPUserRegistryProvider
with no success.
I'm assuming that when these settings are correct, I simply go to the
Manage Users page in the WebUI and specify which users I want to
import, is that correct?
Any help would be greatly appreciated!
EDIT: I should specify that I'm using the latest integration build
which as the fix for 45900
who can help me solve the question
https://jazz.net/forums/viewtopic.php?t=878
Change the file :
\profiles\AppSrv01\config\cells\hostnameNode01Cell\
applications\jazz_war.ear\deployments\jazz_war\jazz.war\WEB-INF\web.xml
<!-- Added to enable basic authentication for Jazz -->
<security-constraint>
<web-resource-collection>
<web-resource-name>secure</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
it display the following message when client log on
connection error :return code 302 from http request:Found
build is beta2a
config:WAS 6.1+DB2+LDAP(bluepages.ibm.com)
https://jazz.net/forums/viewtopic.php?t=878
Change the file :
\profiles\AppSrv01\config\cells\hostnameNode01Cell\
applications\jazz_war.ear\deployments\jazz_war\jazz.war\WEB-INF\web.xml
<!-- Added to enable basic authentication for Jazz -->
<security-constraint>
<web-resource-collection>
<web-resource-name>secure</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
it display the following message when client log on
connection error :return code 302 from http request:Found
build is beta2a
config:WAS 6.1+DB2+LDAP(bluepages.ibm.com)
Form-based login is broken in WebSphere in Beta2 / Beta2a. This problem was
fixed in M5.
See bug Http 302 when connecting to Jazz Server using Eclipse client.
(35379) (web).
There are a couple of workarounds...
a.) Use basic auth in WebSphere
or b.) Upgrade to M5
--
Ritchie
**********************************************
Ritchie Schacher
Jazz Repository/Server Team
"openeis" <wangwyu@cn.ibm-dot-com.no-spam.invalid> wrote in message
news:fr7co8$u9e$1@localhost.localdomain...
fixed in M5.
See bug Http 302 when connecting to Jazz Server using Eclipse client.
(35379) (web).
There are a couple of workarounds...
a.) Use basic auth in WebSphere
or b.) Upgrade to M5
--
Ritchie
**********************************************
Ritchie Schacher
Jazz Repository/Server Team
"openeis" <wangwyu@cn.ibm-dot-com.no-spam.invalid> wrote in message
news:fr7co8$u9e$1@localhost.localdomain...
who can help me solve the question
https://jazz.net/forums/viewtopic.php?t=878
Change the file :
\profiles\AppSrv01\config\cells\hostnameNode01Cell\
applications\jazz_war.ear\deployments\jazz_war\jazz.war\WEB-INF\web.xml
!-- Added to enable basic authentication for Jazz --
security-constraint
web-resource-collection
web-resource-name>secure</web-resource-name
url-pattern>/*</url-pattern
/web-resource-collection
it display the following message when client log on
connection error :return code 302 from http request:Found
build is beta2a
config:WAS 6.1+DB2+LDAP(bluepages.ibm.com)
Balaji
I've downloaded and installed M5a, but I'm having no luck with the setting you provided.
I don't think the bluepages registry and baseUserDN are IBM confidential. I provided values which I believe to be correct for these, although since I'm new to LDAP I could be completely wrong. Here are the values I provided:
registryLocation = ldap://bluepages.ibm.com:389
baseUserDN = ou=bluepages,o=ibm.com < not sure about this
baseGroupDN = ou=WA_JazzGroups,ou=memberlist,ou=ibmgroups,o=ibm.com < not sure about this
For findGroupsForUserQuery, I'm not sure what I need to specify here. I defined my bluegroups using LDAP filters which specify the division and department of the users I'd like to include.
I'm pretty sure my UserDN is incorrect, but I'm not sure what the correct value is. Can you please provide some IBM specific help here? I'm sure there are other IBMers on the forum with the same issue.
I've downloaded and installed M5a, but I'm having no luck with the setting you provided.
I don't think the bluepages registry and baseUserDN are IBM confidential. I provided values which I believe to be correct for these, although since I'm new to LDAP I could be completely wrong. Here are the values I provided:
registryLocation = ldap://bluepages.ibm.com:389
baseUserDN = ou=bluepages,o=ibm.com < not sure about this
baseGroupDN = ou=WA_JazzGroups,ou=memberlist,ou=ibmgroups,o=ibm.com < not sure about this
For findGroupsForUserQuery, I'm not sure what I need to specify here. I defined my bluegroups using LDAP filters which specify the division and department of the users I'd like to include.
I'm pretty sure my UserDN is incorrect, but I'm not sure what the correct value is. Can you please provide some IBM specific help here? I'm sure there are other IBMers on the forum with the same issue.
I looked at all your groupos. The following should be the value for
findGroupsForUserQuery..
com.ibm.team.repository.ldap.findGroupsForUserQuery=uniquemember={USER-DN}
Your have specified the correct user and group DN.
You mentioned that you cannot get it to work. What doesn't work. Can you not
import the users ?
---- Balaji
"pravesh" <pravesh@us.ibm-dot-com.no-spam.invalid> wrote in message
news:fr9k7c$tkq$1@localhost.localdomain...
findGroupsForUserQuery..
com.ibm.team.repository.ldap.findGroupsForUserQuery=uniquemember={USER-DN}
Your have specified the correct user and group DN.
You mentioned that you cannot get it to work. What doesn't work. Can you not
import the users ?
---- Balaji
"pravesh" <pravesh@us.ibm-dot-com.no-spam.invalid> wrote in message
news:fr9k7c$tkq$1@localhost.localdomain...
Balaji
I've downloaded and installed M5a, but I'm having no luck with the
setting you provided.
I don't think the bluepages registry and baseUserDN are IBM
confidential. I provided values which I believe to be correct for
these, although since I'm new to LDAP I could be completely wrong.
Here are the values I provided:
registryLocation = ldap://bluepages.ibm.com:389
baseUserDN = ou=bluepages,o=ibm.com < not sure about this
baseGroupDN = ou=WA_JazzGroups,ou=memberlist,ou=ibmgroups,o=ibm.com
not sure about this
For findGroupsForUserQuery, I'm not sure what I need to specify here.
I defined my bluegroups using LDAP filters which specify the division
and department of the users I'd like to include.
I'm pretty sure my UserDN is incorrect, but I'm not sure what the
correct value is. Can you please provide some IBM specific help
here? I'm sure there are other IBMers on the forum with the same
issue.
I can not import users using RTC with the following settings:
Base DN of Jazz application group: cn=WA_JazzGroups,ou=memberlist,ou=ibmgroups,o=ibm.com
Base DN of users in the registry: ou=bluepages,o=ibm.com
Find groups for user: uniquemember={USER-DN}
Find users by any name query: (| (cn=* ?1*) (cn=*_?1*))
Find users by name query: cn=?1*
Jazz Application group name attribute: cn
Jazz to LDAP group mapping: JazzAdmins=WA_JazzAdmins,JazzUsers=WA_JazzUsers;WA_JazzUsers1,JazzDWAdmins=WA_JazzDWAdmins,JazzGuests=WA_JazzGuests
Jazz user attributes to LDAP entry attributes mapping: userId=mail,name=cn,emailAddress=mail
LDAP registry location: ldap://bluepages.ibm.com:389
Max number of entries returned from user search: 100
Query to find users by user id: uid=?1
user id/password to acces LDAP registry set correctly
When RTC New > User I've tried to search for the following strings:
Pravesh Patel
Patel
pravesh@us.ibm.com
pravesh*
I am a member of the WA_JazzUsers bluegroup, but I'm unable to successfully add myself to Jazz using the New > User function.
Base DN of Jazz application group: cn=WA_JazzGroups,ou=memberlist,ou=ibmgroups,o=ibm.com
Base DN of users in the registry: ou=bluepages,o=ibm.com
Find groups for user: uniquemember={USER-DN}
Find users by any name query: (| (cn=* ?1*) (cn=*_?1*))
Find users by name query: cn=?1*
Jazz Application group name attribute: cn
Jazz to LDAP group mapping: JazzAdmins=WA_JazzAdmins,JazzUsers=WA_JazzUsers;WA_JazzUsers1,JazzDWAdmins=WA_JazzDWAdmins,JazzGuests=WA_JazzGuests
Jazz user attributes to LDAP entry attributes mapping: userId=mail,name=cn,emailAddress=mail
LDAP registry location: ldap://bluepages.ibm.com:389
Max number of entries returned from user search: 100
Query to find users by user id: uid=?1
user id/password to acces LDAP registry set correctly
When RTC New > User I've tried to search for the following strings:
Pravesh Patel
Patel
pravesh@us.ibm.com
pravesh*
I am a member of the WA_JazzUsers bluegroup, but I'm unable to successfully add myself to Jazz using the New > User function.
pravesh wrote:
If I'm reading this correctly...
https://jazz.net/wiki/bin/view/Main/RoleMigrationAndLdapConfiguration
Wouldn't you need groups with name 'JazzAdmins' , 'JazzUsers',
'JazzGuests' , and 'JazzDWAdmins' under your ou=WA_JazzGroups (ie. not
prefixed with WA).
And if thats the case I don't see how this could even remotely work
inside IBM. The first person to claim the JazzAdmin bluegroup would be
the only person able to deploy Jazz with IIP auth.
I'm trying to figure out the parameters required to make the user
import from LDAP work with bluepags. I've created 5 BlueGroups:
WA_JazzGroups, WA_JazzAdmins, WA_JazzDWAdmins, WA_JazzUsers,
WA_JazzGuests. The last 4 groups are members of the first group.
WA_JazzAdmins has 1 member and WA_JazzUsers has several members.
Does anyone know the correct settings to make this work? I've played
around with various options for
com.ibm.team.repository.service.internal.userregistry.LDAPUserRegistryProvider
with no success.
I'm assuming that when these settings are correct, I simply go to the
Manage Users page in the WebUI and specify which users I want to
import, is that correct?
Any help would be greatly appreciated!
EDIT: I should specify that I'm using the latest integration build
which as the fix for 45900
If I'm reading this correctly...
https://jazz.net/wiki/bin/view/Main/RoleMigrationAndLdapConfiguration
Wouldn't you need groups with name 'JazzAdmins' , 'JazzUsers',
'JazzGuests' , and 'JazzDWAdmins' under your ou=WA_JazzGroups (ie. not
prefixed with WA).
And if thats the case I don't see how this could even remotely work
inside IBM. The first person to claim the JazzAdmin bluegroup would be
the only person able to deploy Jazz with IIP auth.
pravesh wrote:
If I'm reading this correctly...
https://jazz.net/wiki/bin/view/Main/RoleMigrationAndLdapConfiguration
Wouldn't you need groups with name 'JazzAdmins' , 'JazzUsers',
'JazzGuests' , and 'JazzDWAdmins' under your ou=WA_JazzGroups (ie. not
prefixed with WA).
And if thats the case I don't see how this could even remotely work
inside IBM. The first person to claim the JazzAdmin bluegroup would be
the only person able to deploy Jazz with IIP auth.
--Mark
I'm trying to figure out the parameters required to make the user
import from LDAP work with bluepags. I've created 5 BlueGroups:
WA_JazzGroups, WA_JazzAdmins, WA_JazzDWAdmins, WA_JazzUsers,
WA_JazzGuests. The last 4 groups are members of the first group.
WA_JazzAdmins has 1 member and WA_JazzUsers has several members.
Does anyone know the correct settings to make this work? I've played
around with various options for
com.ibm.team.repository.service.internal.userregistry.LDAPUserRegistryProvider
with no success.
I'm assuming that when these settings are correct, I simply go to the
Manage Users page in the WebUI and specify which users I want to
import, is that correct?
Any help would be greatly appreciated!
EDIT: I should specify that I'm using the latest integration build
which as the fix for 45900
If I'm reading this correctly...
https://jazz.net/wiki/bin/view/Main/RoleMigrationAndLdapConfiguration
Wouldn't you need groups with name 'JazzAdmins' , 'JazzUsers',
'JazzGuests' , and 'JazzDWAdmins' under your ou=WA_JazzGroups (ie. not
prefixed with WA).
And if thats the case I don't see how this could even remotely work
inside IBM. The first person to claim the JazzAdmin bluegroup would be
the only person able to deploy Jazz with IIP auth.
--Mark
pravesh wrote:
If I'm reading this correctly...
https://jazz.net/wiki/bin/view/Main/RoleMigrationAndLdapConfiguration
Wouldn't you need groups with name 'JazzAdmins' , 'JazzUsers',
'JazzGuests' , and 'JazzDWAdmins' under your ou=WA_JazzGroups (ie. not
prefixed with WA).
And if thats the case I don't see how this could even remotely work
inside IBM. The first person to claim the JazzAdmin bluegroup would be
the only person able to deploy Jazz with IIP auth.
--Mark
I'm trying to figure out the parameters required to make the user
import from LDAP work with bluepags. I've created 5 BlueGroups:
WA_JazzGroups, WA_JazzAdmins, WA_JazzDWAdmins, WA_JazzUsers,
WA_JazzGuests. The last 4 groups are members of the first group.
WA_JazzAdmins has 1 member and WA_JazzUsers has several members.
Does anyone know the correct settings to make this work? I've played
around with various options for
com.ibm.team.repository.service.internal.userregistry.LDAPUserRegistryProvider
with no success.
I'm assuming that when these settings are correct, I simply go to the
Manage Users page in the WebUI and specify which users I want to
import, is that correct?
Any help would be greatly appreciated!
EDIT: I should specify that I'm using the latest integration build
which as the fix for 45900
If I'm reading this correctly...
https://jazz.net/wiki/bin/view/Main/RoleMigrationAndLdapConfiguration
Wouldn't you need groups with name 'JazzAdmins' , 'JazzUsers',
'JazzGuests' , and 'JazzDWAdmins' under your ou=WA_JazzGroups (ie. not
prefixed with WA).
And if thats the case I don't see how this could even remotely work
inside IBM. The first person to claim the JazzAdmin bluegroup would be
the only person able to deploy Jazz with IIP auth.
--Mark
Mark,
You are reading the Wiki correctly, however that info is slightly out of date. The issue you are referring to was fixed in M5a, specifically defect 45900. The names are no longer "fixed" but rather mapped from user defined names. So this theoretically should now work...
-Pravesh
You are reading the Wiki correctly, however that info is slightly out of date. The issue you are referring to was fixed in M5a, specifically defect 45900. The names are no longer "fixed" but rather mapped from user defined names. So this theoretically should now work...
-Pravesh
page 1of 1 pagesof 2 pages