It's all about the answers!

Ask a question

LDAP/BluePages/BlueGroups with M5


Pravesh Patel (37612615) | asked Mar 11 '08, 4:45 p.m.
I'm trying to figure out the parameters required to make the user import from LDAP work with bluepags. I've created 5 BlueGroups: WA_JazzGroups, WA_JazzAdmins, WA_JazzDWAdmins, WA_JazzUsers, WA_JazzGuests. The last 4 groups are members of the first group.

WA_JazzAdmins has 1 member and WA_JazzUsers has several members.

Does anyone know the correct settings to make this work? I've played around with various options for com.ibm.team.repository.service.internal.userregistry.LDAPUserRegistryProvider with no success.

I'm assuming that when these settings are correct, I simply go to the Manage Users page in the WebUI and specify which users I want to import, is that correct?

Any help would be greatly appreciated!

EDIT: I should specify that I'm using the latest integration build which as the fix for 45900

15 answers



permanent link
Balaji Krish (1.8k12) | answered Mar 11 '08, 6:00 p.m.
JAZZ DEVELOPER
Hi Pravesh,

M5a milestone build will be released today. This contains all the fixes you
need.

As far as LDAP config go, bluepages is IBM internal. The properties shown
below does not have the coordinates for bluepages and base user dn).

com.ibm.team.repository.ldap.registryLocation=xxx
com.ibm.team.repository.ldap.baseUserDN=xxx
com.ibm.team.repository.ldap.baseGroupDN=xxx (would be the dn of
WA_JazzGroups)

# I have mapped user id to emailAddress, name to cn and emailAddress to
email address fields. You might choose
# to use a different mapping
com.ibm.team.repository.ldap.userAttributesMapping=userId=emailaddress,name=cn,emailAddress=emailaddress

#Group Mapping
com.ibm.team.repository.ldap.groupMapping=JazzAdmins=WA_JazzAdmins,
JazzDWAdmins=WA_JazzDWAdmins,JazzGuests=WA_JazzGuests,JazzUsers=WA_JazzUsers

com.ibm.team.repository.ldap.findUsersByUserIdQuery=emailaddress=?1

com.ibm.team.repository.ldap.groupNameAttribute=cn
com.ibm.team.repository.ldap.findGroupsForUserQuery=uniquemember={USER-DN}
(You should substitue uniquemember with attribute you used to specify the
members of a group in LDAP registry).

To import users from LDAP registry, you need to select the repository node
in Eclipse client, right click and choose New->User.

----- Balaji


"pravesh" <pravesh@us.ibm-dot-com.no-spam.invalid> wrote in message
news:fr6r5r$mud$1@localhost.localdomain...
I'm trying to figure out the parameters required to make the user
import from LDAP work with bluepags. I've created 5 BlueGroups:
WA_JazzGroups, WA_JazzAdmins, WA_JazzDWAdmins, WA_JazzUsers,
WA_JazzGuests. The last 4 groups are members of the first group.

WA_JazzAdmins has 1 member and WA_JazzUsers has several members.

Does anyone know the correct settings to make this work? I've played
around with various options for
com.ibm.team.repository.service.internal.userregistry.LDAPUserRegistryProvider
with no success.

I'm assuming that when these settings are correct, I simply go to the
Manage Users page in the WebUI and specify which users I want to
import, is that correct?

Any help would be greatly appreciated!

EDIT: I should specify that I'm using the latest integration build
which as the fix for 45900

permanent link
yu wang (4886245) | answered Mar 11 '08, 9:41 p.m.
who can help me solve the question
https://jazz.net/forums/viewtopic.php?t=878

Change the file :
\profiles\AppSrv01\config\cells\hostnameNode01Cell\
applications\jazz_war.ear\deployments\jazz_war\jazz.war\WEB-INF\web.xml


<!-- Added to enable basic authentication for Jazz -->
<security-constraint>
<web-resource-collection>
<web-resource-name>secure</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>



it display the following message when client log on

connection error :return code 302 from http request:Found

build is beta2a
config:WAS 6.1+DB2+LDAP(bluepages.ibm.com)

permanent link
Ritchie Schacher - IBM (47611) | answered Mar 11 '08, 11:08 p.m.
FORUM MODERATOR / JAZZ DEVELOPER
Form-based login is broken in WebSphere in Beta2 / Beta2a. This problem was
fixed in M5.

See bug Http 302 when connecting to Jazz Server using Eclipse client.
(35379) (web).

There are a couple of workarounds...

a.) Use basic auth in WebSphere

or b.) Upgrade to M5

--
Ritchie


**********************************************
Ritchie Schacher
Jazz Repository/Server Team
"openeis" <wangwyu@cn.ibm-dot-com.no-spam.invalid> wrote in message
news:fr7co8$u9e$1@localhost.localdomain...
who can help me solve the question
https://jazz.net/forums/viewtopic.php?t=878

Change the file :
\profiles\AppSrv01\config\cells\hostnameNode01Cell\
applications\jazz_war.ear\deployments\jazz_war\jazz.war\WEB-INF\web.xml


!-- Added to enable basic authentication for Jazz --
security-constraint
web-resource-collection
web-resource-name>secure</web-resource-name
url-pattern>/*</url-pattern
/web-resource-collection



it display the following message when client log on

connection error :return code 302 from http request:Found

build is beta2a
config:WAS 6.1+DB2+LDAP(bluepages.ibm.com)

permanent link
Pravesh Patel (37612615) | answered Mar 12 '08, 6:04 p.m.
Balaji

I've downloaded and installed M5a, but I'm having no luck with the setting you provided.

I don't think the bluepages registry and baseUserDN are IBM confidential. I provided values which I believe to be correct for these, although since I'm new to LDAP I could be completely wrong. Here are the values I provided:

registryLocation = ldap://bluepages.ibm.com:389
baseUserDN = ou=bluepages,o=ibm.com < not sure about this
baseGroupDN = ou=WA_JazzGroups,ou=memberlist,ou=ibmgroups,o=ibm.com < not sure about this

For findGroupsForUserQuery, I'm not sure what I need to specify here. I defined my bluegroups using LDAP filters which specify the division and department of the users I'd like to include.

I'm pretty sure my UserDN is incorrect, but I'm not sure what the correct value is. Can you please provide some IBM specific help here? I'm sure there are other IBMers on the forum with the same issue.

permanent link
Balaji Krish (1.8k12) | answered Mar 13 '08, 12:10 p.m.
JAZZ DEVELOPER
I looked at all your groupos. The following should be the value for
findGroupsForUserQuery..

com.ibm.team.repository.ldap.findGroupsForUserQuery=uniquemember={USER-DN}

Your have specified the correct user and group DN.

You mentioned that you cannot get it to work. What doesn't work. Can you not
import the users ?

---- Balaji


"pravesh" <pravesh@us.ibm-dot-com.no-spam.invalid> wrote in message
news:fr9k7c$tkq$1@localhost.localdomain...
Balaji

I've downloaded and installed M5a, but I'm having no luck with the
setting you provided.

I don't think the bluepages registry and baseUserDN are IBM
confidential. I provided values which I believe to be correct for
these, although since I'm new to LDAP I could be completely wrong.
Here are the values I provided:

registryLocation = ldap://bluepages.ibm.com:389
baseUserDN = ou=bluepages,o=ibm.com < not sure about this
baseGroupDN = ou=WA_JazzGroups,ou=memberlist,ou=ibmgroups,o=ibm.com
not sure about this

For findGroupsForUserQuery, I'm not sure what I need to specify here.
I defined my bluegroups using LDAP filters which specify the division
and department of the users I'd like to include.

I'm pretty sure my UserDN is incorrect, but I'm not sure what the
correct value is. Can you please provide some IBM specific help
here? I'm sure there are other IBMers on the forum with the same
issue.

permanent link
Pravesh Patel (37612615) | answered Mar 13 '08, 12:33 p.m.
I can not import users using RTC with the following settings:

Base DN of Jazz application group: cn=WA_JazzGroups,ou=memberlist,ou=ibmgroups,o=ibm.com
Base DN of users in the registry: ou=bluepages,o=ibm.com
Find groups for user: uniquemember={USER-DN}
Find users by any name query: (| (cn=* ?1*) (cn=*_?1*))
Find users by name query: cn=?1*
Jazz Application group name attribute: cn
Jazz to LDAP group mapping: JazzAdmins=WA_JazzAdmins,JazzUsers=WA_JazzUsers;WA_JazzUsers1,JazzDWAdmins=WA_JazzDWAdmins,JazzGuests=WA_JazzGuests
Jazz user attributes to LDAP entry attributes mapping: userId=mail,name=cn,emailAddress=mail
LDAP registry location: ldap://bluepages.ibm.com:389
Max number of entries returned from user search: 100
Query to find users by user id: uid=?1
user id/password to acces LDAP registry set correctly

When RTC New > User I've tried to search for the following strings:

Pravesh Patel
Patel
pravesh@us.ibm.com
pravesh*

I am a member of the WA_JazzUsers bluegroup, but I'm unable to successfully add myself to Jazz using the New > User function.

permanent link
Mark Parry (31121711) | answered Mar 13 '08, 12:45 p.m.
pravesh wrote:
I'm trying to figure out the parameters required to make the user
import from LDAP work with bluepags. I've created 5 BlueGroups:
WA_JazzGroups, WA_JazzAdmins, WA_JazzDWAdmins, WA_JazzUsers,
WA_JazzGuests. The last 4 groups are members of the first group.

WA_JazzAdmins has 1 member and WA_JazzUsers has several members.

Does anyone know the correct settings to make this work? I've played
around with various options for
com.ibm.team.repository.service.internal.userregistry.LDAPUserRegistryProvider
with no success.

I'm assuming that when these settings are correct, I simply go to the
Manage Users page in the WebUI and specify which users I want to
import, is that correct?

Any help would be greatly appreciated!

EDIT: I should specify that I'm using the latest integration build
which as the fix for 45900


If I'm reading this correctly...
https://jazz.net/wiki/bin/view/Main/RoleMigrationAndLdapConfiguration

Wouldn't you need groups with name 'JazzAdmins' , 'JazzUsers',
'JazzGuests' , and 'JazzDWAdmins' under your ou=WA_JazzGroups (ie. not
prefixed with WA).

And if thats the case I don't see how this could even remotely work
inside IBM. The first person to claim the JazzAdmin bluegroup would be
the only person able to deploy Jazz with IIP auth.

permanent link
Mark Parry (31121711) | answered Mar 13 '08, 12:45 p.m.
pravesh wrote:
I'm trying to figure out the parameters required to make the user
import from LDAP work with bluepags. I've created 5 BlueGroups:
WA_JazzGroups, WA_JazzAdmins, WA_JazzDWAdmins, WA_JazzUsers,
WA_JazzGuests. The last 4 groups are members of the first group.

WA_JazzAdmins has 1 member and WA_JazzUsers has several members.

Does anyone know the correct settings to make this work? I've played
around with various options for
com.ibm.team.repository.service.internal.userregistry.LDAPUserRegistryProvider
with no success.

I'm assuming that when these settings are correct, I simply go to the
Manage Users page in the WebUI and specify which users I want to
import, is that correct?

Any help would be greatly appreciated!

EDIT: I should specify that I'm using the latest integration build
which as the fix for 45900


If I'm reading this correctly...
https://jazz.net/wiki/bin/view/Main/RoleMigrationAndLdapConfiguration

Wouldn't you need groups with name 'JazzAdmins' , 'JazzUsers',
'JazzGuests' , and 'JazzDWAdmins' under your ou=WA_JazzGroups (ie. not
prefixed with WA).

And if thats the case I don't see how this could even remotely work
inside IBM. The first person to claim the JazzAdmin bluegroup would be
the only person able to deploy Jazz with IIP auth.


--Mark

permanent link
Mark Parry (31121711) | answered Mar 13 '08, 12:46 p.m.
pravesh wrote:
I'm trying to figure out the parameters required to make the user
import from LDAP work with bluepags. I've created 5 BlueGroups:
WA_JazzGroups, WA_JazzAdmins, WA_JazzDWAdmins, WA_JazzUsers,
WA_JazzGuests. The last 4 groups are members of the first group.

WA_JazzAdmins has 1 member and WA_JazzUsers has several members.

Does anyone know the correct settings to make this work? I've played
around with various options for
com.ibm.team.repository.service.internal.userregistry.LDAPUserRegistryProvider
with no success.

I'm assuming that when these settings are correct, I simply go to the
Manage Users page in the WebUI and specify which users I want to
import, is that correct?

Any help would be greatly appreciated!

EDIT: I should specify that I'm using the latest integration build
which as the fix for 45900


If I'm reading this correctly...
https://jazz.net/wiki/bin/view/Main/RoleMigrationAndLdapConfiguration

Wouldn't you need groups with name 'JazzAdmins' , 'JazzUsers',
'JazzGuests' , and 'JazzDWAdmins' under your ou=WA_JazzGroups (ie. not
prefixed with WA).

And if thats the case I don't see how this could even remotely work
inside IBM. The first person to claim the JazzAdmin bluegroup would be
the only person able to deploy Jazz with IIP auth.


--Mark

permanent link
Pravesh Patel (37612615) | answered Mar 13 '08, 12:54 p.m.
Mark,

You are reading the Wiki correctly, however that info is slightly out of date. The issue you are referring to was fixed in M5a, specifically defect 45900. The names are no longer "fixed" but rather mapped from user defined names. So this theoretically should now work...

-Pravesh

Your answer


Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.