LDAP/BluePages/BlueGroups with M5
I'm trying to figure out the parameters required to make the user import from LDAP work with bluepags. I've created 5 BlueGroups: WA_JazzGroups, WA_JazzAdmins, WA_JazzDWAdmins, WA_JazzUsers, WA_JazzGuests. The last 4 groups are members of the first group.
WA_JazzAdmins has 1 member and WA_JazzUsers has several members. Does anyone know the correct settings to make this work? I've played around with various options for com.ibm.team.repository.service.internal.userregistry.LDAPUserRegistryProvider with no success. I'm assuming that when these settings are correct, I simply go to the Manage Users page in the WebUI and specify which users I want to import, is that correct? Any help would be greatly appreciated! EDIT: I should specify that I'm using the latest integration build which as the fix for 45900 |
15 answers
Hi Pravesh,
M5a milestone build will be released today. This contains all the fixes you need. As far as LDAP config go, bluepages is IBM internal. The properties shown below does not have the coordinates for bluepages and base user dn). com.ibm.team.repository.ldap.registryLocation=xxx com.ibm.team.repository.ldap.baseUserDN=xxx com.ibm.team.repository.ldap.baseGroupDN=xxx (would be the dn of WA_JazzGroups) # I have mapped user id to emailAddress, name to cn and emailAddress to email address fields. You might choose # to use a different mapping com.ibm.team.repository.ldap.userAttributesMapping=userId=emailaddress,name=cn,emailAddress=emailaddress #Group Mapping com.ibm.team.repository.ldap.groupMapping=JazzAdmins=WA_JazzAdmins, JazzDWAdmins=WA_JazzDWAdmins,JazzGuests=WA_JazzGuests,JazzUsers=WA_JazzUsers com.ibm.team.repository.ldap.findUsersByUserIdQuery=emailaddress=?1 com.ibm.team.repository.ldap.groupNameAttribute=cn com.ibm.team.repository.ldap.findGroupsForUserQuery=uniquemember={USER-DN} (You should substitue uniquemember with attribute you used to specify the members of a group in LDAP registry). To import users from LDAP registry, you need to select the repository node in Eclipse client, right click and choose New->User. ----- Balaji "pravesh" <pravesh@us.ibm-dot-com.no-spam.invalid> wrote in message news:fr6r5r$mud$1@localhost.localdomain... I'm trying to figure out the parameters required to make the user |
who can help me solve the question
https://jazz.net/forums/viewtopic.php?t=878 Change the file : \profiles\AppSrv01\config\cells\hostnameNode01Cell\ applications\jazz_war.ear\deployments\jazz_war\jazz.war\WEB-INF\web.xml <!-- Added to enable basic authentication for Jazz --> <security-constraint> <web-resource-collection> <web-resource-name>secure</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> it display the following message when client log on connection error :return code 302 from http request:Found build is beta2a config:WAS 6.1+DB2+LDAP(bluepages.ibm.com) |
Form-based login is broken in WebSphere in Beta2 / Beta2a. This problem was
fixed in M5. See bug Http 302 when connecting to Jazz Server using Eclipse client. (35379) (web). There are a couple of workarounds... a.) Use basic auth in WebSphere or b.) Upgrade to M5 -- Ritchie ********************************************** Ritchie Schacher Jazz Repository/Server Team "openeis" <wangwyu@cn.ibm-dot-com.no-spam.invalid> wrote in message news:fr7co8$u9e$1@localhost.localdomain... who can help me solve the question |
|
Balaji
I've downloaded and installed M5a, but I'm having no luck with the setting you provided. I don't think the bluepages registry and baseUserDN are IBM confidential. I provided values which I believe to be correct for these, although since I'm new to LDAP I could be completely wrong. Here are the values I provided: registryLocation = ldap://bluepages.ibm.com:389 baseUserDN = ou=bluepages,o=ibm.com < not sure about this baseGroupDN = ou=WA_JazzGroups,ou=memberlist,ou=ibmgroups,o=ibm.com < not sure about this For findGroupsForUserQuery, I'm not sure what I need to specify here. I defined my bluegroups using LDAP filters which specify the division and department of the users I'd like to include. I'm pretty sure my UserDN is incorrect, but I'm not sure what the correct value is. Can you please provide some IBM specific help here? I'm sure there are other IBMers on the forum with the same issue. |
|
I looked at all your groupos. The following should be the value for
findGroupsForUserQuery.. com.ibm.team.repository.ldap.findGroupsForUserQuery=uniquemember={USER-DN} Your have specified the correct user and group DN. You mentioned that you cannot get it to work. What doesn't work. Can you not import the users ? ---- Balaji "pravesh" <pravesh@us.ibm-dot-com.no-spam.invalid> wrote in message news:fr9k7c$tkq$1@localhost.localdomain... Balaji |
|
I can not import users using RTC with the following settings:
Base DN of Jazz application group: cn=WA_JazzGroups,ou=memberlist,ou=ibmgroups,o=ibm.com Base DN of users in the registry: ou=bluepages,o=ibm.com Find groups for user: uniquemember={USER-DN} Find users by any name query: (| (cn=* ?1*) (cn=*_?1*)) Find users by name query: cn=?1* Jazz Application group name attribute: cn Jazz to LDAP group mapping: JazzAdmins=WA_JazzAdmins,JazzUsers=WA_JazzUsers;WA_JazzUsers1,JazzDWAdmins=WA_JazzDWAdmins,JazzGuests=WA_JazzGuests Jazz user attributes to LDAP entry attributes mapping: userId=mail,name=cn,emailAddress=mail LDAP registry location: ldap://bluepages.ibm.com:389 Max number of entries returned from user search: 100 Query to find users by user id: uid=?1 user id/password to acces LDAP registry set correctly When RTC New > User I've tried to search for the following strings: Pravesh Patel Patel pravesh@us.ibm.com pravesh* I am a member of the WA_JazzUsers bluegroup, but I'm unable to successfully add myself to Jazz using the New > User function. |
pravesh wrote:
I'm trying to figure out the parameters required to make the user If I'm reading this correctly... https://jazz.net/wiki/bin/view/Main/RoleMigrationAndLdapConfiguration Wouldn't you need groups with name 'JazzAdmins' , 'JazzUsers', 'JazzGuests' , and 'JazzDWAdmins' under your ou=WA_JazzGroups (ie. not prefixed with WA). And if thats the case I don't see how this could even remotely work inside IBM. The first person to claim the JazzAdmin bluegroup would be the only person able to deploy Jazz with IIP auth. |
|
pravesh wrote:
I'm trying to figure out the parameters required to make the user If I'm reading this correctly... https://jazz.net/wiki/bin/view/Main/RoleMigrationAndLdapConfiguration Wouldn't you need groups with name 'JazzAdmins' , 'JazzUsers', 'JazzGuests' , and 'JazzDWAdmins' under your ou=WA_JazzGroups (ie. not prefixed with WA). And if thats the case I don't see how this could even remotely work inside IBM. The first person to claim the JazzAdmin bluegroup would be the only person able to deploy Jazz with IIP auth. --Mark |
|
pravesh wrote:
I'm trying to figure out the parameters required to make the user If I'm reading this correctly... https://jazz.net/wiki/bin/view/Main/RoleMigrationAndLdapConfiguration Wouldn't you need groups with name 'JazzAdmins' , 'JazzUsers', 'JazzGuests' , and 'JazzDWAdmins' under your ou=WA_JazzGroups (ie. not prefixed with WA). And if thats the case I don't see how this could even remotely work inside IBM. The first person to claim the JazzAdmin bluegroup would be the only person able to deploy Jazz with IIP auth. --Mark |
|
Mark,
You are reading the Wiki correctly, however that info is slightly out of date. The issue you are referring to was fixed in M5a, specifically defect 45900. The names are no longer "fixed" but rather mapped from user defined names. So this theoretically should now work... -Pravesh |
Your answer
Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.