It's all about the answers!

Ask a question

Guest/Anonymous login possible


Marko Tomljenovic (31650109) | asked Jul 15 '10, 4:09 a.m.
Hello everybody,
I have already used RTC till version 2.0.0 for an old project. It is really fantastic.

Now I am thinking about using RTC in a new research project (small to medium sized project team). In the new project we have some special requirements regarding the user login. I wanted to ask you whether the following requirement can be fulfilled somehow:

1. I need a sort of guest/anonymous login so that everybody interested in the results of the project can read certain information/reports about it (at least through WebUI). How can this work together with the licence mechanism of RTC?
2. Can the first point be combined with an LDP user authentication so that everybody who has logged in with the NT user/pw can have this guest access by default if no other concrete role/licence has been specified.
3. Can the guests have read access to the contents of the streams/build results?

10 answers



permanent link
Ralph Schoon (63.5k33646) | answered Jul 15 '10, 10:02 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER
Hi Marco,

as of today reading RTC work items does not require a license.

1. and 2. So if you have users in the LDAP Jazzguest group and the project is not read protected and these users have no license then you have user specific guest accounts. They have read access.

1. You can of course create a special guest account too that way.

3. I just tried that (RTC 2.0.0.2) if you have users with read access and no license they still can read the Streams at least in the Web UI.

Ralph

Hello everybody,
I have already used RTC till version 2.0.0 for an old project. It is really fantastic.

Now I am thinking about using RTC in a new research project (small to medium sized project team). In the new project we have some special requirements regarding the user login. I wanted to ask you whether the following requirement can be fulfilled somehow:

1. I need a sort of guest/anonymous login so that everybody interested in the results of the project can read certain information/reports about it (at least through WebUI). How can this work together with the licence mechanism of RTC?
2. Can the first point be combined with an LDP user authentication so that everybody who has logged in with the NT user/pw can have this guest access by default if no other concrete role/licence has been specified.
3. Can the guests have read access to the contents of the streams/build results?

permanent link
Marko Tomljenovic (31650109) | answered Jul 16 '10, 2:41 a.m.
Hi Ralph

first of all thanks for the quick anser.

That are partly good news. The fact that people wo licence have read access is very nice.
Did I understand it right that each user that wants to use the web ui (for read access) must be added to a special LDAP group?

The problem with that is that the development group is small to medium (LDAP group for that is fine) but the group of interested people (read items, builds, ...) is completely unknown (might be huge) and the hurdle to always add each interested person to a special LDAP group is pretty high for us. And if these people need to wait a while until they can get just a look at the project results would scare them off.

Is there another solution? What if I don't use LDAP? Do I need to add each user then to a user list?

Thank you in advance

Greets Marko

permanent link
Ralph Schoon (63.5k33646) | answered Jul 16 '10, 3:03 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER
Hi Marco,

the LDAP groups: RTC uses these groups to give users different types of permissions e.g. Admin, Project Admin, User, Guest,...

http://jazz.net/library/techtip/457 describes a different way.
In this case the new user would have to be added to a file with his group(s) listed.

The user has to be able to log into RTC to view. So a general anonymous user would be OK too.

The advantage of LDAP would be that new users can be synchronized into RTC (with the standard edition). Using the group would automatically provide guest access. I think the overhead is really moderate. I administered a smaller server once and it was just another 3 clicks to add the user to that group. If you use LDAP but the techtip above, someone would also have to manually add the user and the group but to a file.

If you don't use LDAP and no anonymous user someone would have to enter the user ID, Name, E-Mail and groups to the server. You could do that importing from a CSV file, I think.

Ralph

Hi Ralph

first of all thanks for the quick anser.

That are partly good news. The fact that people wo licence have read access is very nice.
Did I understand it right that each user that wants to use the web ui (for read access) must be added to a special LDAP group?

The problem with that is that the development group is small to medium (LDAP group for that is fine) but the group of interested people (read items, builds, ...) is completely unknown (might be huge) and the hurdle to always add each interested person to a special LDAP group is pretty high for us. And if these people need to wait a while until they can get just a look at the project results would scare them off.

Is there another solution? What if I don't use LDAP? Do I need to add each user then to a user list?

Thank you in advance

Greets Marko

permanent link
Marko Tomljenovic (31650109) | answered Jul 16 '10, 3:33 a.m.
Sorry to ask again.
By 'general anonymous user' you mean to create one LDAP user with name "anonymous" in the guest LDAP group?


The user has to be able to log into RTC to view. So a general anonymous user would be OK too.

permanent link
Marko Tomljenovic (31650109) | answered Jul 16 '10, 3:53 a.m.
Or is it also possible to have one "guest" user only in the jazz system and not in the LDAP?

permanent link
Ralph Schoon (63.5k33646) | answered Jul 16 '10, 3:55 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER
Hi Marko,

right, it is of course possible to create a user with some descriptive name and a simple password that several users could use to access RTC.

An examples would be Guest or anonymous or something that makes sense in this context.

BTW this can be done with or without LDAP of course.

Ralph

Sorry to ask again.
By 'general anonymous user' you mean to create one LDAP user with name "anonymous" in the guest LDAP group?


The user has to be able to log into RTC to view. So a general anonymous user would be OK too.

permanent link
Marko Tomljenovic (31650109) | answered Jul 16 '10, 4:01 a.m.
But it is not possible to mix LDAP users with non LDAP users, right?
Best thing for me would be to have the guest user just stored in the Jazz DB and the people from the dev team in LDAP (because our IT support is normally not willing to create a user account where many people might have the password for which is the case for a guest account)

permanent link
Ralph Schoon (63.5k33646) | answered Jul 16 '10, 4:04 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER
Hi Marco,

I don't think it is possible to mix LDAP and No-LDAP.

Thanks,

Ralph

But it is not possible to mix LDAP users with non LDAP users, right?
Best thing for me would be to have the guest user just stored in the Jazz DB and the people from the dev team in LDAP (because our IT support is normally not willing to create a user account where many people might have the password for which is the case for a guest account)

permanent link
Ralph Schoon (63.5k33646) | answered Jul 16 '10, 9:50 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER
Hi Marco,

since RTC delegates authentication to the app server, for instance Tomcat, there might be a minimal chance to look (google) into the app server and try to figure if that can support such a mixed mode. If it does there might be a remote chance that a mixed mode works with RTC.

However it also might not because of possible effects between RTC and the app server I really won't know about.

I'd rather take the burden to convince your infrastructure people to help you with this account 8-)

Just a thought,

Ralph

Hi Marco,

I don't think it is possible to mix LDAP and No-LDAP.

Thanks,

Ralph

But it is not possible to mix LDAP users with non LDAP users, right?
Best thing for me would be to have the guest user just stored in the Jazz DB and the people from the dev team in LDAP (because our IT support is normally not willing to create a user account where many people might have the password for which is the case for a guest account)

permanent link
Marko Tomljenovic (31650109) | answered Jul 19 '10, 2:32 a.m.
Hi Ralph,
ok thank you for your thoughts.

I'll try your proposal.

Greets Marko

Your answer


Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.