RTC - LDAP
Hello,
I am using RTC on Linux configured to work with LDAP. It works fine. Yesterday the LDAP server was unavailable, and we could not work. I know that the IT team has a redundancy server for LDAP. Is there a way to configure the Jazz server to work with Reduntant LDAP server? Thanks, Yaron |
8 answers
Hello, I think this should be handled by your network - so that the name of the ldap server in your network points to the primary or secondary by forwarding to whichever is running. So basically dont use the ip but a name in the network and you should be fine. |
|
Hi,
Thanks for the reply. I am using the name and not the IP. The problem is that the name of the secondary ldap server is different. In RTC I do not see any way to record this additional (secondary) server name. Any ideas? Thanks, |
I agree with Yaron that there should be fail-over support for the LDAP connection. After all, the ldap_init() method in most LDAP libraries allow the specification of multiple servers just for this reason; so it should be trivial to implement a failover mechanism.
See: http://publib.boulder.ibm.com/infocenter/iseries/v5r3/index.jsp?topic=%2Fapis%2Fldap_init.htm Second topic. I am having difficulties getting repotools -syncUsers to synchronize the User Name and Email addresses for the users that I entered via Create User. The LDAP setup seems to be correct, since the User Management controls can find users by name and properly report their Jazz user group properties, but I expect to be able to call resync to update the User Name and Email fields, and isn't happening. |
I agree with Yaron that there should be fail-over support for the LDAP connection. After all, the ldap_init() method in most LDAP libraries allow the specification of multiple servers just for this reason; so it should be trivial to implement a failover mechanism. Well regarding the failover - at most companies I have seen this handled by the network forwarding to the backup when the primary is down. Having only one DNS and there by only one place to do a change for all systems using the AD - but if you wnat the other solution you can make a work item for this enhancement here on jazz.net. Regarding yout sync there is 2 part of setting up LDAP with RTC - one thing is setting up the connection from the webserver (this provides you with the capability to log in to the AD realm as well as lookup/import users) secondly you can set up the syncronization towards LDAP which means that users added to specific groups in your AD is automatically imported and updated from the AD - and it seems like its here your problem is. If you login works fine but the syncronization is not running you must review your settings in the server properties - perhaps the mapping of the fields or the bind user is not set up properly. you might find some additional info in the "setting up the jazz server" section of this link or in some of the link/videos related to this article: http://jazz.net/library/article/479/ |
|
Kim,
Thanks for your reply. As it turns out, my synchronization problem has to do with the member attribute name used by the group container. That is for groups with a limited number of members (e.g. <1000), membership is indicated with a "member" value. for large groups however, membership is indicated by a different attribute name, e.g. "member;range=0-1499", which I assume is not interpretable by the JazzTeamServer. Thus the JazzTeamServer doesn't find any users in the specified user group. Regards |
Kim, Just a quick note, we experienced th exact same scenario in regards to synchronization a few days ago. Will keep you updated. |
I opened defect 139464 for the LDAP replication issue. The lack of a fail over capability creates an unacceptable single point of failure. If my IT people make a secondary LDAP server available, we should be able to configure RTC to use it. In a perfect world it would be nice if the "network" took care of this. However we are often not in control of the networks or their services that support our systems, so flexibility is important.
Mark Richmond |
You should set-up your ldap connection with a DNS in RTC.
ldap can then be configured by your network team so that if one ldap server goes down then the DNS will be mapped to another viable ldap ip address. This will mean the fail-over sits with your active directory team rather than having the implementation in RTC. Obviously you could still have this feature in RTC,but at least there is a work-around. |
Your answer
Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.