It's all about the answers!

Ask a question

M6 setup failure: "Security notice" [SOLVED]


Shawn Lauzon (38174) | asked Apr 08 '08, 7:13 p.m.
Running Bluepages + WAS + DB2

I'm trying to setup LDAP authentication, and so following the instructions at https://jazz.net/wiki/bin/view/Main/ServerSetupForLdapConfigurationM6

I login with my LDAP (bluepages) ID, and I see this error in the SystemOut.log:

WARN com.ibm.team.repository.servlet.TeamServerServlet - Security notice during ini
tialization: Allowing guest access.

Which doesn't cause a problem then. However, when I try to create myself as a user (step 7), it says Unauthorized, and the log tells me that I am a GUEST.

I have JazzAdmins role mapped to my user in the jazz_war application, but that doesn't seem to help it. Any other ideas?

4 answers



permanent link
Shawn Lauzon (38174) | answered Apr 09 '08, 12:02 a.m.
I have it working now -- I still get that "logging in with guest" warning, but it still logs me in as admin. Oh well ...

Here are my settings. Keep in mind this is specific for BluePages and BlueGroups. I just included the ldap ones here:

com.ibm.team.repository.ldap.findUsersByUserIdQuery=mail\=?1
com.ibm.team.repository.ldap.baseGroupDN=ou\=memberlist,ou\=ibmgroups,o\=ibm.com
com.ibm.team.repository.ldap.findGroupsForUserQuery=uniquemember\={USER-DN}
com.ibm.team.repository.ldap.membersOfGroup=uniquemember
com.ibm.team.repository.ldap.userAttributesMapping=userId\=mail,name\=cn,emailAddress\=mail
com.ibm.team.repository.ldap.registryLocation=ldap\://bluepages.ibm.com\:389
com.ibm.team.repository.ldap.groupMapping=JazzAdmins\=WAS_JazzAdmins,JazzUsers\=WAS_JazzUsers,JazzDWAdmins\=WAS_JazzDWAdmins,JazzGuests\=WAS_JazzGuests
com.ibm.team.repository.ldap.baseUserDN=ou\=bluepages,o\=ibm.com

Note that this is different from a couple other posts I've seen, which I don't think should work:
1) The baseGroupDN does not start with ou=WAS_JazzGroups -- the group DN does not contain this, so it doesn't work.
2) The membersOfGroup needs to change to "uniquemember" from "members" -- I didn't see that anywhere.
3) userAttributeMapping should have "userId=mail", since we use the email address as the userId.

With that stuff set, you should be good to go.

EDIT: In fact, I no longer get that warning about logging in as guest, so it must be fixed!

permanent link
David Ward (8311114) | answered Apr 09 '08, 6:31 a.m.
Thanks Shawn ... this is great information.

I have a feeling that at least one of those attributes cannot be setup using the jazz/setup dialog (e.g. findGroupsForUserQuery or maybe findUsersByUserIdQuery) but that's OK.

I'll give it a try this morning.

permanent link
Shawn Lauzon (38174) | answered Apr 09 '08, 11:02 a.m.
I haven't verified this, but is it possible that findGroupsForUserQuery is generated from the setting you specify for membersOfGroup?

permanent link
Balaji Krish (1.8k12) | answered Apr 10 '08, 12:55 p.m.
JAZZ DEVELOPER
David,
The new LDAP setup wizard computes (check out the compute other queries
checkbox at the bottom of LDAP wizard).
findGroupsForUserQuery,findUsersByUserIdQuery, findUsersByName and
findUsersByAnyName queries based on the values you provide

----- Balaji

"DavidGWard" <davidward@us.dot.ibm.dot.com-dot-nospam.no-spam.invalid> wrote
in message news:fti6a9$2p2$1@localhost.localdomain...
Thanks Shawn ... this is great information.

I have a feeling that at least one of those attributes cannot be setup
using the jazz/setup dialog (e.g. findGroupsForUserQuery or maybe
findUsersByUserIdQuery) but that's OK.

I'll give it a try this morning.

Your answer


Register or to post your answer.