M6 setup failure: "Security notice" [SOLVED]
Running Bluepages + WAS + DB2
I'm trying to setup LDAP authentication, and so following the instructions at https://jazz.net/wiki/bin/view/Main/ServerSetupForLdapConfigurationM6
I login with my LDAP (bluepages) ID, and I see this error in the SystemOut.log:
WARN com.ibm.team.repository.servlet.TeamServerServlet - Security notice during ini
tialization: Allowing guest access.
Which doesn't cause a problem then. However, when I try to create myself as a user (step 7), it says Unauthorized, and the log tells me that I am a GUEST.
I have JazzAdmins role mapped to my user in the jazz_war application, but that doesn't seem to help it. Any other ideas?
I'm trying to setup LDAP authentication, and so following the instructions at https://jazz.net/wiki/bin/view/Main/ServerSetupForLdapConfigurationM6
I login with my LDAP (bluepages) ID, and I see this error in the SystemOut.log:
WARN com.ibm.team.repository.servlet.TeamServerServlet - Security notice during ini
tialization: Allowing guest access.
Which doesn't cause a problem then. However, when I try to create myself as a user (step 7), it says Unauthorized, and the log tells me that I am a GUEST.
I have JazzAdmins role mapped to my user in the jazz_war application, but that doesn't seem to help it. Any other ideas?
4 answers
I have it working now -- I still get that "logging in with guest" warning, but it still logs me in as admin. Oh well ...
Here are my settings. Keep in mind this is specific for BluePages and BlueGroups. I just included the ldap ones here:
com.ibm.team.repository.ldap.findUsersByUserIdQuery=mail\=?1
com.ibm.team.repository.ldap.baseGroupDN=ou\=memberlist,ou\=ibmgroups,o\=ibm.com
com.ibm.team.repository.ldap.findGroupsForUserQuery=uniquemember\={USER-DN}
com.ibm.team.repository.ldap.membersOfGroup=uniquemember
com.ibm.team.repository.ldap.userAttributesMapping=userId\=mail,name\=cn,emailAddress\=mail
com.ibm.team.repository.ldap.registryLocation=ldap\://bluepages.ibm.com\:389
com.ibm.team.repository.ldap.groupMapping=JazzAdmins\=WAS_JazzAdmins,JazzUsers\=WAS_JazzUsers,JazzDWAdmins\=WAS_JazzDWAdmins,JazzGuests\=WAS_JazzGuests
com.ibm.team.repository.ldap.baseUserDN=ou\=bluepages,o\=ibm.com
Note that this is different from a couple other posts I've seen, which I don't think should work:
1) The baseGroupDN does not start with ou=WAS_JazzGroups -- the group DN does not contain this, so it doesn't work.
2) The membersOfGroup needs to change to "uniquemember" from "members" -- I didn't see that anywhere.
3) userAttributeMapping should have "userId=mail", since we use the email address as the userId.
With that stuff set, you should be good to go.
EDIT: In fact, I no longer get that warning about logging in as guest, so it must be fixed!
Here are my settings. Keep in mind this is specific for BluePages and BlueGroups. I just included the ldap ones here:
com.ibm.team.repository.ldap.findUsersByUserIdQuery=mail\=?1
com.ibm.team.repository.ldap.baseGroupDN=ou\=memberlist,ou\=ibmgroups,o\=ibm.com
com.ibm.team.repository.ldap.findGroupsForUserQuery=uniquemember\={USER-DN}
com.ibm.team.repository.ldap.membersOfGroup=uniquemember
com.ibm.team.repository.ldap.userAttributesMapping=userId\=mail,name\=cn,emailAddress\=mail
com.ibm.team.repository.ldap.registryLocation=ldap\://bluepages.ibm.com\:389
com.ibm.team.repository.ldap.groupMapping=JazzAdmins\=WAS_JazzAdmins,JazzUsers\=WAS_JazzUsers,JazzDWAdmins\=WAS_JazzDWAdmins,JazzGuests\=WAS_JazzGuests
com.ibm.team.repository.ldap.baseUserDN=ou\=bluepages,o\=ibm.com
Note that this is different from a couple other posts I've seen, which I don't think should work:
1) The baseGroupDN does not start with ou=WAS_JazzGroups -- the group DN does not contain this, so it doesn't work.
2) The membersOfGroup needs to change to "uniquemember" from "members" -- I didn't see that anywhere.
3) userAttributeMapping should have "userId=mail", since we use the email address as the userId.
With that stuff set, you should be good to go.
EDIT: In fact, I no longer get that warning about logging in as guest, so it must be fixed!
David,
The new LDAP setup wizard computes (check out the compute other queries
checkbox at the bottom of LDAP wizard).
findGroupsForUserQuery,findUsersByUserIdQuery, findUsersByName and
findUsersByAnyName queries based on the values you provide
----- Balaji
"DavidGWard" <davidward@us.dot.ibm.dot.com-dot-nospam.no-spam.invalid> wrote
in message news:fti6a9$2p2$1@localhost.localdomain...
The new LDAP setup wizard computes (check out the compute other queries
checkbox at the bottom of LDAP wizard).
findGroupsForUserQuery,findUsersByUserIdQuery, findUsersByName and
findUsersByAnyName queries based on the values you provide
----- Balaji
"DavidGWard" <davidward@us.dot.ibm.dot.com-dot-nospam.no-spam.invalid> wrote
in message news:fti6a9$2p2$1@localhost.localdomain...
Thanks Shawn ... this is great information.
I have a feeling that at least one of those attributes cannot be setup
using the jazz/setup dialog (e.g. findGroupsForUserQuery or maybe
findUsersByUserIdQuery) but that's OK.
I'll give it a try this morning.