M6 setup failure: "Security notice" [SOLVED]
Running Bluepages + WAS + DB2
I'm trying to setup LDAP authentication, and so following the instructions at https://jazz.net/wiki/bin/view/Main/ServerSetupForLdapConfigurationM6 I login with my LDAP (bluepages) ID, and I see this error in the SystemOut.log: WARN com.ibm.team.repository.servlet.TeamServerServlet - Security notice during ini tialization: Allowing guest access. Which doesn't cause a problem then. However, when I try to create myself as a user (step 7), it says Unauthorized, and the log tells me that I am a GUEST. I have JazzAdmins role mapped to my user in the jazz_war application, but that doesn't seem to help it. Any other ideas? |
4 answers
|
I have it working now -- I still get that "logging in with guest" warning, but it still logs me in as admin. Oh well ...
Here are my settings. Keep in mind this is specific for BluePages and BlueGroups. I just included the ldap ones here: com.ibm.team.repository.ldap.findUsersByUserIdQuery=mail\=?1 com.ibm.team.repository.ldap.baseGroupDN=ou\=memberlist,ou\=ibmgroups,o\=ibm.com com.ibm.team.repository.ldap.findGroupsForUserQuery=uniquemember\={USER-DN} com.ibm.team.repository.ldap.membersOfGroup=uniquemember com.ibm.team.repository.ldap.userAttributesMapping=userId\=mail,name\=cn,emailAddress\=mail com.ibm.team.repository.ldap.registryLocation=ldap\://bluepages.ibm.com\:389 com.ibm.team.repository.ldap.groupMapping=JazzAdmins\=WAS_JazzAdmins,JazzUsers\=WAS_JazzUsers,JazzDWAdmins\=WAS_JazzDWAdmins,JazzGuests\=WAS_JazzGuests com.ibm.team.repository.ldap.baseUserDN=ou\=bluepages,o\=ibm.com Note that this is different from a couple other posts I've seen, which I don't think should work: 1) The baseGroupDN does not start with ou=WAS_JazzGroups -- the group DN does not contain this, so it doesn't work. 2) The membersOfGroup needs to change to "uniquemember" from "members" -- I didn't see that anywhere. 3) userAttributeMapping should have "userId=mail", since we use the email address as the userId. With that stuff set, you should be good to go. EDIT: In fact, I no longer get that warning about logging in as guest, so it must be fixed! |
Thanks Shawn ... this is great information.
I have a feeling that at least one of those attributes cannot be setup using the jazz/setup dialog (e.g. findGroupsForUserQuery or maybe findUsersByUserIdQuery) but that's OK. I'll give it a try this morning. |
|
I haven't verified this, but is it possible that findGroupsForUserQuery is generated from the setting you specify for membersOfGroup?
|
David,
The new LDAP setup wizard computes (check out the compute other queries checkbox at the bottom of LDAP wizard). findGroupsForUserQuery,findUsersByUserIdQuery, findUsersByName and findUsersByAnyName queries based on the values you provide ----- Balaji "DavidGWard" <davidward@us.dot.ibm.dot.com-dot-nospam.no-spam.invalid> wrote in message news:fti6a9$2p2$1@localhost.localdomain... Thanks Shawn ... this is great information. |
Your answer
Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.