M6/bluepages:LDAP connection could not be established
I can access https://hostname:9443/jazz/setup
input ldap user/password successfully. but failed to Setup User Registry(step4). who can provide bluepages config docs and send mail to me? |
9 answers
LDAP Registry Location : ldap://bluepages.ibm.com:389
User Name: Password : // Supports anonymous access Base USER DN : ou=bluepages,o=ibm.com User Property Names Mapping : userId=preferredIdentity,name=cn,emailAddress=mail Base Group DN : ou=memberlist,ou=ibmgroups,o=ibm.com Group Name Mapping : cn Group Member Mapping : uniquemember Group mapping : JazzAdmins=BlueGroupA,JazzUsers=BlueGroupB,JazzDWAdmins=BlueGroupC,JazzGuests=BlueGroupD (// Substitute BlueGroups A, B, C and D with the blue groups you created to maintain the list of users who can access your repo) All other LDAP properties will be computed when you finish the wizard. -- Balaji "openeis" <wangwyu> wrote in message news:fum6r8$v54$1@localhost.localdomain... I can access https://hostname:9443/jazz/setup |
|
|
Hi Balaji,
I believe I have my tomcat config correct for bluepages, inasmuch as I am able to log in to my jazz install using my IIP. I can access the admin section, which I couldn't do before, now that I have modified my web.xml to map my bluegroups to the JazzAdmin & etc groups. I think I have a problem still with my LDAP config within the app itself, because although I can log in, it thinks I am GUEST, and the login link doesn't do anything. I'm assuming that while tomcat was able to authenticate me against bluepages/bluegroups and let me in, Jazz isn't able to find me in bluepages to assign my role at the app level. Where would the most useful logging be occurring so I can figure out where it's failing? My setup *appears* to be the same as the one you indicated in this post. Cheers, Ross Grady |
|
Ross,
The LDAP configuration you specify in the setup wizard / teamserver.properties has nothing to do with assigning you the guest or admin role in the Web UI. It is only used while importing users from LDAP to Jazz repository. To clarify, let me explain to you what happens when you login using Web UI : (or Eclipse UI) --- You login by providing the credentials --- The container (tomcat in your case) authenticates u against the user registry (LDAP) --- Then the container checks the group membership information for your user id. --- If you are part of JazzAdmins group, then you will be redirected to jazz/admin page --- If the user id exists in the Jazz repository, then you are logged in as that user. or else you will be logged in as ADMIN (special user in Jazz repository with Admin access) --- If you are not part of the JazzAdmins group and your user id does not exist in Jazz repository, you will be logged in as Guest (FYI: We are planning to remove this feature because it causes lot of confusion) Are you part of JazzAdmins group in LDAP ? If so, try logging in after removing the browser cache information. ---- Balaji "ragrady" <ragrady> wrote in message news:fut1vt$6hv$1@localhost.localdomain... Hi Balaji, |
After apply these LDAP settings, and restarting the server, I can not authenticate using my IIP. The ADMIN user is still active and I can still use it to log in... How to I enable LDAP so it is used?
|
|
This is the configuration in LDAP setup wizard. The LDAP configuration
specified in the wizard is only used for importing users from an external registry. To authenticate using external user registry (LDAP), you need to configure WebSphere or Tomcat to use LDAP authentication. --- Balaji "brephil" <brephil> wrote in message news:fv16d5$tpe$1@localhost.localdomain... After apply these LDAP settings, and restarting the server, I can not |
So the LDAP setup wizard doesn't touch the Tomcast JNDI configuration?
|
Correct. You configure the app server separately for authentication and authorization, and that is external to our application. The settings we configure in the app provide us the ability to import (other) users from the LDAP directory or to query to see what groups a user is a member of.
You may find the following document helpful: https://jazz.net/wiki/bin/view/Main/LDAP4Dummies |
|
Perfect. Thank you!
Perhaps it would be better titled "Configuring your app server for LDAP". |
Your answer
Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.