How do I specify More than one Base User DN for LDAP AD
Hello,
I am trying to specify more than 1 Base User DN for RTC 2.0.0.2 integration with LDAP/Active Directory?
I have an RTC Enterprise install using Tomcat and LDAP. My company's LDAP/Active Directory is configured as a forest of trees which brings me to my issue:
When I configure the Team Server to use LDAP I need to enter two BaseUserDN's. (one for each of the two trees I want to search for users in).
For Tomcat in the server.xml file I put:
<Realm>
But how do I do the same for TeamServer?
Can I just edit the Base User DN in the Admin web to add the same information?
Thanks
JoeB
I am trying to specify more than 1 Base User DN for RTC 2.0.0.2 integration with LDAP/Active Directory?
I have an RTC Enterprise install using Tomcat and LDAP. My company's LDAP/Active Directory is configured as a forest of trees which brings me to my issue:
When I configure the Team Server to use LDAP I need to enter two BaseUserDN's. (one for each of the two trees I want to search for users in).
For Tomcat in the server.xml file I put:
<Realm>
But how do I do the same for TeamServer?
Can I just edit the Base User DN in the Admin web to add the same information?
Thanks
JoeB
4 answers
Hello,
I am trying to specify more than 1 Base User DN for RTC 2.0.0.2 integration with LDAP/Active Directory?
Joe,
Natively, tomcat does not allow you to point to multiple LDAP server, but you can use UserSearch to find the user.
Jazz server only allows one BaseDN, so you should put the common Base for all user - will this cause an issue ? do we have duplicate ?
Chris
Hello,
I am trying to specify more than 1 Base User DN for RTC 2.0.0.2 integration with LDAP/Active Directory?
Joe,
Natively, tomcat does not allow you to point to multiple LDAP server, but you can use UserSearch to find the user.
Jazz server only allows one BaseDN, so you should put the common Base for all user - will this cause an issue ? do we have duplicate ?
Chris
Hi Chris
I am seeing this more often (forest/tree-type LDAP setup) - for example, one LDAP branch for US, one of Europe, etc. Do we need to look to the application server (WAS) to support this structure, or do we need to raise enhancement requests for RTC/JTS?
thanks,
anthony
Hello Chris and Anthony,
Anthony is correct, these are two trees and only 1 LDAP server.
I configured Tomcat as follows:
#<Realm>
And I was wondering if I can just edit the teamserver.properties files and replace this:
com.ibm.team.repository.ldap.baseUserDN=ou\=bluepages,o\=ibm.com
With
com.ibm.team.repository.ldap.baseUserDN="(ou\=bluepages,o\=ibm.com)(ou\=people,dc\=ibm,dc\=com)"
Your thoughts
Joe
Anthony is correct, these are two trees and only 1 LDAP server.
I configured Tomcat as follows:
#<Realm>
And I was wondering if I can just edit the teamserver.properties files and replace this:
com.ibm.team.repository.ldap.baseUserDN=ou\=bluepages,o\=ibm.com
With
com.ibm.team.repository.ldap.baseUserDN="(ou\=bluepages,o\=ibm.com)(ou\=people,dc\=ibm,dc\=com)"
Your thoughts
Joe
Hello Chris and Anthony,
Anthony is correct, these are two trees and only 1 LDAP server.
So in Tomcat, you can use userPattern to have a complex search
In Jazz, use the common BaseDN - if we have 2 roots, Jazz does not support it - you would have to manually export the user to import them in the DB - OR- you switch the base DN and you run the synchronization daily...
Chris