Jazz Forum Welcome to the Jazz Community Forum Connect and collaborate with IBM Engineering experts and users

JTS setup - LDAP Jazz Groups problem - CRJAZ1558E

I am trying to set up RTC 3.0.1 with tomcat and derby, and I have been following the Interactive Install Guide on the IBM RTC site.

At the Setup User Registry stage I have selected LDAP.

When I test I get the error CRJAZ1558E - Testing the LDAP configuration results in error.
The user "***" does not have the JazzAdmins role.

As the User ID supplied when the Test Connections options is appearing in the Error I am surmising that the User login details are correct and the correct user details are being found.

We have set up the 5 Jazz groups in our active directory, and I have been added as a member to JazzAdmins (we kept the names the same as the JTS groups).

Using the Softera LDAP Browser - a search using (cn=JazzAdmins) brings up the appropriate entry in Active Directory.

On our system in Active Directory the "member" attribute uses the DN, and I am guessing that JTS is looking for the UserID.

I dont see any way to tell JTS that "member" is the DN of the user.

Is there a way to do this on the SetUp User Registry screen?

Is there a way to see what the ldap communication is when on the test and what is actually being sent and received when you select Test Connection?

Any help or guidance would greatly be appreciated

0 votes



6 answers

Permanent link
This is my settings in AD/WAS.

http://i51.tinypic.com/161kjgn.png

0 votes


Permanent link
I believe it does use the DN of the user in the group.
Here's my Jazz Admin account as it shows up in the JazzAdmin group
memberUid: uid=jazzadmin,ou=people,dc=example,dc=com
(I am using OpenLDAP)


I have used wireshark to troubleshoot a few similar issues.
Note the ldap server has to be remote from the RTC server.
Start wireshark on the RTC server have the user attempt to perform the operation, stop wireshark then look for calls over the port you are using to contact the ldap server.

The info column in the packet list section and the data in the packet bytes section will usually give some clues as to what is happening. Admittedly it does take a couple times looking through the trace before it starts making sense (Unless you are already and expert in reading a network trace)



I am trying to set up RTC 3.0.1 with tomcat and derby, and I have been following the Interactive Install Guide on the IBM RTC site.

At the Setup User Registry stage I have selected LDAP.

When I test I get the error CRJAZ1558E - Testing the LDAP configuration results in error.
The user "***" does not have the JazzAdmins role.

As the User ID supplied when the Test Connections options is appearing in the Error I am surmising that the User login details are correct and the correct user details are being found.

We have set up the 5 Jazz groups in our active directory, and I have been added as a member to JazzAdmins (we kept the names the same as the JTS groups).

Using the Softera LDAP Browser - a search using (cn=JazzAdmins) brings up the appropriate entry in Active Directory.

On our system in Active Directory the "member" attribute uses the DN, and I am guessing that JTS is looking for the UserID.

I dont see any way to tell JTS that "member" is the DN of the user.

Is there a way to do this on the SetUp User Registry screen?

Is there a way to see what the ldap communication is when on the test and what is actually being sent and received when you select Test Connection?

Any help or guidance would greatly be appreciated

0 votes


Permanent link
There is also a technote on this that you can find on the setup page step 6 "Setup User Registry"


Step 2:Configure Jazz Team Server to use an LDAP server to act as my user registry

Once you have configured your application server and LDAP server as described in the server setup guide, complete this form to configure the Jazz Team Server to use your LDAP server for user and group information.
For additional reference and help browsing your directory, see the topic How to verify LDAP parameters for Jazz Team server configuration.


This is the link:
http://www.ibm.com/support/docview.wss?uid=swg21445366

It helpe dme to figure out the parameter.

0 votes


Permanent link
Karl

Thank for this. I am not sure if I am allowed to install Wireshark on company machines, but I will try to see what I can do.

However chances are it will just confirm that with the various member uses a DN and not a some form of UID.


Ralph
Thanks for the link. I had already found that, that what led me to suspect that the jazz groups members search is on a UID.


What I am trying to find out if there is some way to get the DN from the User and put that in the Group search. From the tomcat set-up interface there does not look to be a way to do this with the parameters given.

And as it is a Red Error, I can't Finish the install using LDAP with this problem. I also don't particually the local tomcat user database option as this has to eventually work with ldap.

0 votes


Permanent link
Hi,

I'd like to help, but I am a LDAP dummy :wink: all I know is there are restrictions on how JAzz works with LDAP. You could try to create a work item and/or PMR to get more qualified help.

As a sidenote, if you are blocked, you could start with tomcat without LDAP.as long as you make sure to use the same ID (case sensitive) when creating the users. Then you could switch to LDAP later, once you have figured it out.

0 votes


Permanent link
Going for local user database then converting to ldap later is starting to look like the immediate way forward.

Hi,

I'd like to help, but I am a LDAP dummy :wink: all I know is there are restrictions on how JAzz works with LDAP. You could try to create a work item and/or PMR to get more qualified help.

As a sidenote, if you are blocked, you could start with tomcat without LDAP.as long as you make sure to use the same ID (case sensitive) when creating the users. Then you could switch to LDAP later, once you have figured it out.

0 votes

Your answer

Register or log in to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.

Search context
Follow this question

By Email: 

Once you sign in you will be able to subscribe for any updates here.

By RSS:

Answers
Answers and Comments
Question details

Question asked: Aug 25 '11, 6:13 a.m.

Question was seen: 5,712 times

Last updated: Aug 25 '11, 6:13 a.m.

Confirmation Cancel Confirm