It's all about the answers!

Ask a question
QuestionsTagsUsersBadges
Guidelines | FAQ
Follow this question
Question details

×42,874

question asked: Oct 14 '11, 3:43 p.m.
question was seen: 5,095 times
last updated: Oct 14 '11, 3:43 p.m.

Related questions

Disabling LDAP for JAZZ/RTC

0
George Dunye (622) | asked Oct 14 '11, 3:43 p.m.
We have installed RTC/RRC/CCM using LDAP/AD for authentication and repository permissions. We have noticed some glaring issues with the way our corporate AD is configured (groups with in groups with in groups....) and the way users are managed in the application (some users are found others are not, some users have permissions some do not). Apparently there is a limit to how many OU groups you can drill down. Currently due to the size of the corporation and depth of the AD, this can not be re-configured easily. We are configured with a WAS & HTTP to hide the port number for the users.

Question - We are thinking of detaching the LDAP/AD from RTC due to this issues. Has anyone else been thru this scenario? What can I expect to happen to some of the users that are slowly utilizing Jazz in as a production application (having a slow roll out)? Are the users that are using RTC kept in a database or xml file somewhere?


Thanks.

3 answers

Most liked answers ↑|Newest answers|Oldest answers

0
permanent link
Geoffrey Clemm (30.1k33035) | answered Oct 14 '11, 11:28 p.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER
A copy of the user information needed by RTC/RRC/RQM is kept in the Jazz
JTS repository (user name, login id, mail address), and this is kept in
sync with the LDAP info with a nightly sync script. So when you
"desync" from LDAP, that information should still be available in the
JTS repository. But you still need an authentication mechanism ...
there is a Tomcat mechanism you can use, and if you are using Websphere,
I'm guessing you have choices there as well ... but I'll defer to others
who know the details of that.

Cheers,
Geoff

On 10/14/2011 3:45 PM, gdunye wrote:
We have installed RTC/RRC/CCM using LDAP/AD for authentication and
repository permissions. We have noticed some glaring issues with the
way our corporate AD is configured (groups with in groups with in
groups....) and the way users are managed in the application (some
users are found others are not, some users have permissions some do
not). Apparently there is a limit to how many OU groups you can drill
down. Currently due to the size of the corporation and depth of the
AD, this can not be re-configured easily. We are configured with a
WAS& HTTP to hide the port number for the users.

Question - We are thinking of detaching the LDAP/AD from RTC due to
this issues. Has anyone else been thru this scenario? What can I
expect to happen to some of the users that are slowly utilizing Jazz
in as a production application (having a slow roll out)? Are the
users that are using RTC kept in a database or xml file somewhere?


Thanks.
0
permanent link
Ralph Schoon (63.5k33646) | answered Oct 17 '11, 4:30 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER
Hi,

you can switch off LDAP in WAS or use a federated realm. See https://jazz.net/library/article/604 for some more details. I think managing the users in WAS is tedious. In addition it can probably not be shared by several WAS instances. Have you considered to setup your own LDAP server just for managing the RTC users? That would be my preference if I had to do it.
0
permanent link
George Dunye (622) | answered Oct 19 '11, 5:28 p.m.
Thanks Geoff & rschoon!

I will look into those possible avenues for a solution to our auth/permit issue.

G

Your answer

Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.