[closed] How to authenticate using a LDAP server?
The question has been closed for the following reason: "Problem is not reproducible or outdated" by rschoon Feb 17 '17, 5:40 a.m.
23 answers
Hi again
I'm using the same group filter:
(&(cn=%v)(|(objectclass=groupOfNames)(objectclass=groupOfUniqueNames)(objectclass=groupOfURLs)))
Christophe Elek wrote:
I'm using the same group filter:
(&(cn=%v)(|(objectclass=groupOfNames)(objectclass=groupOfUniqueNames)(objectclass=groupOfURLs)))
Christophe Elek wrote:
David Ward <davidward@us.ibm.com> wrote in news:fj4kb5$bio$1
@localhost.localdomain:
getUsersGroups return null
K, based on the symptom and the signs, I am wondering if
-1 - we get the credentials and we pass that to the session
-2 - we are able to get the LDAP group
Check the group filter in WebSphere, mine is:
(&(cn=%v)(|(objectclass=groupOfNames)(objectclass=groupOfUniqueNames)
(objectclass=groupOfURLs)))
If this doesn't work, ping me directly :)
What we've done for the VM team is use IIPRealm (http://w3.opensource.ibm.com/projects/iiprealm/) to authenticate against bluepages and bluegroups.
IIPRealm uses the bluepages LDAP for authentication and matches bluegroups to Tomcat roles. You can then link the hard-coded Jazz roles to a bluegroups role (jazz/WEB-INFO/web.xml):
<security-role-ref>
<role-name>JazzAdmin</role-name>
<role-link>bluegroups_name</role-link>
</security-role-ref>
Is that what you're trying to achieve?
IIPRealm uses the bluepages LDAP for authentication and matches bluegroups to Tomcat roles. You can then link the hard-coded Jazz roles to a bluegroups role (jazz/WEB-INFO/web.xml):
<security-role-ref>
<role-name>JazzAdmin</role-name>
<role-link>bluegroups_name</role-link>
</security-role-ref>
Is that what you're trying to achieve?
Just to clarify one thing. All Jazz defined Role Names are plural i.e
JazzUsers, JazzAdmins, JazzDWAdmins and JazzGuests. Make sure if you
modify web.xml you use the plurals ones.
gcastro wrote:
JazzUsers, JazzAdmins, JazzDWAdmins and JazzGuests. Make sure if you
modify web.xml you use the plurals ones.
gcastro wrote:
What we've done for the VM team is use IIPRealm
(http://w3.opensource.ibm.com/projects/iiprealm/) to authenticate
against bluepages and bluegroups.
IIPRealm uses the bluepages LDAP for authentication and matches
bluegroups to Tomcat roles. You can then link the hard-coded Jazz
roles to a bluegroups role (jazz/WEB-INFO/web.xml):
security-role-ref
role-name>JazzAdmin</role-name
role-link>bluegroups_name</role-link
/security-role-ref
Is that what you're trying to achieve?
gabriel_castro@ca.ibm-dot-com.no-spam.invalid (gcastro) wrote in
news:fj73ci$dh7$1@localhost.localdomain:
That's great , but it is only for Tomcat and only internal to IBM right ?
I think we (all) should start authoring a nice crisp doc in jazz.net to
explain how to setup LDAP authentication in WebSphere and Tomcat.
So far it seems the LDAP authentication in the Web Server instead of the
App Server is not fully understood
Where should I post my draft so everyone who is interested has access ?
Should I ask to open a work item in the Community project in Jazz ?
Anyone else interested in working on that with us ?
--
Christophe Elek
Serviceability Architect
IBM Software Group - Rational
news:fj73ci$dh7$1@localhost.localdomain:
What we've done for the VM team is use IIPRealm
(http://w3.opensource.ibm.com/projects/iiprealm/) to authenticate
against bluepages and bluegroups.
That's great , but it is only for Tomcat and only internal to IBM right ?
I think we (all) should start authoring a nice crisp doc in jazz.net to
explain how to setup LDAP authentication in WebSphere and Tomcat.
So far it seems the LDAP authentication in the Web Server instead of the
App Server is not fully understood
Where should I post my draft so everyone who is interested has access ?
Should I ask to open a work item in the Community project in Jazz ?
Anyone else interested in working on that with us ?
--
Christophe Elek
Serviceability Architect
IBM Software Group - Rational
Certainly, Jazz with WAS and Bluepages is tricky if you're not strong
with WAS and LDAP.
Excellent idea to create a doc for that.
BTW: I now have Jazz running on WAS 6.1 with a Federated Bluepages
LDAP. I can contribute my setup info to your wiki/doc
Cheers
Christophe Elek wrote:
with WAS and LDAP.
Excellent idea to create a doc for that.
BTW: I now have Jazz running on WAS 6.1 with a Federated Bluepages
LDAP. I can contribute my setup info to your wiki/doc
Cheers
Christophe Elek wrote:
gabriel_castro@ca.ibm-dot-com.no-spam.invalid (gcastro) wrote in
news:fj73ci$dh7$1@localhost.localdomain:
What we've done for the VM team is use IIPRealm
(http://w3.opensource.ibm.com/projects/iiprealm/) to authenticate
against bluepages and bluegroups.
That's great , but it is only for Tomcat and only internal to IBM right ?
I think we (all) should start authoring a nice crisp doc in jazz.net to
explain how to setup LDAP authentication in WebSphere and Tomcat.
So far it seems the LDAP authentication in the Web Server instead of the
App Server is not fully understood
Where should I post my draft so everyone who is interested has access ?
Should I ask to open a work item in the Community project in Jazz ?
Anyone else interested in working on that with us ?
Hi there
Very interesting ... my questions were relating to Jazz running on WAS
rather than Tomcat. But its nevertheless good for the other IBM'ers
running Jazz/Tomcat to know that IIPRealm product can help.
Cheers
gcastro wrote:
Very interesting ... my questions were relating to Jazz running on WAS
rather than Tomcat. But its nevertheless good for the other IBM'ers
running Jazz/Tomcat to know that IIPRealm product can help.
Cheers
gcastro wrote:
What we've done for the VM team is use IIPRealm
(http://w3.opensource.ibm.com/projects/iiprealm/) to authenticate
against bluepages and bluegroups.
IIPRealm uses the bluepages LDAP for authentication and matches
bluegroups to Tomcat roles. You can then link the hard-coded Jazz
roles to a bluegroups role (jazz/WEB-INFO/web.xml):
security-role-ref
role-name>JazzAdmin</role-name
role-link>bluegroups_name</role-link
/security-role-ref
Is that what you're trying to achieve?
David, Christophe: Do either of you have the first pass of the LDAP / WebSphere document you mentioned?
The reason I ask is that I've set it up with Christophe's document (installjazzwas.doc), and currently with Beta 2 when I click on "Login" the page just seems to reload and not give me a login prompt. Here are my current mappings:
JazzAdmins: me
JazzDWAdmins: me
JazzUsers: All authenticated
JazzGuests: Everyone
The reason I ask is that I've set it up with Christophe's document (installjazzwas.doc), and currently with Beta 2 when I click on "Login" the page just seems to reload and not give me a login prompt. Here are my current mappings:
JazzAdmins: me
JazzDWAdmins: me
JazzUsers: All authenticated
JazzGuests: Everyone
Update on above: It does seem to prompt once when I first get into the application for a user/password, but if I put in myself (which should be under JazzAdmins), it still seems to login as guest and the Login link is nonfunctional.
I am also using Bluepages with the following user filter:
(&(mail=%v)(objectclass=person))
I am also using Bluepages with the following user filter:
(&(mail=%v)(objectclass=person))
Ug, realized another stupid user error: forgot to create the initial user in the repository. That's what I get for thinking I know the instructions better than what I do. Thanks for the tip Christophe.
So that still leaves the question about having the setup information available to all, as was discussed previously in the thread. How could we get the info (minus the Bluegroups-specific stuff) on jazz.net?
So that still leaves the question about having the setup information available to all, as was discussed previously in the thread. How could we get the info (minus the Bluegroups-specific stuff) on jazz.net?
lauzon@us.ibm-dot-com.no-spam.invalid (shawnlauzon) wrote in news:fm5i7u
$lqm$1@localhost.localdomain:
I am working on a new version (that will talk about federated LDAP)
Once this is done I will submit it to jazz.net :)
Will keep you posted :)
--
Christophe Elek
Serviceability Architect
IBM Software Group - Rational
$lqm$1@localhost.localdomain:
How
could we get the info (minus the Bluegroups-specific stuff) on
jazz.net?
I am working on a new version (that will talk about federated LDAP)
Once this is done I will submit it to jazz.net :)
Will keep you posted :)
--
Christophe Elek
Serviceability Architect
IBM Software Group - Rational
page 2of 1 pagesof 2 pagesof 3 pages