[closed] How to authenticate using a LDAP server?
Jeffrey Liu (111●1●3●1)
| asked Jul 09 '07, 11:36 a.m.
closed Feb 17 '17, 5:40 a.m. by Ralph Schoon (63.1k●3●36●46) Hi,
|
The question has been closed for the following reason: "Problem is not reproducible or outdated" by rschoon Feb 17 '17, 5:40 a.m.
23 answers
Hi again
I'm using the same group filter: (&(cn=%v)(|(objectclass=groupOfNames)(objectclass=groupOfUniqueNames)(objectclass=groupOfURLs))) Christophe Elek wrote: David Ward <davidward@us.ibm.com> wrote in news:fj4kb5$bio$1 |
What we've done for the VM team is use IIPRealm (http://w3.opensource.ibm.com/projects/iiprealm/) to authenticate against bluepages and bluegroups.
IIPRealm uses the bluepages LDAP for authentication and matches bluegroups to Tomcat roles. You can then link the hard-coded Jazz roles to a bluegroups role (jazz/WEB-INFO/web.xml): <security-role-ref> <role-name>JazzAdmin</role-name> <role-link>bluegroups_name</role-link> </security-role-ref> Is that what you're trying to achieve? |
Just to clarify one thing. All Jazz defined Role Names are plural i.e
JazzUsers, JazzAdmins, JazzDWAdmins and JazzGuests. Make sure if you modify web.xml you use the plurals ones. gcastro wrote: What we've done for the VM team is use IIPRealm |
gabriel_castro@ca.ibm-dot-com.no-spam.invalid (gcastro) wrote in
news:fj73ci$dh7$1@localhost.localdomain: What we've done for the VM team is use IIPRealm That's great , but it is only for Tomcat and only internal to IBM right ? I think we (all) should start authoring a nice crisp doc in jazz.net to explain how to setup LDAP authentication in WebSphere and Tomcat. So far it seems the LDAP authentication in the Web Server instead of the App Server is not fully understood Where should I post my draft so everyone who is interested has access ? Should I ask to open a work item in the Community project in Jazz ? Anyone else interested in working on that with us ? -- Christophe Elek Serviceability Architect IBM Software Group - Rational |
Certainly, Jazz with WAS and Bluepages is tricky if you're not strong
with WAS and LDAP. Excellent idea to create a doc for that. BTW: I now have Jazz running on WAS 6.1 with a Federated Bluepages LDAP. I can contribute my setup info to your wiki/doc Cheers Christophe Elek wrote: gabriel_castro@ca.ibm-dot-com.no-spam.invalid (gcastro) wrote in |
Hi there
Very interesting ... my questions were relating to Jazz running on WAS rather than Tomcat. But its nevertheless good for the other IBM'ers running Jazz/Tomcat to know that IIPRealm product can help. Cheers gcastro wrote: What we've done for the VM team is use IIPRealm |
David, Christophe: Do either of you have the first pass of the LDAP / WebSphere document you mentioned?
The reason I ask is that I've set it up with Christophe's document (installjazzwas.doc), and currently with Beta 2 when I click on "Login" the page just seems to reload and not give me a login prompt. Here are my current mappings: JazzAdmins: me JazzDWAdmins: me JazzUsers: All authenticated JazzGuests: Everyone |
Update on above: It does seem to prompt once when I first get into the application for a user/password, but if I put in myself (which should be under JazzAdmins), it still seems to login as guest and the Login link is nonfunctional.
I am also using Bluepages with the following user filter: (&(mail=%v)(objectclass=person)) |
Ug, realized another stupid user error: forgot to create the initial user in the repository. That's what I get for thinking I know the instructions better than what I do. Thanks for the tip Christophe.
So that still leaves the question about having the setup information available to all, as was discussed previously in the thread. How could we get the info (minus the Bluegroups-specific stuff) on jazz.net? |
lauzon@us.ibm-dot-com.no-spam.invalid (shawnlauzon) wrote in news:fm5i7u
$lqm$1@localhost.localdomain: How I am working on a new version (that will talk about federated LDAP) Once this is done I will submit it to jazz.net :) Will keep you posted :) -- Christophe Elek Serviceability Architect IBM Software Group - Rational |