It's all about the answers!

Ask a question
QuestionsTagsUsersBadges
Follow this question
Question details

×42,790

question asked: Jul 09 '07, 11:36 a.m.
question was seen: 14,969 times
last updated: Feb 17 '17, 5:40 a.m.

Related questions

FAQ - How this Forum works

[closed] How to authenticate using a LDAP server?

0
Jeffrey Liu (111131) | asked Jul 09 '07, 11:36 a.m.
closed Feb 17 '17, 5:40 a.m. by Ralph Schoon (63.1k33646)

Hi,

I followed the tutorials to setup my server, good stuffs. However, the tutorials don't seem to go into details about how to setup authentication. Specifically, I want to setup authentication with a LDAP server. Is there any documentation on this topic?

Thanks,

Jeff

The question has been closed for the following reason: "Problem is not reproducible or outdated" by rschoon Feb 17 '17, 5:40 a.m.

23 answers

Most liked answers ↑|Newest answers|Oldest answers

0
permanent link
Tom Frauenhofer (1.3k58435) | answered Dec 05 '07, 9:58 a.m.
Hi again

I'm using the same group filter:

(&(cn=%v)(|(objectclass=groupOfNames)(objectclass=groupOfUniqueNames)(objectclass=groupOfURLs)))

Christophe Elek wrote:
David Ward <davidward@us.ibm.com> wrote in news:fj4kb5$bio$1
@localhost.localdomain:

getUsersGroups return null

K, based on the symptom and the signs, I am wondering if
-1 - we get the credentials and we pass that to the session
-2 - we are able to get the LDAP group

Check the group filter in WebSphere, mine is:
(&(cn=%v)(|(objectclass=groupOfNames)(objectclass=groupOfUniqueNames)
(objectclass=groupOfURLs)))

If this doesn't work, ping me directly :)
0
permanent link
Gabriel Castro (1216) | answered Dec 05 '07, 3:55 p.m.
What we've done for the VM team is use IIPRealm (http://w3.opensource.ibm.com/projects/iiprealm/) to authenticate against bluepages and bluegroups.

IIPRealm uses the bluepages LDAP for authentication and matches bluegroups to Tomcat roles. You can then link the hard-coded Jazz roles to a bluegroups role (jazz/WEB-INFO/web.xml):

<security-role-ref>
<role-name>JazzAdmin</role-name>
<role-link>bluegroups_name</role-link>
</security-role-ref>

Is that what you're trying to achieve?
0
permanent link
Richard Backhouse (6661) | answered Dec 05 '07, 5:18 p.m.
JAZZ DEVELOPER
Just to clarify one thing. All Jazz defined Role Names are plural i.e
JazzUsers, JazzAdmins, JazzDWAdmins and JazzGuests. Make sure if you
modify web.xml you use the plurals ones.


gcastro wrote:
What we've done for the VM team is use IIPRealm
(http://w3.opensource.ibm.com/projects/iiprealm/) to authenticate
against bluepages and bluegroups.

IIPRealm uses the bluepages LDAP for authentication and matches
bluegroups to Tomcat roles. You can then link the hard-coded Jazz
roles to a bluegroups role (jazz/WEB-INFO/web.xml):

security-role-ref
role-name>JazzAdmin</role-name
role-link>bluegroups_name</role-link
/security-role-ref

Is that what you're trying to achieve?
0
permanent link
Christophe Elek (2.9k13021) | answered Dec 06 '07, 6:28 a.m.
JAZZ DEVELOPER
gabriel_castro@ca.ibm-dot-com.no-spam.invalid (gcastro) wrote in
news:fj73ci$dh7$1@localhost.localdomain:

What we've done for the VM team is use IIPRealm
(http://w3.opensource.ibm.com/projects/iiprealm/) to authenticate
against bluepages and bluegroups.

That's great , but it is only for Tomcat and only internal to IBM right ?
I think we (all) should start authoring a nice crisp doc in jazz.net to
explain how to setup LDAP authentication in WebSphere and Tomcat.
So far it seems the LDAP authentication in the Web Server instead of the
App Server is not fully understood

Where should I post my draft so everyone who is interested has access ?
Should I ask to open a work item in the Community project in Jazz ?
Anyone else interested in working on that with us ?

--
Christophe Elek
Serviceability Architect
IBM Software Group - Rational
0
permanent link
Tom Frauenhofer (1.3k58435) | answered Dec 06 '07, 12:48 p.m.
Certainly, Jazz with WAS and Bluepages is tricky if you're not strong
with WAS and LDAP.

Excellent idea to create a doc for that.

BTW: I now have Jazz running on WAS 6.1 with a Federated Bluepages
LDAP. I can contribute my setup info to your wiki/doc

Cheers

Christophe Elek wrote:

gabriel_castro@ca.ibm-dot-com.no-spam.invalid (gcastro) wrote in
news:fj73ci$dh7$1@localhost.localdomain:

What we've done for the VM team is use IIPRealm
(http://w3.opensource.ibm.com/projects/iiprealm/) to authenticate
against bluepages and bluegroups.

That's great , but it is only for Tomcat and only internal to IBM right ?
I think we (all) should start authoring a nice crisp doc in jazz.net to
explain how to setup LDAP authentication in WebSphere and Tomcat.
So far it seems the LDAP authentication in the Web Server instead of the
App Server is not fully understood

Where should I post my draft so everyone who is interested has access ?
Should I ask to open a work item in the Community project in Jazz ?
Anyone else interested in working on that with us ?
0
permanent link
Tom Frauenhofer (1.3k58435) | answered Dec 06 '07, 12:48 p.m.
Hi there

Very interesting ... my questions were relating to Jazz running on WAS
rather than Tomcat. But its nevertheless good for the other IBM'ers
running Jazz/Tomcat to know that IIPRealm product can help.

Cheers

gcastro wrote:
What we've done for the VM team is use IIPRealm
(http://w3.opensource.ibm.com/projects/iiprealm/) to authenticate
against bluepages and bluegroups.

IIPRealm uses the bluepages LDAP for authentication and matches
bluegroups to Tomcat roles. You can then link the hard-coded Jazz
roles to a bluegroups role (jazz/WEB-INFO/web.xml):

security-role-ref
role-name>JazzAdmin</role-name
role-link>bluegroups_name</role-link
/security-role-ref

Is that what you're trying to achieve?
0
permanent link
Shawn Lauzon (38174) | answered Jan 10 '08, 9:32 a.m.
David, Christophe: Do either of you have the first pass of the LDAP / WebSphere document you mentioned?

The reason I ask is that I've set it up with Christophe's document (installjazzwas.doc), and currently with Beta 2 when I click on "Login" the page just seems to reload and not give me a login prompt. Here are my current mappings:

JazzAdmins: me
JazzDWAdmins: me
JazzUsers: All authenticated
JazzGuests: Everyone
0
permanent link
Shawn Lauzon (38174) | answered Jan 10 '08, 9:38 a.m.
Update on above: It does seem to prompt once when I first get into the application for a user/password, but if I put in myself (which should be under JazzAdmins), it still seems to login as guest and the Login link is nonfunctional.

I am also using Bluepages with the following user filter:
(&(mail=%v)(objectclass=person))
0
permanent link
Shawn Lauzon (38174) | answered Jan 10 '08, 11:44 a.m.
Ug, realized another stupid user error: forgot to create the initial user in the repository. That's what I get for thinking I know the instructions better than what I do. Thanks for the tip Christophe.

So that still leaves the question about having the setup information available to all, as was discussed previously in the thread. How could we get the info (minus the Bluegroups-specific stuff) on jazz.net?
0
permanent link
Christophe Elek (2.9k13021) | answered Jan 11 '08, 3:14 a.m.
JAZZ DEVELOPER
lauzon@us.ibm-dot-com.no-spam.invalid (shawnlauzon) wrote in news:fm5i7u
$lqm$1@localhost.localdomain:

How
could we get the info (minus the Bluegroups-specific stuff) on
jazz.net?


I am working on a new version (that will talk about federated LDAP)
Once this is done I will submit it to jazz.net :)
Will keep you posted :)

--
Christophe Elek
Serviceability Architect
IBM Software Group - Rational