Updates to LDAP JazzAdmins group not getting populated
Hi, all.
We are running Jazz server with WebSphere 6.1.0.15 and DB2 9.5. I have created a group on our LDAP environment for JazzAdmins and a group for JazzUsers, both of which are mapped to the admins and users groups in the LDAP configuration of our Jazz server. I initially populated the JazzAdmins group only on the LDAP server with a few LDAP users. When LDAPNightlySyncTask ran on the Jazz server, the LDAP users were added to the local Jazz repository. I then added one user and removed one from the JazzAdmins group on the LDAP server. When LDAPNightlySyncTask ran on the Jazz server, nothing was updated in the local Jazz repository. Then, I added LDAP users to the JazzUsers group on the LDAP server. When LDAPNightlySyncTask ran on the Jazz server, these new JazzUsers group additions were populated to the local Jazz repository.
Does anybody have any ideas why the JazzUsers group updates are getting populated but the JazzAdmins group updates aren't?
Thanks in advance.
Chris
We are running Jazz server with WebSphere 6.1.0.15 and DB2 9.5. I have created a group on our LDAP environment for JazzAdmins and a group for JazzUsers, both of which are mapped to the admins and users groups in the LDAP configuration of our Jazz server. I initially populated the JazzAdmins group only on the LDAP server with a few LDAP users. When LDAPNightlySyncTask ran on the Jazz server, the LDAP users were added to the local Jazz repository. I then added one user and removed one from the JazzAdmins group on the LDAP server. When LDAPNightlySyncTask ran on the Jazz server, nothing was updated in the local Jazz repository. Then, I added LDAP users to the JazzUsers group on the LDAP server. When LDAPNightlySyncTask ran on the Jazz server, these new JazzUsers group additions were populated to the local Jazz repository.
Does anybody have any ideas why the JazzUsers group updates are getting populated but the JazzAdmins group updates aren't?
Thanks in advance.
Chris
9 answers
When talking about the LDAP nightly sync, it's important to remember
that only the user data is sync'd, and not the role assignments. The
role assignments are always kept in the LDAP server, and queried when
needed.
Are you describing that new users added to the JazzAdmins role are not
automatically created in the RTC server?
cerrichetti wrote:
that only the user data is sync'd, and not the role assignments. The
role assignments are always kept in the LDAP server, and queried when
needed.
Are you describing that new users added to the JazzAdmins role are not
automatically created in the RTC server?
cerrichetti wrote:
Hi, all.
We are running Jazz server with WebSphere 6.1.0.15 and DB2 9.5. I
have created a group on our LDAP environment for JazzAdmins and a
group for JazzUsers, both of which are mapped to the admins and users
groups in the LDAP configuration of our Jazz server. I initially
populated the JazzAdmins group only on the LDAP server with a few
LDAP users. When LDAPNightlySyncTask ran on the Jazz server, the
LDAP users were added to the local Jazz repository. I then added one
user and removed one from the JazzAdmins group on the LDAP server.
When LDAPNightlySyncTask ran on the Jazz server, nothing was updated
in the local Jazz repository. Then, I added LDAP users to the
JazzUsers group on the LDAP server. When LDAPNightlySyncTask ran on
the Jazz server, these new JazzUsers group additions were populated
to the local Jazz repository.
Does anybody have any ideas why the JazzUsers group updates are
getting populated but the JazzAdmins group updates aren't?
Thanks in advance.
Chris
When you remove a user from LDAP (that is already present in Jazz repo), we
don't automatically archive the user in Jazz repository. You need to archive
the user manually. For new users created in LDAP, we create the user in
Jazz repository.
------- Balaji
"cerrichetti" <chris_errichetti> wrote in
message news:g7crks$duu$1@localhost.localdomain...
don't automatically archive the user in Jazz repository. You need to archive
the user manually. For new users created in LDAP, we create the user in
Jazz repository.
------- Balaji
"cerrichetti" <chris_errichetti> wrote in
message news:g7crks$duu$1@localhost.localdomain...
Hi, all.
We are running Jazz server with WebSphere 6.1.0.15 and DB2 9.5. I
have created a group on our LDAP environment for JazzAdmins and a
group for JazzUsers, both of which are mapped to the admins and users
groups in the LDAP configuration of our Jazz server. I initially
populated the JazzAdmins group only on the LDAP server with a few
LDAP users. When LDAPNightlySyncTask ran on the Jazz server, the
LDAP users were added to the local Jazz repository. I then added one
user and removed one from the JazzAdmins group on the LDAP server.
When LDAPNightlySyncTask ran on the Jazz server, nothing was updated
in the local Jazz repository. Then, I added LDAP users to the
JazzUsers group on the LDAP server. When LDAPNightlySyncTask ran on
the Jazz server, these new JazzUsers group additions were populated
to the local Jazz repository.
Does anybody have any ideas why the JazzUsers group updates are
getting populated but the JazzAdmins group updates aren't?
Thanks in advance.
Chris
When talking about the LDAP nightly sync, it's important to remember that only the user data is sync'd, and not the role assignments. The role assignments are always kept in the LDAP server, and queried when needed.
Are you describing that new users added to the JazzAdmins role are not automatically created in the RTC server?
On the LDAP server, I have two groups: one called LDAPJazzAdmins and one called LDAPJazzUsers. Both of these groups exist on the LDAP server only. In the Jazz server configuration, I have mapped the LDAPJazzAdmins LDAP group to the JazzAdmins local repository group and the LDAPJazzUsers LDAP group to the JazzUsers local repository group. When I log on to the LDAP server and add a new user to the LDAPJazzUsers group, the user gets populated to the JazzUsers group in the local repository. However, when I log on to the LDAP server and add a new user to the LDAPJazzAdmins group, the user does not get populated to the JazzAdmins group in the local repository. In my particular issue, the roles assigned to the user accounts are irrelevant.
Thanks.
Chris
Chris,
In case you are not aware, the server provides a feed you can subscribe to
to view events from the LDAP sync. This is in the docs at
https://jazz.net/jazzdocs/topic/com.ibm.team.repository.web.admin.doc/topics/cldapsynctaskfeed.html
You might want to try the following:
-Check the feed to see if you see any events or errors related to the users
you expect to be added
-Check your LDAP properties in the Jazz server admin web UI advanced
configuration page. Make sure that your group mappings are correctly
configured. Remember that the group mappings are configured in the
container (WAS) for authentication and authorization, and are also
configured in Jazz for user import.
--
Ritchie Schacher
Jazz Server Development
"cerrichetti" <chris_errichetti> wrote in
message news:g7fl9j$lhm$1@localhost.localdomain...
In case you are not aware, the server provides a feed you can subscribe to
to view events from the LDAP sync. This is in the docs at
https://jazz.net/jazzdocs/topic/com.ibm.team.repository.web.admin.doc/topics/cldapsynctaskfeed.html
You might want to try the following:
-Check the feed to see if you see any events or errors related to the users
you expect to be added
-Check your LDAP properties in the Jazz server admin web UI advanced
configuration page. Make sure that your group mappings are correctly
configured. Remember that the group mappings are configured in the
container (WAS) for authentication and authorization, and are also
configured in Jazz for user import.
--
Ritchie Schacher
Jazz Server Development
"cerrichetti" <chris_errichetti> wrote in
message news:g7fl9j$lhm$1@localhost.localdomain...
When talking about the LDAP nightly sync, it's important to remember
that only the user data is sync'd, and not the role assignments. The
role assignments are always kept in the LDAP server, and queried when
needed.
Are you describing that new users added to the JazzAdmins role are
not automatically created in the RTC server?
On the LDAP server, I have two groups: one called LDAPJazzAdmins and
one called LDAPJazzUsers. Both of these groups exist on the LDAP
server only. In the Jazz server configuration, I have mapped the
LDAPJazzAdmins LDAP group to the JazzAdmins local repository group
and the LDAPJazzUsers LDAP group to the JazzUsers local repository
group. When I log on to the LDAP server and add a new user to the
LDAPJazzUsers group, the user gets populated to the JazzUsers group
in the local repository. However, when I log on to the LDAP server
and add a new user to the LDAPJazzAdmins group, the user does not get
populated to the JazzAdmins group in the local repository. In my
particular issue, the roles assigned to the user accounts are
irrelevant.
Thanks.
Chris
Hi, all.
Still having some issues with syncing up the repository with the LDAP groups that I have defined. Several valid user IDs were added to our JazzUsers group that was created on the LDAP server and is linked to the configuration on the Jazz server. All but one of the user IDs was populated to the repository at the next LDAP Nightly sync task run. I checked the events feed and see the following error in regards to the ID that didn't get populated to the repository:
The user "uid=xxxxxxxx,c=xx,ou=xxxxxxx,o=xxx" is invalid...
This user has more than one user id.
However, this ID doesn't show up in the admin console view of the users. I also get this error for another user ID that I had to archive and then create by importing through the admin console. FYI, I see the same user ID info in IE 6 and Firefox 3.
Any ideas on what is happening here?
Thanks.
Chris
Still having some issues with syncing up the repository with the LDAP groups that I have defined. Several valid user IDs were added to our JazzUsers group that was created on the LDAP server and is linked to the configuration on the Jazz server. All but one of the user IDs was populated to the repository at the next LDAP Nightly sync task run. I checked the events feed and see the following error in regards to the ID that didn't get populated to the repository:
The user "uid=xxxxxxxx,c=xx,ou=xxxxxxx,o=xxx" is invalid...
This user has more than one user id.
However, this ID doesn't show up in the admin console view of the users. I also get this error for another user ID that I had to archive and then create by importing through the admin console. FYI, I see the same user ID info in IE 6 and Firefox 3.
Any ideas on what is happening here?
Thanks.
Chris
The correct solution is to fix both WebSphere LDAP configuration and user property mapping in advanced properties.
But IBM bluepages authentication is tolerant to multiple email addresses associated with an user.
So to fix your problem, edit Advanced properties->LDAPUserRegistryProvider->UserProperty mapping.. The mapping value must beuserId=preferredIdentity,name=cn,emailAddress=mail
But IBM bluepages authentication is tolerant to multiple email addresses associated with an user.
So to fix your problem, edit Advanced properties->LDAPUserRegistryProvider->UserProperty mapping.. The mapping value must be