It's all about the answers!

Ask a question

Changing LDAP group associations


Jay Curtiss (2122) | asked Sep 02 '08, 12:41 p.m.
We decided to refactor our LDAP groups. We originally had one user group mapped to JazzUsers and JazzGuests, and another mapped to JazzAdmins and JazzDWAdmins. We created new LDAP groups so that each Jazz group would have it's own corresponding LDAP group. I changed team.properties to reflect the new mappings, restarted everything, and let the LDAP sync run overnight. However, the Admin users were unable to perform functions that they previously had available. Only by re-adding the user to the old admin LDAP group was I able to get it to work. Can anyone tell me what else needs to be done to get the server to recognize the new mappings?

3 answers



permanent link
Matt Lavin (2.7k2) | answered Sep 02 '08, 1:35 p.m.
FORUM MODERATOR / JAZZ DEVELOPER
The nightly LDAP sync is only used to update user information, such as a
person's name.

Group membership is managed by the J2EE container, and is not affected
by changes to the teamserver.properties file. Did you also update the
application server's LDAP group mappings?

Matt Lavin
Jazz Server Team


jcurtiss wrote:
We decided to refactor our LDAP groups. We originally had one user
group mapped to JazzUsers and JazzGuests, and another mapped to
JazzAdmins and JazzDWAdmins. We created new LDAP groups so that each
Jazz group would have it's own corresponding LDAP group. I changed
team.properties to reflect the new mappings, restarted everything,
and let the LDAP sync run overnight. However, the Admin users were
unable to perform functions that they previously had available. Only
by re-adding the user to the old admin LDAP group was I able to get it
to work. Can anyone tell me what else needs to be done to get the
server to recognize the new mappings?

permanent link
Balaji Krish (1.8k12) | answered Sep 02 '08, 3:43 p.m.
JAZZ DEVELOPER
Did you update server.xml with the new mapping information?

https://jazz.net/wiki/bin/view/Main/LDAP4Dummies describes all the changes you need to make to make to server.xml to map Jazz roles to LDAP role names.

--- Balaji
Jazz Server Team


We decided to refactor our LDAP groups. We originally had one user group mapped to JazzUsers and JazzGuests, and another mapped to JazzAdmins and JazzDWAdmins. We created new LDAP groups so that each Jazz group would have it's own corresponding LDAP group. I changed team.properties to reflect the new mappings, restarted everything, and let the LDAP sync run overnight. However, the Admin users were unable to perform functions that they previously had available. Only by re-adding the user to the old admin LDAP group was I able to get it to work. Can anyone tell me what else needs to be done to get the server to recognize the new mappings?

permanent link
Jay Curtiss (2122) | answered Sep 02 '08, 3:50 p.m.
That was the link I needed (also got it from Matt via Sametime). I configured this machine two months ago, couldn't remember where that doc was.

Your answer


Register or to post your answer.