Jazz Forum Welcome to the Jazz Community Forum Connect and collaborate with IBM Engineering experts and users

Changing LDAP group associations

Questions
Tags
Users
Badges
Jay Curtiss
(2122) Sep 02 '08, 12:41 p.m.
We decided to refactor our LDAP groups. We originally had one user group mapped to JazzUsers and JazzGuests, and another mapped to JazzAdmins and JazzDWAdmins. We created new LDAP groups so that each Jazz group would have it's own corresponding LDAP group. I changed team.properties to reflect the new mappings, restarted everything, and let the LDAP sync run overnight. However, the Admin users were unable to perform functions that they previously had available. Only by re-adding the user to the old admin LDAP group was I able to get it to work. Can anyone tell me what else needs to be done to get the server to recognize the new mappings?

0 votes

3 answers
4,154 views
0 votes

3 answers

Permanent link
Matt Lavin
FORUM MODERATOR / JAZZ DEVELOPER (2.7k2) Sep 02 '08, 1:35 p.m.
The nightly LDAP sync is only used to update user information, such as a
person's name.

Group membership is managed by the J2EE container, and is not affected
by changes to the teamserver.properties file. Did you also update the
application server's LDAP group mappings?

Matt Lavin
Jazz Server Team


jcurtiss wrote:
We decided to refactor our LDAP groups. We originally had one user
group mapped to JazzUsers and JazzGuests, and another mapped to
JazzAdmins and JazzDWAdmins. We created new LDAP groups so that each
Jazz group would have it's own corresponding LDAP group. I changed
team.properties to reflect the new mappings, restarted everything,
and let the LDAP sync run overnight. However, the Admin users were
unable to perform functions that they previously had available. Only
by re-adding the user to the old admin LDAP group was I able to get it
to work. Can anyone tell me what else needs to be done to get the
server to recognize the new mappings?

0 votes

Permanent link
Balaji Krish
JAZZ DEVELOPER (1.8k12) Sep 02 '08, 3:43 p.m.
Did you update server.xml with the new mapping information?

https://jazz.net/wiki/bin/view/Main/LDAP4Dummies describes all the changes you need to make to make to server.xml to map Jazz roles to LDAP role names.

--- Balaji
Jazz Server Team


We decided to refactor our LDAP groups. We originally had one user group mapped to JazzUsers and JazzGuests, and another mapped to JazzAdmins and JazzDWAdmins. We created new LDAP groups so that each Jazz group would have it's own corresponding LDAP group. I changed team.properties to reflect the new mappings, restarted everything, and let the LDAP sync run overnight. However, the Admin users were unable to perform functions that they previously had available. Only by re-adding the user to the old admin LDAP group was I able to get it to work. Can anyone tell me what else needs to be done to get the server to recognize the new mappings?

0 votes

Permanent link
Jay Curtiss
(2122) Sep 02 '08, 3:50 p.m.
That was the link I needed (also got it from Matt via Sametime). I configured this machine two months ago, couldn't remember where that doc was.

0 votes

Your answer

Register or log in to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.

Ask a question
Guidelines
FAQ
Search context
Follow this question

By Email: 

Once you sign in you will be able to subscribe for any updates here.

By RSS:

Answers
Answers and Comments
Question details

Question asked: Sep 02 '08, 12:41 p.m.

Question was seen: 4,154 times

Last updated: Sep 02 '08, 12:41 p.m.

Confirmation Cancel Confirm