It's all about the answers!

Ask a question

Read-only LDAP server causes problems?


Harry Koehnemann (30125238) | asked Sep 23 '08, 1:53 a.m.
Hi. I had a repository working fine and switched to LDAP auth. Access to the LDAP server is read-only. I can import users fine. But the Repository Permissions for those users are greyed-out with a note saying "You are using a directory service that is not writable. User roles cannot be modified". The users do have an RTC Developer license.

When I try to create a Project Area from one of the users, I receive the error:

Permission denied.
The user "harryk" is not authorized to create a project area in the repository. The "JazzAdmins" role is required to perform this operation.

I am guessing the problem is caused by the fact the user has no repository rights and they cannot be added because the LDAP server is read-only. Correct? Read-only LDAP won't work for RTC?

Thanks for the help.

2 answers



permanent link
Matt Lavin (2.7k2) | answered Sep 23 '08, 11:39 a.m.
FORUM MODERATOR / JAZZ DEVELOPER
A read only LDAP server should not cause any problems for RTC. RTC
doesn't write back to any LDAP server, and that's why the user editor
does not allow you to edit the roles of a user.

If you would like a user to be in a particular role, then you should
talk to your LDAP system admin about putting the user in the group that
you have mapped to the JazzAdmins role.


Matt Lavin
Jazz Server Team


harryk wrote:
Hi. I had a repository working fine and switched to LDAP auth.
Access to the LDAP server is read-only. I can import users fine.
But the Repository Permissions for those users are greyed-out with a
note saying "You are using a directory service that is not
writable. User roles cannot be modified". The users do have an
RTC Developer license.

When I try to create a Project Area from one of the users, I receive
the error:

Permission denied.
The user "harryk" is not authorized to create a project area
in the repository. The "JazzAdmins" role is required to
perform this operation.

I am guessing the problem is caused by the fact the user has no
repository rights and they cannot be added because the LDAP server is
read-only. Correct? Read-only LDAP won't work for RTC?

Thanks for the help.

permanent link
Barry Graham (106173) | answered Jan 18 '10, 3:12 p.m.
Hi. I had a repository working fine and switched to LDAP auth. Access to the LDAP server is read-only. I can import users fine. But the Repository Permissions for those users are greyed-out with a note saying "You are using a directory service that is not writable. User roles cannot be modified". The users do have an RTC Developer license.

When I try to create a Project Area from one of the users, I receive the error:

Permission denied.
The user "harryk" is not authorized to create a project area in the repository. The "JazzAdmins" role is required to perform this operation.

I am guessing the problem is caused by the fact the user has no repository rights and they cannot be added because the LDAP server is read-only. Correct? Read-only LDAP won't work for RTC?

Thanks for the help.


I had a similar issue, in that my users had the correct permissions, and worked properly, but you could not see the permissions for each user, rather like in this support note

http://www-01.ibm.com/support/docview.wss?uid=swg21396140

however the system was set up to use LDAP. I resolved this issue, it turned out I had put the wrong attribute for the group members attribute at the bottom of the LDAP setup page, and also you need to make sure, when doing the mappings from jazz groups to LDAP groups, that you maintain the case sensitivity of the group name.

Your answer


Register or to post your answer.