RTC 4.0 changing authentication from LDAP to NONLDAP
Currently I have LDAP running on RTC 4.0. I need to change it to local authentication. Since it has LDAP already set, if I change the configuration to NONLDAP how would I then log in to set up new users? Will there be a default login id and password that I can use or do I have to go in and change XML files?
2 answers
Hi Drake,
This is possible, although I haven't tried it, I have thought about what to do. I would suggest to try this on a test system before doing it in production.
Assuming you talk about Tomcat, here the steps, I came up with.
1. Review the tomcat-users.xml. Restore the ADMIN user to the ADMIN roles. The trouble is, you need a user to be able to log on in the tomcat-users.xml. The entry should look like
<user username="ADMIN" password="b521caa6e1db82e5a01c924a419870cb72b81635" roles="JazzUsers,JazzAdmins,JazzProjectAdmins"/>
2. For each user you need, enter a line into the tomcat-users.xml file. The line should look like
<user username="<userid>" password="<some:crypted_password>" fullName="<User Full Name>" roles="<the roles>"/>
You can use repotools -exportUsers to get a source for copy and paste of user ID, fullName and the roles. You can replace <some:crypted_password> with a crypted string you know from any tomcat-users.xml. For example you can use "b521caa6e1db82e5a01c924a419870cb72b81635" for ADMIN. You can also leave it blank and reset the passwords later (if you have e-mail notification set up).
3. Save the current Tomcat/conf/server.xml, and the modified web.xml files in JazzTeamServer\server\tomcat\webapps\<app>\WEB-INF for <app>=jts/ccm/qm (or jazz as context root) not sure about rm. You have to back up only those tat have been replaced when setting up LDAP.
4. Replace the current Tomcat/conf/server.xml, and the modified web.xml files in JazzTeamServer\server\tomcat\webapps\<app>\WEB-INF for <app>=jts/ccm/qm (or jazz as context root) with the original files. The web.xml files can be found in the WAR files.
5. Remove the LDAP settings from the configuration. You might want to back up the old teamserver.properties. You can do that using the LDAP administrator you use today.
6. Restart the server.
7. Login as ADMIN/ADMIN reset the passwords and test everything works. Test some of the users.
I believe this should enable you to switch back from LDAP and keep the users able to work.
This is possible, although I haven't tried it, I have thought about what to do. I would suggest to try this on a test system before doing it in production.
Assuming you talk about Tomcat, here the steps, I came up with.
1. Review the tomcat-users.xml. Restore the ADMIN user to the ADMIN roles. The trouble is, you need a user to be able to log on in the tomcat-users.xml. The entry should look like
<user username="ADMIN" password="b521caa6e1db82e5a01c924a419870cb72b81635" roles="JazzUsers,JazzAdmins,JazzProjectAdmins"/>
2. For each user you need, enter a line into the tomcat-users.xml file. The line should look like
<user username="<userid>" password="<some:crypted_password>" fullName="<User Full Name>" roles="<the roles>"/>
You can use repotools -exportUsers to get a source for copy and paste of user ID, fullName and the roles. You can replace <some:crypted_password> with a crypted string you know from any tomcat-users.xml. For example you can use "b521caa6e1db82e5a01c924a419870cb72b81635" for ADMIN. You can also leave it blank and reset the passwords later (if you have e-mail notification set up).
3. Save the current Tomcat/conf/server.xml, and the modified web.xml files in JazzTeamServer\server\tomcat\webapps\<app>\WEB-INF for <app>=jts/ccm/qm (or jazz as context root) not sure about rm. You have to back up only those tat have been replaced when setting up LDAP.
4. Replace the current Tomcat/conf/server.xml, and the modified web.xml files in JazzTeamServer\server\tomcat\webapps\<app>\WEB-INF for <app>=jts/ccm/qm (or jazz as context root) with the original files. The web.xml files can be found in the WAR files.
5. Remove the LDAP settings from the configuration. You might want to back up the old teamserver.properties. You can do that using the LDAP administrator you use today.
6. Restart the server.
7. Login as ADMIN/ADMIN reset the passwords and test everything works. Test some of the users.
I believe this should enable you to switch back from LDAP and keep the users able to work.
Comments
Thanks for the response, actually the dilemma I am having is the tomcat-users.xml file does not get updated by Jazz Team Server when a change is made in Jazz, regarding, password or roles. So any changes made in Jazz regarding this does not get updated in Tomcat. I have to edit the tomcat-users.xml separately.
Does anyone know why that might be?
Drake, there is an error that appears to make the tomcat usurer read only. Please file a Pmr or look up the work item on this for a work around.
This should explain how to fix the tomcat-users.xml update problem.
http://www-01.ibm.com/support/docview.wss?uid=swg21614661