It's all about the answers!

Ask a question

RTC 4.0 changing authentication from LDAP to NONLDAP


Drake Brown (3634) | asked Oct 05 '12, 1:22 p.m.
Currently I have LDAP running on RTC 4.0.  I need to change it to local authentication.  Since it has LDAP already set, if I change the configuration to NONLDAP how would I then log in to set up new users?  Will there be a default login id and password that I can use or do I have to go in and change XML files?

2 answers



permanent link
Ralph Schoon (63.1k33645) | answered Oct 11 '12, 1:52 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER
I can only guess. Did you replace back the server.xml and the web.inf files that you had to copy over when setting up LDAP?

permanent link
Ralph Schoon (63.1k33645) | answered Oct 08 '12, 9:36 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER
edited Dec 27 '12, 5:11 p.m.
Hi Drake,

This is possible, although I haven't tried it, I have thought about what to do. I would suggest to try this on a test system before doing it in production.

Assuming you talk about Tomcat, here the steps, I came up with.
1. Review the tomcat-users.xml. Restore the ADMIN user to the ADMIN roles. The trouble is, you need a user to be able to log on in the tomcat-users.xml. The entry should look like

 <user username="ADMIN" password="b521caa6e1db82e5a01c924a419870cb72b81635" roles="JazzUsers,JazzAdmins,JazzProjectAdmins"/>

2. For each user you need, enter a line into the tomcat-users.xml file. The line should look like
 <user username="<userid>" password="<some:crypted_password>" fullName="<User Full Name>" roles="<the roles>"/>

You can use repotools -exportUsers to get a source for copy and paste of user ID, fullName and the roles. You can replace <some:crypted_password> with a crypted string you know from any tomcat-users.xml. For example you can use "b521caa6e1db82e5a01c924a419870cb72b81635"  for ADMIN. You can also leave it blank and reset the passwords later (if you have e-mail notification set up).

3. Save the current Tomcat/conf/server.xml, and the modified web.xml files in JazzTeamServer\server\tomcat\webapps\<app>\WEB-INF for <app>=jts/ccm/qm (or jazz as context root) not sure about rm. You have to back up only those tat have been replaced when setting up LDAP.

4. Replace the current Tomcat/conf/server.xml, and the modified web.xml files in JazzTeamServer\server\tomcat\webapps\<app>\WEB-INF for <app>=jts/ccm/qm (or jazz as context root) with the original files. The web.xml files can be found in the WAR files.

5. Remove the LDAP settings from the configuration. You might want to back up the old teamserver.properties. You can do that using the LDAP administrator you use today.

6. Restart the server.

7. Login as ADMIN/ADMIN reset the passwords and test everything works. Test some of the users.

I believe this should enable you to switch back from LDAP and keep the users able to work.


Comments
Drake Brown commented Oct 10 '12, 6:10 p.m.

Thanks for the response, actually the dilemma I am having is the tomcat-users.xml file does not get updated by Jazz Team Server when a change is made in Jazz, regarding, password or roles.  So any changes made in Jazz regarding this does not get updated in Tomcat.  I have to edit the tomcat-users.xml separately.

Does anyone know why that might be?


Ralph Schoon commented Dec 19 '12, 5:48 p.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER

Drake, there is an error that appears to make the tomcat usurer read only. Please file a Pmr or look up the work item on this for a work around. 


Karl Weinert commented Dec 27 '12, 7:15 p.m.
JAZZ DEVELOPER

This should explain how to fix the tomcat-users.xml update problem.
http://www-01.ibm.com/support/docview.wss?uid=swg21614661

Your answer


Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.