Jazz + LDAP -> You do not have the required role
Using local user (ADMIN) I config Jazz LDAP parameters:
https://jazz.net/jazzdocs/topic/com.ibm.team.install.doc/topics/c_plan_identity_management.html I saw that instruction (and infocenter) and set up Tomcat to LDAP using JNDIRealm: ---------------- Importing Your New User from LDAP Completing the LDAP configuration step above will enable the Jazz Team Server Setup to automatically import your initial user. Your application server and LDAP server should be configured before you complete this step, and you should be logged into this Setup application as a member of the JazzAdmins role from your LDAP. When you complete this page and click on the 'Next' button, your user will be imported into the repository. Any Client Access Licenses you select below will be assigned to your new user. ---------------- After I change UserDatabaseRealm to JNDIRealm I can't to do this: "you should be logged into this Setup application as a member of the JazzAdmins role from your LDAP. When you complete this page and click on the 'Next' button, your user will be imported into the repository." My user login successful in LDAP, but Jazz show this error (after login): https://localhost:9443/jazz/setup "You do not have the required role to access the Jazz Team Server Setup" https://localhost:9443/jazz/admin "You are not authorized to access the Jazz Team Server Admin UI" |
13 answers
After you change the realm to LDAP, LDAP information will be used for authentication. I think "Admin" user is not part of your JazzAdmins groups in the LDAP directory. So you are not able to login via Admin user id. (btw.. This is the correct approach. Admin user id should be used only for bootstrapping purposes. You should be creating your own Admin user id to manage your system).
Your user id must be part of the JazzAdmins group. Use your id to login to the Jazz database. You will be authenticated using LDAP credentials. If your user id does not exists in Jazz user database, you will logged in as "Admin". Using user management tab, import your user id from LDAP directory. --- Balaji Jazz Server Team Using local user (ADMIN) I config Jazz LDAP parameters: |
LDAP user id? I set the "Jazz to LDAP Group Mapping": JazzAdmins=GVS_AS,JazzUsers=GVS,JazzDWAdmins=GVS_AS,JazzGuests=GVS But I don't know if that is ok. Is there a debug mode?
It doesnt work for me :/... I authenticated in /admin using LDAP credentials... It's OK. But Jazz show this error: "You are not authorized to access the Jazz Team Server Admin UI" |
|
>> LDAP User Id ?
GVS_AS group must contain the user id that you use to login. Would it be possible to try with 4 different groups (don't reuse a group name in LDAP for JazzAdmins and JazzDWAdmins). >> It doesnt work for me :/... >> I authenticated in /admin using LDAP credentials... It's OK. What didn't work ? You said it didn't work but you also mentioned that login to /admin was successful. From the error messages, it looks like a problem with LDAP configuration. I have sent you a document on how to configure LDAP in Tomcat. Please take a look at it and configure LDAP using the steps listed in the document. This document will be published as a tech note soon in jazz.net --- Balaji Jazz Server Team
LDAP user id? I set the "Jazz to LDAP Group Mapping": JazzAdmins=GVS_AS,JazzUsers=GVS,JazzDWAdmins=GVS_AS,JazzGuests=GVS But I don't know if that is ok. Is there a debug mode?
It doesnt work for me :/... I authenticated in /admin using LDAP credentials... It's OK. But Jazz show this error: "You are not authorized to access the Jazz Team Server Admin UI" |
|
Hi balajik,
After I config the web.xml (only it), login worked! His technote helped a lot, the link below doesn't comment about the web.xml: https://jazz.net/jazzdocs/topic/com.ibm.team.install.doc/topics/c_plan_identity_management.html Thanks |
|
I only have a small problem yet: the "Import Users" dont show anyone, but all users has successfull login in Team Concert.
The "Import Users" uses a different configuration of login? (LDAP login) |
|
Are you using the first / last name to search in Import Users dialog ?
--- Balaji Jazz Server Team I only have a small problem yet: the "Import Users" dont show anyone, but all users has successfull login in Team Concert. |
|
The tech note is published on jazz.net.
https://jazz.net/learn/LearnItem.jsp?href=content/tech-notes/jazz-team-server-1_0-user-management-in-tomcat/index.html talks about configuring LDAP auth realm in Tomcat. ---- Balaji Jazz Server Team Hi balajik, |
The tech note is published on jazz.net. Balaji, Fix it:
The correct is:
security-constraint don't have role-name tag: ELEMENT security-constraint (display-name?, web-resource-collection+, auth-constraint?, user-data-constraint?) reference: http://java.sun.com/dtd/web-app_2_3.dtd This role-name is children of auth-constraint: ELEMENT auth-constraint (description?, role-name*) |
Are you using the first / last name to search in Import Users dialog ? hmmm, it is difficult to explain without sending screen I can't type anything in Import Users dialog. See the screen in your mail. |
|
This is a known bug in IE.
Use firefox and you will see a text box to enter the values. I believe the problem is fixed in 1.0.1 --- Balaji Jazz Server Team. Are you using the first / last name to search in Import Users dialog ? hmmm, it is difficult to explain without sending screen I can't type anything in Import Users dialog. See the screen in your mail. |
Your answer
Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.