Jazz + LDAP -> You do not have the required role
Using local user (ADMIN) I config Jazz LDAP parameters:
https://jazz.net/jazzdocs/topic/com.ibm.team.install.doc/topics/c_plan_identity_management.html
I saw that instruction (and infocenter) and set up Tomcat to LDAP using JNDIRealm:
----------------
Importing Your New User from LDAP
Completing the LDAP configuration step above will enable the Jazz Team Server Setup to automatically import your initial user. Your application server and LDAP server should be configured before you complete this step, and you should be logged into this Setup application as a member of the JazzAdmins role from your LDAP. When you complete this page and click on the 'Next' button, your user will be imported into the repository. Any Client Access Licenses you select below will be assigned to your new user.
----------------
After I change UserDatabaseRealm to JNDIRealm I can't to do this: "you should be logged into this Setup application as a member of the JazzAdmins role from your LDAP. When you complete this page and click on the 'Next' button, your user will be imported into the repository."
My user login successful in LDAP, but Jazz show this error (after login):
https://localhost:9443/jazz/setup
"You do not have the required role to access the Jazz Team Server Setup"
https://localhost:9443/jazz/admin
"You are not authorized to access the Jazz Team Server Admin UI"
https://jazz.net/jazzdocs/topic/com.ibm.team.install.doc/topics/c_plan_identity_management.html
I saw that instruction (and infocenter) and set up Tomcat to LDAP using JNDIRealm:
----------------
Importing Your New User from LDAP
Completing the LDAP configuration step above will enable the Jazz Team Server Setup to automatically import your initial user. Your application server and LDAP server should be configured before you complete this step, and you should be logged into this Setup application as a member of the JazzAdmins role from your LDAP. When you complete this page and click on the 'Next' button, your user will be imported into the repository. Any Client Access Licenses you select below will be assigned to your new user.
----------------
After I change UserDatabaseRealm to JNDIRealm I can't to do this: "you should be logged into this Setup application as a member of the JazzAdmins role from your LDAP. When you complete this page and click on the 'Next' button, your user will be imported into the repository."
My user login successful in LDAP, but Jazz show this error (after login):
https://localhost:9443/jazz/setup
"You do not have the required role to access the Jazz Team Server Setup"
https://localhost:9443/jazz/admin
"You are not authorized to access the Jazz Team Server Admin UI"
13 answers
After you change the realm to LDAP, LDAP information will be used for authentication. I think "Admin" user is not part of your JazzAdmins groups in the LDAP directory. So you are not able to login via Admin user id. (btw.. This is the correct approach. Admin user id should be used only for bootstrapping purposes. You should be creating your own Admin user id to manage your system).
Your user id must be part of the JazzAdmins group. Use your id to login to the Jazz database. You will be authenticated using LDAP credentials. If your user id does not exists in Jazz user database, you will logged in as "Admin". Using user management tab, import your user id from LDAP directory.
--- Balaji
Jazz Server Team
Your user id must be part of the JazzAdmins group. Use your id to login to the Jazz database. You will be authenticated using LDAP credentials. If your user id does not exists in Jazz user database, you will logged in as "Admin". Using user management tab, import your user id from LDAP directory.
--- Balaji
Jazz Server Team
Using local user (ADMIN) I config Jazz LDAP parameters:
https://jazz.net/jazzdocs/topic/com.ibm.team.install.doc/topics/c_plan_identity_management.html
I saw that instruction (and infocenter) and set up Tomcat to LDAP using JNDIRealm:
----------------
Importing Your New User from LDAP
Completing the LDAP configuration step above will enable the Jazz Team Server Setup to automatically import your initial user. Your application server and LDAP server should be configured before you complete this step, and you should be logged into this Setup application as a member of the JazzAdmins role from your LDAP. When you complete this page and click on the 'Next' button, your user will be imported into the repository. Any Client Access Licenses you select below will be assigned to your new user.
----------------
After I change UserDatabaseRealm to JNDIRealm I can't to do this: "you should be logged into this Setup application as a member of the JazzAdmins role from your LDAP. When you complete this page and click on the 'Next' button, your user will be imported into the repository."
My user login successful in LDAP, but Jazz show this error (after login):
https://localhost:9443/jazz/setup
"You do not have the required role to access the Jazz Team Server Setup"
https://localhost:9443/jazz/admin
"You are not authorized to access the Jazz Team Server Admin UI"
I think "Admin" user is not part of your JazzAdmins groups in the LDAP directory. So you are not able to login via Admin user id.
...
Your user id must be part of the JazzAdmins group.
LDAP user id?
I set the "Jazz to LDAP Group Mapping":
JazzAdmins=GVS_AS,JazzUsers=GVS,JazzDWAdmins=GVS_AS,JazzGuests=GVS
But I don't know if that is ok. Is there a debug mode?
Use your id to login to the Jazz database. You will be authenticated using LDAP credentials. If your user id does not exists in Jazz user database, you will logged in as "Admin". Using user management tab, import your user id from LDAP directory.
It doesnt work for me :/...
I authenticated in /admin using LDAP credentials... It's OK.
But Jazz show this error:
"You are not authorized to access the Jazz Team Server Admin UI"
>> LDAP User Id ?
GVS_AS group must contain the user id that you use to login.
Would it be possible to try with 4 different groups (don't reuse a group name in LDAP for JazzAdmins and JazzDWAdmins).
>> It doesnt work for me :/...
>> I authenticated in /admin using LDAP credentials... It's OK.
What didn't work ? You said it didn't work but you also mentioned that login to /admin was successful.
From the error messages, it looks like a problem with LDAP configuration.
I have sent you a document on how to configure LDAP in Tomcat. Please take a look at it and configure LDAP using the steps listed in the document. This document will be published as a tech note soon in jazz.net
--- Balaji
Jazz Server Team
LDAP user id?
I set the "Jazz to LDAP Group Mapping":
JazzAdmins=GVS_AS,JazzUsers=GVS,JazzDWAdmins=GVS_AS,JazzGuests=GVS
But I don't know if that is ok. Is there a debug mode?
It doesnt work for me :/...
I authenticated in /admin using LDAP credentials... It's OK.
But Jazz show this error:
"You are not authorized to access the Jazz Team Server Admin UI"
GVS_AS group must contain the user id that you use to login.
Would it be possible to try with 4 different groups (don't reuse a group name in LDAP for JazzAdmins and JazzDWAdmins).
>> It doesnt work for me :/...
>> I authenticated in /admin using LDAP credentials... It's OK.
What didn't work ? You said it didn't work but you also mentioned that login to /admin was successful.
From the error messages, it looks like a problem with LDAP configuration.
I have sent you a document on how to configure LDAP in Tomcat. Please take a look at it and configure LDAP using the steps listed in the document. This document will be published as a tech note soon in jazz.net
--- Balaji
Jazz Server Team
I think "Admin" user is not part of your JazzAdmins groups in the LDAP directory. So you are not able to login via Admin user id.
...
Your user id must be part of the JazzAdmins group.
LDAP user id?
I set the "Jazz to LDAP Group Mapping":
JazzAdmins=GVS_AS,JazzUsers=GVS,JazzDWAdmins=GVS_AS,JazzGuests=GVS
But I don't know if that is ok. Is there a debug mode?
Use your id to login to the Jazz database. You will be authenticated using LDAP credentials. If your user id does not exists in Jazz user database, you will logged in as "Admin". Using user management tab, import your user id from LDAP directory.
It doesnt work for me :/...
I authenticated in /admin using LDAP credentials... It's OK.
But Jazz show this error:
"You are not authorized to access the Jazz Team Server Admin UI"
Are you using the first / last name to search in Import Users dialog ?
--- Balaji
Jazz Server Team
--- Balaji
Jazz Server Team
I only have a small problem yet: the "Import Users" dont show anyone, but all users has successfull login in Team Concert.
The "Import Users" uses a different configuration of login? (LDAP login)
The tech note is published on jazz.net.
https://jazz.net/learn/LearnItem.jsp?href=content/tech-notes/jazz-team-server-1_0-user-management-in-tomcat/index.html talks about configuring LDAP auth realm in Tomcat.
---- Balaji
Jazz Server Team
https://jazz.net/learn/LearnItem.jsp?href=content/tech-notes/jazz-team-server-1_0-user-management-in-tomcat/index.html talks about configuring LDAP auth realm in Tomcat.
---- Balaji
Jazz Server Team
Hi balajik,
After I config the web.xml (only it), login worked! His technote helped a lot, the link below doesn't comment about the web.xml:
https://jazz.net/jazzdocs/topic/com.ibm.team.install.doc/topics/c_plan_identity_management.html
Thanks
The tech note is published on jazz.net.
https://jazz.net/learn/LearnItem.jsp?href=content/tech-notes/jazz-team-server-1_0-user-management-in-tomcat/index.html talks about configuring LDAP auth realm in Tomcat.
---- Balaji
Jazz Server Team
Balaji,
Fix it:
security-constraint
...
auth-constraint
role-name JazzAdmins role-name
auth-constraint
role-name [LDAP Group for Jazz admins] role-name
...
security-constraint
The correct is:
security-constraint
...
auth-constraint
role-name JazzAdmins role-name
role-name [LDAP Group for Jazz admins] role-name
auth-constraint
...
security-constraint
security-constraint don't have role-name tag:
ELEMENT security-constraint (display-name?, web-resource-collection+,
auth-constraint?, user-data-constraint?)
reference: http://java.sun.com/dtd/web-app_2_3.dtd
This role-name is children of auth-constraint:
ELEMENT auth-constraint (description?, role-name*)
This is a known bug in IE.
Use firefox and you will see a text box to enter the values. I believe the problem is fixed in 1.0.1
--- Balaji
Jazz Server Team.
hmmm,
it is difficult to explain without sending screen
I can't type anything in Import Users dialog.
See the screen in your mail.
Use firefox and you will see a text box to enter the values. I believe the problem is fixed in 1.0.1
--- Balaji
Jazz Server Team.
Are you using the first / last name to search in Import Users dialog ?
hmmm,
it is difficult to explain without sending screen
I can't type anything in Import Users dialog.
See the screen in your mail.
page 1of 1 pagesof 2 pages