Jazz + LDAP -> You do not have the required role
Using local user (ADMIN) I config Jazz LDAP parameters:
https://jazz.net/jazzdocs/topic/com.ibm.team.install.doc/topics/c_plan_identity_management.html
I saw that instruction (and infocenter) and set up Tomcat to LDAP using JNDIRealm:
----------------
Importing Your New User from LDAP
Completing the LDAP configuration step above will enable the Jazz Team Server Setup to automatically import your initial user. Your application server and LDAP server should be configured before you complete this step, and you should be logged into this Setup application as a member of the JazzAdmins role from your LDAP. When you complete this page and click on the 'Next' button, your user will be imported into the repository. Any Client Access Licenses you select below will be assigned to your new user.
----------------
After I change UserDatabaseRealm to JNDIRealm I can't to do this: "you should be logged into this Setup application as a member of the JazzAdmins role from your LDAP. When you complete this page and click on the 'Next' button, your user will be imported into the repository."
My user login successful in LDAP, but Jazz show this error (after login):
https://localhost:9443/jazz/setup
"You do not have the required role to access the Jazz Team Server Setup"
https://localhost:9443/jazz/admin
"You are not authorized to access the Jazz Team Server Admin UI"
https://jazz.net/jazzdocs/topic/com.ibm.team.install.doc/topics/c_plan_identity_management.html
I saw that instruction (and infocenter) and set up Tomcat to LDAP using JNDIRealm:
----------------
Importing Your New User from LDAP
Completing the LDAP configuration step above will enable the Jazz Team Server Setup to automatically import your initial user. Your application server and LDAP server should be configured before you complete this step, and you should be logged into this Setup application as a member of the JazzAdmins role from your LDAP. When you complete this page and click on the 'Next' button, your user will be imported into the repository. Any Client Access Licenses you select below will be assigned to your new user.
----------------
After I change UserDatabaseRealm to JNDIRealm I can't to do this: "you should be logged into this Setup application as a member of the JazzAdmins role from your LDAP. When you complete this page and click on the 'Next' button, your user will be imported into the repository."
My user login successful in LDAP, but Jazz show this error (after login):
https://localhost:9443/jazz/setup
"You do not have the required role to access the Jazz Team Server Setup"
https://localhost:9443/jazz/admin
"You are not authorized to access the Jazz Team Server Admin UI"
13 answers
Yes, it should be under auth-constraint.
The tech note was published before I could fix the issue. We will fix the issue in couple of days.
--- Balaji
Jazz Server Team
Balaji,
Fix it:
The correct is:
security-constraint don't have role-name tag:
ELEMENT security-constraint (display-name?, web-resource-collection+,
auth-constraint?, user-data-constraint?)
reference: http://java.sun.com/dtd/web-app_2_3.dtd
This role-name is children of auth-constraint:
ELEMENT auth-constraint (description?, role-name*)
The tech note was published before I could fix the issue. We will fix the issue in couple of days.
--- Balaji
Jazz Server Team
The tech note is published on jazz.net.
https://jazz.net/learn/LearnItem.jsp?href=content/tech-notes/jazz-team-server-1_0-user-management-in-tomcat/index.html talks about configuring LDAP auth realm in Tomcat.
---- Balaji
Jazz Server Team
Balaji,
Fix it:
security-constraint
...
auth-constraint
role-name JazzAdmins role-name
auth-constraint
role-name [LDAP Group for Jazz admins] role-name
...
security-constraint
The correct is:
security-constraint
...
auth-constraint
role-name JazzAdmins role-name
role-name [LDAP Group for Jazz admins] role-name
auth-constraint
...
security-constraint
security-constraint don't have role-name tag:
ELEMENT security-constraint (display-name?, web-resource-collection+,
auth-constraint?, user-data-constraint?)
reference: http://java.sun.com/dtd/web-app_2_3.dtd
This role-name is children of auth-constraint:
ELEMENT auth-constraint (description?, role-name*)
Yes, it should be under auth-constraint.
The tech note was published before I could fix the issue. We will fix the issue in couple of days.
--- Balaji
Jazz Server Team
The tech note is published on jazz.net.
https://jazz.net/learn/LearnItem.jsp?href=content/tech-notes/jazz-team-server-1_0-user-management-in-tomcat/index.html talks about configuring LDAP auth realm in Tomcat.
---- Balaji
Jazz Server Team
Balaji,
Fix it:
security-constraint
...
auth-constraint
role-name JazzAdmins role-name
auth-constraint
role-name [LDAP Group for Jazz admins] role-name
...
security-constraint
The correct is:
security-constraint
...
auth-constraint
role-name JazzAdmins role-name
role-name [LDAP Group for Jazz admins] role-name
auth-constraint
...
security-constraint
security-constraint don't have role-name tag:
ELEMENT security-constraint (display-name?, web-resource-collection+,
auth-constraint?, user-data-constraint?)
reference: http://java.sun.com/dtd/web-app_2_3.dtd
This role-name is children of auth-constraint:
ELEMENT auth-constraint (description?, role-name*)
Why does the actual LDAP group instance need to appear in the role-name definitions? I would think only the role-name definition would need to appear - e.g. JazzUsers, JazzAdmin, etc
page 2of 1 pagesof 2 pages